Over 400 of the World's Most Popular Websites Record Your Every Keystroke

An anonymous reader quotes a report from Motherboard: The idea of websites tracking users isn't new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled "No Boundaries," three researchers from Princeton's Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world's most popular websites track your every keystroke and then send that information to a third-party server. Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers' findings. If you accidentally paste something into a form that was copied to your clipboard, it's also recorded. These scripts, or bits of code that websites run, are called "session replay" scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don't just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don't run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions. Most troubling is that the information session replay scripts collect can't "reasonably be expected to be kept anonymous," according to the researchers.

Web 3.0!

[Frosty Piss]

Quite often, these scripts are part of jQuery or some other JS framework that "needs" to know your keystrokes as a part of the web site interface, "application" if you will. Sure, this info can be used nefariously, but most likely the purpose is the web site interface mechanics itself.

Re:Web 3.0!

[Anonymous Coward]

You're getting dangerously close to summoning him.

Re:

[Bite The Pillow]

APK APK AP

***CONNECTION TERMINATED**+

---

Filter error: Don't use so many caps.

---

I earned these caps in the wasteland, and I'm gonna use them as I see fit. Are we clear?

---- .CRYSTAL.

Re:

[Dread_ed]

Quire funny, but if you look at the posts below its like he Linus'ed everyone's brains. He just uploaded his ideas to the interwebs and now everyone is mirroring them! He doesn't even have to post anymore, we are doing it for him!

Well done APK, well done.

Re:

[Arzaboa]

You use what called a hosts file. Can be found on Windows and Linux. Someone can add their two cents on IOS.

You can always block them through an ad-blocker, noscript or things of that nature in your browser.

--
"Ribbit" - Unknown Frog.

Re:

[Lucky_Strikez]

Yeah, but.... Surely there's SOME kind of tool that would help you manipulate said hosts file? :P Maybe someone could tell us about it?

Re: Web 3.0!

[Anonymous Coward]

Okay, notepad.exe

Re:

[rjstanford]

Fails elegantly

And with root authority too!

Let's design a domain blocker

[tepples]

Give me a spec for what such a tool should do, and I might see if someone can build one and release it as free software. Does this feature set sound right for a minimum viable product?

• Read and combine hostname blacklists chosen by the user
• Periodically download updated blacklists from URLs chosen by the user
• Periodically resolve hostnames chosen by the user as most commonly accessed, such as yro.slashdot.org, twitter.com, and explosm.net, and cache them locally in case of DNS outage
• Elevate to install the comb

Re:

[AmiMoJo]

uBlock Origin allows you to use a list of hosts, and the performance is excellent...

Shame nothing like that existed before. All those years we could have been blocking this crap, if only app had existed. I'd like to see .apk version for Android too.

Re:

[rjstanford]

Yeah, I guess you could call him some kind of tool.

Re:Web 3.0!

[ITRambo]

These days websites also use HTML5's canvas fingerprinting to identify your computer. If there's a way to gather any useful information, to be used for marketing, it'll happen. Check out Canvas Defender. You can change your machines white noise at will to help mask it's identity. It's really a bit sad that all this crap goes on.

Re:NoScript, but... (use Brave)

[theweatherelectric]

Previously I would have said NoScript

Use it again. NoScript [mozilla.org] has been released for Firefox 57 [hackademix.net].

Re:

[theweatherelectric]

If you want UI changes in NoScript then tell the developer of NoScript. He says he wants to hear everyone's UI ideas [hackademix.net].

Re:

[EndlessNameless]

So, can I have a browser with reduced javascript functionality?

It will improve security, but a lot of things will break. Very few web sites are simple HTML that you can poke at in your text editor.

The best suggestion is to use a browser with Javascript disbaled for normal browsing, and to have a second browser with incognito/private mode for sites which are completely broken without Javascript. And even in this case, your "safe" browser can be exposed to any malware dropped via JS exploits.

Given the rampant snooping and exploitation, it is probably best to have a non-p

Google.com

[Anonymous Coward]

Yandex searches as you type, so its hardly surprising it captures and sends the keystrokes in realtime....

But then again, so does Google, so why isn't Google on that list?

Re:

[thegarbz]

Searching as you type in a search field while displaying that obviously to the user, and recording key strokes with no searching or other useful function for the end user are two very different things.

Adding Google to every tiny bit of outrage just dilutes the value of the complaints against them.

