RuCore.NET – English Version

How popular the sites are stealing all your data?





How popular the sites are stealing all your data?

Each press of the keyboard entered data, etc., all of this is recorded and can be reproduced. Approximately 500 sites from Alexa top use so-called scripts (session replay scripts). The full list can be seen on this the link.



Developed such tools to better understand user behavior on the site. But the functionality allows to reproduce the session on the website and analyze every click, transitions, etc.

Such methods are completely hidden and you may not even notice how all your data gets into the right hands. Such data can be sold or used for targeted attacks. For example, such scripts can easily pull out the credit card number, month and year of the card expiration, and other information that was used on the page. This is especially interesting for sites with registration forms, etc. Drove to understand.

Notice that this article is written for educational purposes only. We did not need not appeal only to familiarize

Work example replay script

Among the most Intrusive and antimilitaristic replay-scripts isolated solutions from companies FullStory, Hotjar, Yandex and Smartlook. These companies “learn” all information, including name, email, telephone number, social security number, and passwords. Also recording the last 4 digits of credit cards. Additionally, you can see in the video how it works applications from FullStory.

You can follow users even in real time. In addition, by using such solutions the owners to customize them more details, so you can add more filters for more information. It should be noted that the company “Yandex”, Hotjar and Smartlook use HTTP to transfer data.

Such surveillance can be seen on the sites microsoft.com, adobe.com or godaddy.com but on sites from which to expect such is not necessary. For example, walgreens.com accused of collecting medical information and “recording” data about the recipes (and the subsequent transfer of these data FullStory). Another example, the website of the company Bonobos, which “merged” the full number of Bank cards visitors, too, in favor of FullStory.

How can you protect yourself from tracking?

For this we use a utility Ghostery. It is installed as a utility in Chrome or FireFox.

Ghostery tracks the “invisible” side of the Internet, where are the spies, network bugs, pixels, and beacons placed on websites, advertising networks, providers of behavioral information, site owners, and various companies that will monitor your activity on the Internet. Ghostery detects web bugs are more than 500 such companies, including Facebook and Google.

The program has a very flexible configuration and open the panel and see which trackers it is possible to separately lock.

In Ghostery main directions:

  • Advertising.
  • Site Analytics.
  • The interaction with customers.
  • The social network.
  • Important.
  • Audio/video player.
  • Advertising for adults.
  • Comments.

To begin, I recommend to block all the items, and then to adapt and add some websites to a white list or disable certain groups of trackers who needed to work on some sites.

Move on after setting up the website adobe.com. And you can immediately see how the program has blocked access to some trackers. This can be seen in the screenshot.

Note that you can select the trust mode and then the program will not block and restrict access. You can also stop the program. In addition, all exactly displays and shows what category it was blocked by the specific “bug”.

Source: peekaboo


11 Views



Spelling error report

The following text will be sent to our editors: