There has been a lot of talk in the news lately about security issues surrounding web-based session replay.
The issue is a simple one: many popular websites are now running scripts that record every keystroke and every mouse movement, allowing them to replay your entire visit to their website, as though they’re looking over your shoulder.
However, that data’s being collected and retained by third parties, not the websites themselves.
And the information includes passwords, personally identifying information (PII), financial information, health information (PHI), and anything else you might type in.
The best writeup I’ve seen to date is over at Freedom to Tinker. It’s concise, and shows you exactly what’s going on.
The next best thing would be to block outbound traffic to the following domains (extracted from the list presented above):
Hotjar.com Clicktale.com Sessioncam.com Smartlook.com Userreplay.net Fullstory.com Mouseflow.com Inspectlet.com Decibelinsight.net Quantummetric.com Yandex.ru