Not good...

[Anonymous Coward]

I started typing:

"I fucking hate you, Microsoft. I'm going to bomb your Azure datacenters and slit your throats. Eat shit and die, you incompetent fucks."

Then I deleted it and actually submitted:

"Dear Microsoft. I hereby request that you close my Azure account as I found the service unsuitable to my specific needs at this time. Thank you very much in advance. Sincerely yours, X."

So now you're telling me that they have seen the first version?

Re:

[hcs_$reboot]

The words "bomb" and "die" being in the text, the NSA got it even before MS.

Re:

[JustOK]

NSA *IS* MS

Re:

[hcs_$reboot]

Interestingly, that's an anagram of "Mass Sin".

400 ?

[rtb61]

How about a list please, a useful list, name of company, data stolen, scripts and cookies to be killed upon a slow smouldering flame. How can you say 400 without having a list of the 400. That 400 players to add to noscript and cookiemonster.

Re:400 ?

[dfm3]

The page at the first link was updated with a link to their data [princeton.edu], complete with a list of all the offending sites that are ranked in the top 10,000 by Alexa.

Re:400 ?

[Arzaboa]

Here is the list, linked to from the actual article. List of 400 [princeton.edu]

--
"Ribbit" - Unknown frog

IT'S OVER 9000!

[n329619]

The list is actually really long, over 90000 to be more precise. For 'session recording' web (aka tracking) it's over 7000.

Re:

[AmiMoJo]

Privacy Badger fixes most of this automatically. It's a good option for less technical people.

uBlock Matrix with "medium mode" (https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode) kills it completely. Without medium mode it also kills it, but you are reliant on the block list authors keeping up with whatever changes are made. Since this threat is so well known, they are probably on top of it.

Re:

[Freischutz]

How about a list please, a useful list, name of company, data stolen, scripts and cookies to be killed upon a slow smouldering flame. How can you say 400 without having a list of the 400. That 400 players to add to noscript and cookiemonster.

...and how bad is this flaw? Can they read everything I type in the browser tab where this website is loaded, everything I type in the browser regardless of the tab I'm using or can they literally key-log everything typed on the computer as long as the browser is running in the background?

Re:

[Mordaximus]

How about a list please, a useful list, name of company, data stolen, scripts and cookies to be killed upon a slow smouldering flame. How can you say 400 without having a list of the 400. That 400 players to add to noscript and cookiemonster.

They provide a zipped csv [princeton.edu] right on their site. Good to see I have even more reason to hate wordpress.

Re:

[jbmartin6]

Probably safer to just assume all of them

This is (sort of) old news

[dfm3]

As one of the links even mentions, Facebook was caught doing the same with status updates (recording everything you type, even if you delete it before posting) back in 2013. What's news here is the extent to which websites are doing this these days.

For years now I've been operating under the assumption that websites collect as much data on user interaction as possible, even including things like what links you mouse over (not necessarily click on), how long you spend reading content before moving on, and how long the cursor remains on different parts of the page. This is yet one more reason why I never browse without NoScript and uBlock Origin. Fortunately, as reported in the first link:

Does tracking protection help?

Two commonly used ad-blocking lists EasyList and EasyPrivacy do not block FullStory, Smartlook, or UserReplay scripts. EasyPrivacy has filter rules that block Yandex, Hotjar, ClickTale and SessionCam.

Now that this practice is getting a little more attention, here's hoping that more of these sites will be added to popular blocklists.

I have a nervous habit of idly swirling the mouse around while I read, and I've long suspected that sites were logging these movements. So, it's a habit that I've never tried to break, but rather I've been hoping that by passing the cursor over all sorts of page elements hundreds of times in the course of a few minutes, I'm screwing with their data collection somehow.

Re:This is (sort of) old news

[theweatherelectric]

This is yet one more reason why I never browse without NoScript and uBlock Origin.

In Firefox 57 there's now also the option to turn on its built-in tracking protection all the time [mozilla.org], as opposed to only in private browsing mode.

privacy.trackingprotection.enabled in Fx 52

[tepples]

And even in earlier versions, such as the Firefox 52 that people are using in order to give Mozilla a few more months to make necessary APIs available to WebExtensions, the user can turn on Tracking Protection system-wide by entering about:config and turning on privacy.trackingprotection.enabled. The drawback is that several sites, such as TV Tropes, intentionally conflate tracking protection with an ad blocker and block page views until the user activates the "Disable protection for this site" control.

