{"id":6847,"date":"2017-11-22T04:51:57","date_gmt":"2017-11-22T12:51:57","guid":{"rendered":"https:\/\/www.privateinternetaccess.com\/blog\/?p=6847"},"modified":"2021-08-03T06:52:26","modified_gmt":"2021-08-03T13:52:26","slug":"latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts","status":"publish","type":"post","link":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/","title":{"rendered":"The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts"},"content":{"rendered":"<p>Last week, Privacy News Online reported on a worrying trend of increased <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/welcome-brave-new-world-workplace-surveillance\/\">surveillance in the workplace<\/a>. This kind of spying includes capturing every keystroke workers make. The practice is regarded in many jurisdictions as acceptable because people are working on equipment provided by their employer, and use it to carry out tasks for the company that pays their wages. So the logic is that an employer has permission to check that the equipment is being used properly, and that employees are working diligently. But a blog post on the Freedom to Tinker blog reveals that <a href=\"https:\/\/freedom-to-tinker.com\/2017\/11\/15\/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts\/\">keystroke capture and more<\/a> is taking place on public websites too:<\/p>\n<blockquote><p>\u201cYou may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use \u201csession replay\u201d scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.\u201d<\/p><\/blockquote>\n<p>The researchers looked at services from <a href=\"https:\/\/yandex.com\/\">Yandex<\/a>, <a href=\"https:\/\/www.fullstory.com\/\">FullStory<\/a>, <a href=\"https:\/\/www.hotjar.com\/\">Hotjar<\/a>, <a href=\"https:\/\/userreplay.com\/\">UserReplay<\/a>, <a href=\"https:\/\/www.smartlook.com\/\">Smartlook<\/a>, <a href=\"https:\/\/contentsquare.com\/clicktale\/\">Clicktale<\/a>, and <a href=\"https:\/\/sessioncam.com\/\">SessionCam<\/a>. They found the named services in use on 482 of the Alexa top 50,000 sites, but just one of them \u2013 Yandex \u2013 says that its <a href=\"https:\/\/metrica.yandex.com\/about?\">Yandex.Metrica product is on 8 million sites<\/a>, so the number of websites using this technology globally is probably even higher. <a href=\"https:\/\/www.fullstory.com\/platform\/\">Adding constant surveillance is simple<\/a>: FullStory claims \u201cOne small snippet records every user action. No maintenance and no manual tagging.\u201d The key feature offered by all these companies is session replay, <a href=\"https:\/\/metrica.yandex.com\/about\/info\/behavior\">described here by Yandex<\/a>:<\/p>\n<blockquote><p>\u201cFind the \u201cwhy\u201d behind every lost conversion by seeing how people interact with your site, such as with video footage. Clicks, scrolls, keystrokes, and mouse movements are all recorded in a single informative movie. Get an all-round view by looking at desktop, mobile, and logged-in sessions. Never miss something interesting with up to 150,000 recordings per day.\u201d<\/p><\/blockquote>\n<p>Some services also enable mobile device gestures to be captured, including <a href=\"https:\/\/contentsquare.com\/clicktale\/\">pinch, zoom, tap, double tap, swipe and tilt<\/a>. As a result, huge quantities of personal data from computing use can be gathered and stored. <a href=\"https:\/\/metrica.yandex.com\/about?\">Yandex says<\/a>:<\/p>\n<blockquote><p>\u201cSend any amount of data to Yandex.Metrica and handle it the way you want: adjust the sampling rate to get reports faster, or use unsampled data for maximum accuracy. Storage time is unlimited, too \u2013 no matter how much data you have.\u201d<\/p><\/blockquote>\n<p>Once gathered, the data is often intensively analyzed in order to understand \u201c<a href=\"https:\/\/contentsquare.com\/clicktale\/\">digital consumer psychology<\/a>\u201c. Perhaps inevitably, machine learning algorithms are applied increasingly, in order to \u201cautomate the discovery of signatures left by struggling customers and determine whether the detected anomalies represent significant revenue opportunities.\u201d The idea of identifying \u201cstruggling customers\u201d, together with \u201ckey journeys\u201d and \u201ccustomer funnels\u201d, as many services <a href=\"https:\/\/sessioncam.com\/\">promise<\/a>, is natural enough for Websites that wish to maximize online sales. But the Freedom to Tinker post reveals that this kind of commercial surveillance brings with it major privacy problems:<\/p>\n<blockquote><p>\u201cCollection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes.\u201d<\/p><\/blockquote>\n<p>While it is true that services offer manual and automatic redaction tools to stop sensitive information from being collected, the Freedom to Tinker blog post points out that applying them in real-world situations is a mammoth task that realistically few website owners will undertake. As a result, the Freedom to Tinker researchers found a number of serious issues in their tests.<\/p>\n<p>For example, passwords may be included in session recordings, even though the services attempted to prevent this. Similarly, despite the use of redaction tools, sensitive user inputs are masked in a partial and imperfect way. Moreover, the redaction tools only applied to user input: they did nothing to hide sensitive information that may be present on the Web page that is captured and stored. For example, on one site selling medicines, the researchers found that medical conditions and prescriptions are leaked along with the names of users.<\/p>\n<p>A more general problem with all these session-replay services is that they gather and store large quantities of highly personal data. There are bound to be concerns about the security of personal data held by the companies providing the services. <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/two-ways-help-preserve-privacy-age-massive-leaks-deep-hacks\/\">Leaks on a massive scale<\/a> are now commonplace, so assurances that such information is safe can hardly be relied upon. On top of that, the researchers found that some playbacks of recorded sessions took place within an HTTP page, even for recordings of user actions on a page originally sent via HTTPS. This means that data that was previously protected by HTTPS is now vulnerable to passive network surveillance, making privacy breaches more likely.