Researchers found that 482 sites contain session replay scripts, which were provided to their owners by third-party analytical services. Initially, such tools were designed to improve the user experience, allowing companies to study up on their users and to better comply with their needs. However, such scripts enable hacker to reproduce the entire session of the user, including every click, scrolling and keystrokes.
Experts admit that these sites almost never warn their visitors of using such obsessive methods of monitoring. Moreover, the real number of such sites should far exceed the several hundred of that being studied, since specialists didn`t consider the resources beyond the top 50,000 at all.
Experts also recognize that these services cannot be called illegal. Moreover, they provide the owners of sites with the opportunity to automatically or manually configure everything they need in order for data collection to be more accurate and integral. But, as a rule, configuration requires a lot of time and efforts from the user side. Besides, the configuration of scripts involves knowledge of the certain technical skills.