Re:

[thegarbz]

In Firefox 57 there's now also the option to turn on its built-in tracking protection all the time [mozilla.org], as opposed to only in private browsing mode.

You should do that anyway if for no other reason than to actually speed up the internet. http://www.ieee-security.org/T... [ieee-security.org]

Re:

[fafalone]

Well well look who's here to yet again remind us how great FF 57 is. You got a script to help you do your job that flags keywords needing your response? Your affiliation is so blatantly obvious no amount of calling me a lunatic is going to help.

Re:

[theweatherelectric]

Web browsers send data to a webserver every time you request a web page and every element within a page. How could HTTP [wikipedia.org] work otherwise?

Re:

[theweatherelectric]

You don't click to request, for example, any of the images. Or any other resource in the page (or subpages in iframes) which could be sourced from any other webserver on the web.

Re:

[theweatherelectric]

There's no reason it couldn't proactively send me those images

The images could be served from a different server. This is commonly done by many websites, including Slashdot.

why the flip should my browser send anything else to the server before I click another link?

So the page can refresh itself for live updating content.

If I want updates, I'll press Ctrl+R

[tepples]

So the page can refresh itself for live updating content.

Likely reply of anti-JS hardliners: "I don't want live updating content in the web browser. I'll press Ctrl+R to poll for new content when I want new content, thank you very much. If I wanted live updating content, I would download, compile, and install a native application that provides live updating content, such as an IRC client."

Re:

[EndlessNameless]

Once this has all played out, why the flip should my browser send anything else to the server before I click another link?

Many web sites have dynamic content. It can be anything: a news feed, image gallery, navigation. All of those things can trigger a request for more data, some of them automatically.

Some servers send a small starter page and load more as you scroll. Why load 10+ MB of images if you will never see them? Those images can be loaded on the fly as you read the article. They just need to pick reasonable points to preload images, and most users will never notice the difference between dynamic and static delivery. T

Re:

[AReilly]

The issue isn't that web sites are doing real-time analytics. It's that they've all out-sourced the process to a handful of third party companies. No one cares that the information they've provided to the company they are interacting with over SSL gets seen by that company: of course it does. What they care about is that this stream of data is parceled up and sent (not necessarily securely, according to the article) to some company you've never heard of, and have no business relationship with.

Re:

[tquasar]

I have the nervous habit of swirling a cat around while I read. The cat sees everything. There is no privacy. Every thing is viewed and or saved.

Re:

[holostarr]

Personally, I think people are making a mountain of a molehill and thinking there is some nefarious reason behind this. The company I work for uses a product from IBM called Tealeaf which does exactly this, it records user sessions which can then be played back. The reason why we introduced this to our product was to understand our customer better to help us improve our product. For example marketing wanted to know what caused a customer to start a purchase and then stop halfway. They wanted to understand f

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Pascoea]

I typed a bunch of stuff after this, but no one is going to read it anyway.

There are apparently 400 sites out there that will.

Re:This is (sort of) old news

[Anonymous Brave Guy]

That's funny, my recollection is that we managed pretty well without the spying for at least a decade, and yet during that time the Web grew from an academic/enthusiast medium into a mass communication medium. It turned out that countless people were willing to contribute without trying to exploit others for profit as their only motive.

Indeed, social media today, arguably including sites like this one, is still built almost entirely from contributions given freely by normal people. It's just that today, instead of everyone getting some web space as part of their normal ISP package and making their own home page or blog, we have a relatively small number of large, mostly ad-funded, mostly data-hoarding giants centralising our basic hosting instead. That has some advantages, of course, but also a very high price to pay for anyone who values privacy and security online.

Re:

[thegarbz]

That's funny, my recollection is that we managed pretty well without the spying for at least a decade

How well? My recollection was the internet was mostly a cesspool of garbage design until we started "spying" on how users use webpages.

But we're back to the anti-telemetry argument:
Today: don't record anything I do.
Tomorrow: why did you do that, do you not know how users use your product?

List of Websites

[Anonymous Coward]

The list of websites:

https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html

Re:

[hcs_$reboot]

Note that the "expected" ones are there: (main sites .com, not the .ru ...)

Norton, Microsoft, Godaddy, Skype, Adobe, ...