<\/p>\n<p>Although the desire to monitor how visitors are using websites is natural enough, and can be beneficial for users, the approaches discussed above seem disproportionate. It is therefore likely that they will fall foul of the European Union\u2019s new General Data Protection Regulation, which will be enforced from next May. As a useful <a href=\"https:\/\/bigbrotherwatch.org.uk\/wp-content\/uploads\/2017\/10\/7-data-protection-principles.pdf\">information sheet from Big Brother Watch<\/a> explains, key elements of the new law include a requirement that personal data can only be collected if an organization has explicitly asked for and received consent, telling people in detail how their data will be used. Personal data must be gathered for a specific, explicit and legitimate purpose, and must be adequate, relevant and limited to the purpose of the processing \u2013 general collection is not allowed. An important new principle of accountability says that companies must not only comply with the EU law, they must show they are complying properly. It is hard to see how many of these services offering complete session replays will be able to operate in the EU without drastically limiting their data collection habits.<\/p>\n<p>Featured image by <a href=\"https:\/\/commons.wikimedia.org\/wiki\/File:Ton_S.b,_tape_unit.jpg\">George Shuklin<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last week, Privacy News Online reported on a worrying trend of increased surveillance in the workplace. This kind of spying includes capturing every keystroke workers make. The practice is regarded in many jurisdictions as acceptable because people are working on equipment provided by their employer, and use it to carry out tasks for the company &hellip; <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts&#8221;<\/span><\/a><\/p>\n","protected":false},"author":20,"featured_media":6849,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_stopmodifiedupdate":true,"_modified_date":"","footnotes":""},"categories":[12,1,1941],"tags":[200,485,703,709,51],"class_list":["post-6847","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-news","category-surveillance","tag-eu","tag-gdpr","tag-keystroke-capture","tag-machine-learning","tag-surveillance"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts<\/title>\n<meta name=\"description\" content=\"Last week, Privacy News Online reported on a worrying trend of increased surveillance in the workplace. This kind of spying includes capturing every\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts\" \/>\n<meta property=\"og:description\" content=\"Last week, Privacy News Online reported on a worrying trend of increased surveillance in the workplace. This kind of spying includes capturing every\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/\" \/>\n<meta property=\"og:site_name\" content=\"PIA\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/privateinternetaccess\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-11-22T12:51:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-03T13:52:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2017\/11\/Ton_S.b_tape_unit.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1252\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Glyn Moody\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@http:\/\/twitter.com\/glynmoody\" \/>\n<meta name=\"twitter:site\" content=\"@buyvpnservice\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Glyn Moody\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/\"},\"author\":{\"name\":\"Glyn Moody\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775\"},\"headline\":\"The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts\",\"datePublished\":\"2017-11-22T12:51:57+00:00\",\"dateModified\":\"2021-08-03T13:52:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/\"},\"wordCount\":1039,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2017\/11\/Ton_S.b_tape_unit.jpg\",\"keywords\":[\"EU\",\"gdpr\",\"keystroke capture\",\"machine learning\",\"surveillance\"],\"articleSection\":[\"Cybersecurity\",\"General Privacy News\",\"Surveillance\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/\",\"name\":\"The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2017\/11\/Ton_S.b_tape_unit.jpg\",\"datePublished\":\"2017-11-22T12:51:57+00:00\",\"dateModified\":\"2021-08-03T13:52:26+00:00\",\"description\":\"Last week, Privacy News Online reported on a worrying trend of increased surveillance in the workplace. This kind of spying includes capturing every\",\"breadcrumb\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#primaryimage\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2017\/11\/Ton_S.b_tape_unit.jpg\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2017\/11\/Ton_S.b_tape_unit.jpg\",\"width\":1252,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.privateinternetaccess.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"name\":\"PIA\",\"description\":\"Online privacy news from around the world.\",\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\",\"name\":\"Private Internet Access\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"width\":1200,\"height\":1200,\"caption\":\"Private Internet Access\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/privateinternetaccess\/\",\"https:\/\/x.com\/buyvpnservice\",\"https:\/\/www.instagram.com\/piavpn\/\",\"https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775\",\"name\":\"Glyn Moody\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g\",\"caption\":\"Glyn Moody\"},\"description\":\"Glyn Moody is a freelance journalist who writes and speaks about privacy, surveillance, digital rights, open source, copyright, patents and general policy issues involving digital technology. He started covering the business use of the Internet in 1994, and wrote the first mainstream feature about Linux, which appeared in Wired in August 1997. His book, \\\"Rebel Code,\\\" is the first and only detailed history of the rise of open source, while his subsequent work, \\\"The Digital Code of Life,\\\" explores bioinformatics - the intersection of computing with genomics.