I hate, hate, HATE session recording, yet it’s absolutely everywhere on websites, as well as applications.

Basically, session recording refers to, well, recording a person’s browsing session, usually including all mouse and possibly keyboard activity. Most session recording services I’ve seen literally generate a video of the user’s interactions with the web page, much like a screen recording.

The amount of data this gives the website is enormous, and enormously invasive. They can see literally everything that is showing up on your screen on a second by second basis, albeit only the parts that are displaying the website, including what content was there, where your mouse hovers, what you thought about clicking but didn’t, everything.

They quite possibly also know everything you typed, especially if it was typed into a text field. I hope you didn’t accidentally enter your username and password because thought you were switched into the other browser instance. Did you type out half a post but decided that you’d rather not have the internet know that? They have that now. Did you hit control-V but forgot that your social security number and not some mundane thing was in the clipboard? Now it’s theirs. Did you delete an image that you posted? Even assuming that the original file was deleted, it still exists in the form of session recordings.

There are also ways of fingerprinting a person’s “browsing style” by analyzing how they interact with UI elements. This can be used to identify a person, not just a browser or a computer.

Worst of all, session recording is often provided by a third party, so not only does the site itself have this data, a third party does too, possibly forever. That’s to say nothing about what happens if either company gets hacked.

Session recording is the bane of the web surfer’s existence, and there is no way to completely block it without outright disabling JavaScript. You can block the events associated with mouse and keyboard activity, but that breaks websites and they can still session record the initially visible page.

So, if you run a company that provides session recording, I just want to say: “FUCK YOU! You are ruining the internet!”

  • DessalinesA
    link
    fedilink
    arrow-up
    4
    ·
    5 years ago

    If we were going to build a “static / non-js” lemmy client, I’d wanna stay in rust and use Yew or something like that. But ya a non-dynamic client IMO should be lower priority than android, unless someone else wants to make it.