> Keyboard keystrokes get captured too but the systems are intelligent enough to filter out passwords and payment details.
Citation needed. But i did not realize that before, so thank you very much for this information, i will desactivate js on every page with a password field from now on.
"Following the recent report that Mixpanel, a popular analytics provider, had been inadvertently collecting passwords that users typed into websites, we took a deeper look. While Mixpanel characterized it as a “bug, plain and simple” — one that it had fixed — we found that:
- Mixpanel continues to grab passwords on some sites, even with the patched version of its code.
- The problem is not limited to Mixpanel; also affected are session replay scripts, which we revealed earlier to be scooping up various other types of sensitive information.
- There is no foolproof way for these third party scripts to prevent password collection, given their intended functionality. In some cases, password collection happens due to extremely subtle interactions between code from different entities."
I have worked in the past on a tool that recorded user sessions on websites and keystroke collection didn't end up implemented only because we were a small enough company that my strong stance against it could actually block it. It was a feature that often came up from the product team after discussions with customers, and IIRC some competitors already had it implemented back then.
Our own prototype, from before I've actively joined that particular project, tested on some live website helpfully displayed all the content of some textarea of some request form that somebody started to fill in, but afterwards decided not to include some of the details. That was a big eye-opener for me that it's absolutely not a right thing to do. We have ended up implementing a debounced indicator "some typing activity is occurring right now on this field", but we still had to deal with feature requests about content collection.
Judging from quality of some of those competing solutions, I certainly wouldn't bet that they're "intelligent enough". Maybe in 75% of the most common cases, maybe.
Under the hypothesis that people move their mouse to where they're intending to interact with your page, you can build a heat map of mouse locations and show your UX people where on the page users are focusing their attention. I'd probably rate it as one of the more benign forms of telemetry.
Pretty much every major website does this. Not only that, if you are using windows 10, it does this too. Not only does windows 10 track your mouse movements, it tracks your keystrokes and it scans your filesystem and sends the meta data info back to microsoft.
It's a very anti-privacy environment we live in right now. But it's for our own good or so we are told.
Centralised social networks are by nature spy networks in that they collect a huge amount of data on a large group of people, both data concerning those people as well as data relating those people to any of the others. As to whether a centralised social network uses these data for nefarious purposes or only to provide a service to the users is up to those currently in control of the network. Ownership can change, a once-benign social network can turn into a nightmare overnight as the data will be there for the new management to exploit.
To be able to detect robots. Makes sense since most users will move their mouse in a massively different way than default robots. There is also probably some product reason like being able to see if people had their mouse around an ad before clicking it, etc.
If robots can mimic human conversations, this should also be trivial. This not only looks like a lame excuse, but also massively underestimates the ability of automatons that mimic humans.