\",\"sameAs\":[\"http:\/\/opendotdotdot.blogspot.com\/\",\"https:\/\/www.linkedin.com\/in\/glynmoody\/\",\"https:\/\/x.com\/http:\/\/twitter.com\/glynmoody\"],\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/author\/glynmoody\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts","description":"Last week, Privacy News Online reported on a worrying trend of increased surveillance in the workplace. This kind of spying includes capturing every","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/","og_locale":"en_US","og_type":"article","og_title":"The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts","og_description":"Last week, Privacy News Online reported on a worrying trend of increased surveillance in the workplace. This kind of spying includes capturing every","og_url":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/","og_site_name":"PIA","article_publisher":"https:\/\/www.facebook.com\/privateinternetaccess\/","article_published_time":"2017-11-22T12:51:57+00:00","article_modified_time":"2021-08-03T13:52:26+00:00","og_image":[{"width":1252,"height":1024,"url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2017\/11\/Ton_S.b_tape_unit.jpg","type":"image\/jpeg"}],"author":"Glyn Moody","twitter_card":"summary_large_image","twitter_creator":"@http:\/\/twitter.com\/glynmoody","twitter_site":"@buyvpnservice","twitter_misc":{"Written by":"Glyn Moody","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#article","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/"},"author":{"name":"Glyn Moody","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775"},"headline":"The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts","datePublished":"2017-11-22T12:51:57+00:00","dateModified":"2021-08-03T13:52:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/"},"wordCount":1039,"commentCount":2,"publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2017\/11\/Ton_S.b_tape_unit.jpg","keywords":["EU","gdpr","keystroke capture","machine learning","surveillance"],"articleSection":["Cybersecurity","General Privacy News","Surveillance"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/","name":"The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#primaryimage"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2017\/11\/Ton_S.b_tape_unit.jpg","datePublished":"2017-11-22T12:51:57+00:00","dateModified":"2021-08-03T13:52:26+00:00","description":"Last week, Privacy News Online reported on a worrying trend of increased surveillance in the workplace. This kind of spying includes capturing every","breadcrumb":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#primaryimage","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2017\/11\/Ton_S.b_tape_unit.jpg","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2017\/11\/Ton_S.b_tape_unit.jpg","width":1252,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.privateinternetaccess.com\/blog\/latest-threat-online-privacy-exfiltration-personal-data-website-session-replay-scripts\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.privateinternetaccess.com\/blog\/"},{"@type":"ListItem","position":2,"name":"The latest threat to your online privacy: exfiltration of personal data by website session-replay scripts"}]},{"@type":"WebSite","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website","url":"https:\/\/www.privateinternetaccess.com\/blog\/","name":"PIA","description":"Online privacy news from around the world.","publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization","name":"Private Internet Access","url":"https:\/\/www.privateinternetaccess.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","width":1200,"height":1200,"caption":"Private Internet Access"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/privateinternetaccess\/","https:\/\/x.com\/buyvpnservice","https:\/\/www.instagram.com\/piavpn\/","https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w"]},{"@type":"Person","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/99ba810662cdf92245f61106c0c29775","name":"Glyn Moody","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/220b7317aa40ea679b23b79c368761eb6fd45039d978354b06dc7683a812d2fc?s=96&d=mm&r=g","caption":"Glyn Moody"},"description":"Glyn Moody is a freelance journalist who writes and speaks about privacy, surveillance, digital rights, open source, copyright, patents and general policy issues involving digital technology. He started covering the business use of the Internet in 1994, and wrote the first mainstream feature about Linux, which appeared in Wired in August 1997. His book, \"Rebel Code,\" is the first and only detailed history of the rise of open source, while his subsequent work, \"The Digital Code of Life,\" explores bioinformatics - the intersection of computing with genomics.","sameAs":["http:\/\/opendotdotdot.blogspot.com\/","https:\/\/www.linkedin.com\/in\/glynmoody\/","https:\/\/x.com\/http:\/\/twitter.com\/glynmoody"],"url":"https:\/\/www.privateinternetaccess.com\/blog\/author\/glynmoody\/"}]}},"_links":{"self":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/6847","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/comments?post=6847"}],"version-history":[{"count":13,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/6847\/revisions"}],"predecessor-version":[{"id":29802,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/6847\/revisions\/29802"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media\/6849"}],"wp:attachment":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media?parent=6847"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/categories?post=6847"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/tags?post=6847"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}