Re:

[hcs_$reboot]

(and btw neither google.com nor facebook.com are in)

Slimy

[Arzaboa]

I guess they do really know what I'm thinking when I leave feedback but can never send the form.

--
"Ribbit" - Unknown frog

Re:

[hcs_$reboot]

I doubt slashdot does that . No offense, but considering how difficult it seems to be to implement a couple of new features on the site, they wouldn't push the hard work to perform that level of algorithmics... [ anyway, in Chrome open the dev tools / console, and check if there're any XMLHTTPrequests going on when you type a comment ]

Autocomplete

[fermion]

Obviously any autocomplete funcitonality, or the like, is going to require keystrokes sent to the server. A post will not suffice. Google, for example, would need to save what the user typed and what the user chose, to optimize future results.

On the other hand, much of the web is run on advertising dollars, and we are in an arms race between intrusive tracking and privacy. It is therefore anyones guess how this will be used moving forward.

Native app

[tepples]

Obviously any autocomplete funcitonality, or the like, is going to require keystrokes sent to the server. A post will not suffice.

Cue the anti-script militants who prefer to download, compile, and install a native app when things like autocomplete are necessary.

Javascript?

[ArchieBunker]

Does disabling javascript help? I disabled it recently and the internet looks the way it used to. No fancy shit moving around with auto scrolling pages, very refreshing.

Re:

[tepples]

Without script, you're limited to the checkbox hack, navigation to other documents, and form submission as the only means of interaction, and every action other than the checkbox hack results in a full page reload. Some web applications aren't very usable under these constraints. On these apps, disabling JavaScript is good for showing "please download our native app or enable JavaScript" notices.

Re:

[tepples]

Without script, ... every action ... a full page reload.

And thats a show-stoper ... how exactly ?

I can think of three reasons:

Perceived latency

Consider a machine on which a native IRC client is not currently installed, such as one to which you cannot forward port 113 for identd. For this, you would need to use a web-based front-end to IRC. Without client-side script, how would this web-based front-end check for new messages? Would the user have to mash F5 every few seconds in case another user sent a message to the channel? And even if it did, how would it add the new messages to the scrolling list of

Sorry

[PPH]

My cat was walking on the keyboard again.

Block it

[AHuxley]

from the browser. It's the only way to be sure.

Can anyone suggest an extension to totally block this illegal 3rd party key logging? Ty.

Re:

[dcw3]

I'm not at all happy about it either, but what are you claiming is illegal?

Re:

[ChoGGi]

For anyone else using unbound

local-zone: "clicktale.net" refuse
local-zone: "decibelinsight.net" refuse
local-zone: "fullstory.com" refuse
local-zone: "hotjar.com" refuse
local-zone: "inspectlet.com" refuse
local-zone: "logrocket.com" refuse
local-zone: "luckyorange.com" refuse
local-zone: "mouseflow.com" refuse
local-zone: "quantummetric.com" refuse
local-zone: "salemove.com" refuse
local-zone: "sessioncam.com" refuse
local-zone: "smartlook.com" refuse
local-zone: "userreplay.net" refuse
local-zone: "yandex.ru" refuse

Re:

[ChoGGi]

err that should be always_refuse

Noscript

[Orgasmatron]

Tell me again why Noscript [noscript.net] isn't the default mode of every browser?

Why does, for example, slashdot think that I want to run software provided by truste.com, janrain.com or pro-market.net? I don't know any of those sites, and while I appreciate that slashdot trusts those sites not to harvest my data or harm my computer, they aren't exactly the party with skin in the game.

If you want to see how fucked up the web is, how fucked up we've allowed it to become, install noscript and set your browser to treat OCSP failures as hard errors. We have the technology to fix this. We just don't care enough to use it.

Re:

[account_deleted]

Comment removed based on user account deletion

Firefox ESR

[gitano_dbs]

I am using Firefox ESR (Extended Support Release) https://www.mozilla.org/en-US/... [mozilla.org] for this only reason, can keep using the add-ons i want. They are currently at version 52.5

Re:

[gitano_dbs]

Can also stay on older versions and still patched on Firefox ESR (Extended Support Release) https://www.mozilla.org/en-US/... [mozilla.org] at version 52.5 currently.

Re:

[thegarbz]

Tell me again why Noscript [noscript.net] isn't the default mode of every browser?

Because by default it breaks most of the internet and all but the most dedicated put up with manually having to manage whitelists.

Re:

[thegarbz]

Tell me again why Noscript [noscript.net] isn't the default mode of every browser?

Because by default it breaks most of the internet and only the most dedicated of geeks are happy to battle with the frustration of managing whitelists to make basic browsing work.

Re:

[PeeAitchPee]

The problem is the 99.9999% don't understand what you just wrote, or why it's important to them. They probably do know that one of the times they let a tech-minded friend help them, certain web pages stopped working. So we're back to the same reason that fucks up pretty much everything, eventually: once you let "normal people" use it, well, anything, shit will get broken. And once you let for-profit companies use it, its original intent will be perverted. That's why we have a crippled, adware-laden crap

Re:

[Dwedit]

UMatrix has temporary permissions, or rather it has permissions that go away unless you hit the save permissions button.

Re:Noscript

[theweatherelectric]

temporary permissions

They're still there. See the developer's blog post [hackademix.net].

A Lot of Trouble

[techdolphin]

It seems like these websites are going to a lot of trouble to discover that I can't type and can't spell.

Duh! Autocomplete REQUIRES some tracking

[redelm]

You know how Goggle and others do autocomplete on your search entries? Or spell check in text boxen? Or mouse zooming? How could they do this if every mouse/keystroke was not sent to them? Of course some loaded script does, and whatever else it does is probably described as "trojan".

I do not much like this mis-behaviour and mostly browse using `links2`, a lynx-like text browser. Missing images is a feature :)

Re:

[thegarbz]

You know how Goggle and others do autocomplete on your search entries?

Yeah I do. They don't typically do so on username or password fields. Maybe read the entire summary or article and actually understand the topic at hand before posting. Your UID is too low to be spouting something so silly.

Re:

[DNS-and-BIND]

Here's a fun party trick: go to Google.com, type in "Hillary Clinton", and try to get autocomplete to say something bad about her. Then, try it with "Donald Trump" (impeachment was the first auto-complete result I got, it may vary with your location).

During the James Damore scandal, I couldn't get Google to suggest anything at all about his name. It just suggested variations on "d'amore", the French word for love. Weird, eh?

Re:

[drinkypoo]

You know how Goggle and others do autocomplete on your search entries? Or spell check in text boxen? Or mouse zooming? How could they do this if every mouse/keystroke was not sent to them?

You know you can turn off autocomplete in your browser search field, right?

Re:

[redelm]

Yes, at least some browsers have this setting. And as another poster mentioned, scripts do not autocomplete all fields (uid/pwd). But this does not necessarily stop the scripts from running and sending running data, even if the browser does not show any useful return. Websites can adjust their behaviour per user, and might appear less intrusive to some users. Cookies & per-user scripts. That does not mean that they do not track and capture data, just that they are more subtle in displaying the resu

websites and windows

[bugs2squash]

so if the website steals the errant/orphan/reconsidered keystrokes does that mean windows doesn't capture them maybe this is the lesser of two evils.

Re:

[hcs_$reboot]

Windows captures them at a lower level, even before the keyboard event reaches the browser. Don't worry, MS knows even more that those spy web sites.

But but ...

[hcs_$reboot]

what are they doing with that information? I mean 99.99% of that is completely boresome, and for the rest, they'd need a quite capable AI algo to extract relevant information. Unless there is a 24/7 staff in charge of checking the crap that's been entered then deleted... which I doubt.

Web Sites Behavior Control

[hcs_$reboot]

That proves (even if we've known that for a while) there is no control of web sites behavior. A concrete analogy is, you're angry after the tax office because you pay too much taxes, and start to write a letter, joking around, "go f..k yourself" etc... then throw that paper away and write the real one. Following this web site behavior, the tax officer is constantly looking over your shoulder - without you being even aware of that. This is totally unacceptable. The user should be at least made aware of that spying policy.

Re:

[dinfinity]

Granted, in that case you are technically writing the letter and throwing it away in the tax officer's office. People think they're doing online stuff 'from home', but the internet is the digital equivalent of walking around outside, with all the dangers, 'spying' and caveats that come with that.

Re:

[account_deleted]

Comment removed based on user account deletion

Overblown. Gonna play devil's advocate.

[geekymachoman]

So, this is completely overblown out of proportion. I'm a web dev, and more. Basically I've been deciding and implementing all sort of web things, including this "tracking" everybody is hung up about. Everywhere I worked at, the "tracking" is used for the good of a consumer as in ... analyzing data to provide better user experience, to make it easier for the users to find what they need ( granted: in effort to increase sales ), when they need it, and overall just increase user experience.

After 15 years of being in the business, I never seen tracking for malicious purposes (or purposes other than attempting to make it easier for YOU to use the website ).

I understand the concerns people are having, but jesus christ you people talk about it like we're filming you while in a shower, just because websites track where people click and what they insert into a web form ( on their own sites ) does not mean they CARE about you. No business cares about the individual.. but about statistics, percentages, numbers.

It's even said so in the article summary:
"Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages."

What on earth is so wrong about this ?
For people doing it, this is you "a3727fd0a20d5eef697d3c2f41bf0e4d". This is what they see and track, and care about.

Get over yourself, for god sake.

Re:Overblown. Gonna play devil's advocate.

[afgam28]

Let's suppose that there are no malicious uses of web tracking, that it is solely used to improve the user experience. There's still a big problem, which is that a lot of software developers are just incompetent when it comes to security. And sorry to break it to you, but your post proves that you're one of them.

If you don't see the problem with a key logger on a site that contains a password field, and then sending those logged keys to a third-party, and through unencrypted channels, then you need to be fired from your job as a web dev asap.

Re:Overblown. Gonna play devil's advocate.

[AmiMoJo]

Looking at the number of sites that use anti-patterns (malicious UIs designed to trick the user) I'd say you have lived a very sheltered life.

Getting you to buy more stuff IS abuse in many cases. Jacking up prices because your page view times and mouse hover positions suggest that you will pay 10% more is also abuse, and spying. It's creepy AF.

Mark of the beast

[HalAtWork]

"He also forced everyone, small and great, rich and poor, free and slave, to receive a mark on his right hand or on his forehead, so that no one could buy or sell unless he had the mark, which is the name of the beast or the number of his name. This calls for wisdom. If anyone has insight, let him calculate the number of the beast, for it is man's number. His number is a3727fd0a20d5eef697d3c2f41bf0e4d."

Re:Overblown. Gonna play devil's advocate.

[bluegutang]

For people doing it, this is you "a3727fd0a20d5eef697d3c2f41bf0e4d".

No, this is you: ID "a3727fd0a20d5eef697d3c2f41bf0e4d", username bob123, email address bobsmith123@gmail.com.

And email address bobsmith123@gmail.com can be correlated with a Facebook account, medical history, credit rating, and much more.

There are valid uses for this...

[gosand]

I think I understand your point, there ARE valid uses for this.
It's frustrating to develop software and not have full understanding about how your clients use it. There is a desire and a need to have that information in raw data that can be used to make the product better. It could even be used by client support and to help prevent bugs. I'm not talking about shopping carts or blogs, but enterprise-level systems that are very complex.

But let's not kid ourselves... that isn't what this story is about.

Zounds!

[cascadingstylesheet]

It's almost as though the web were some sort of client-server technology!

Two words

[volodymyrbiryuk]

Use uMatrix

Poison the Well?

[Maritz]

Anyone ever come up with software to just pile shitloads of fake data into all these sniffers? I'd like every web page to think I hovered over every fucking link and wrote a bunch of random shit. All day every day.

Would like to see something that requests pages off completely random websites every few seconds. Sure would make GCHQ style pricks work for their dinners.

If you can't stop the trickle, make them drink from the fucking firehose.

Sounds like

[no-body]

jail time for somebody for illegally snooping without consent. Oh, we are in the USA, sorry for bringing that up.

Re: Name names

[Anonymous Coward]

https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html

Re:

[hcs_$reboot]

BigBrother.com

Re:

[tepples]

Thick Thigh Tranny Bitches.com

Thick thighs, automotive gearboxes, and female dogs? That's an odd combination of topics for a website.

Re:

[Templer421]

Manual Tranny or an Automatic Tranny?

Ford or Chevy?

What Engine and Year?

Re:

[trg83]

If you're a proper manual driver, you don't have need of space for a rollback. I never had rollbacks after about 3 months of practice. It might be a little harder on your clutch, but you don't have the right to randomly back into cars because you don't know how to drive yours.

Re:

[lucm]

it's now part of IBM so we can assume it will stop working soon.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[avandesande]

I suspect 'cat' and 'video' is going to show up a lot in the data.