Keyloggers are dangerous, and they are scary. Often without your knowledge, these pieces of software can track and record your every click and every keystroke, enabling huge breaches of confidential user data. While they are usually known for being tools that are downloaded onto computers along with malware suites with huge green download buttons, this time keylogger use has been uncovered in a radically different environment; the world's most popular websites.
Researchers at Princeton University found that third-party scripts that run on many of the world's most popular websites, which track your every keystroke and every click, and then send that information to a third-party server. Furthermore, more popular sites were found to be tracking and saving every word that users typed into forms, regardless of if the form was abandoned or cleared.
"Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers' findings. If you accidentally paste something into a form that was copied to your clipboard, it's also recorded.
...These scripts, or bits of code that websites run, are called "session replay" scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don't just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don't run on every page but are often placed on pages where users input sensitive information, like passwords and medical conditions.
Enormous companies and service providers such as Walgreens, FullStory, Hotjar, SmartLook and even giants like Russia's Yandex were found to be using such software on their websites to record user data. Furthermore, the estimate of 482 of the world's top 50000 sites (Alexa rankings) is meant to be a low, conservative estimate; it could easily be much higher, which is even more worrying for everyone – especially the average consumer who will not use any form of protective measures while browsing the web.
Regardless of their intention (which was most likely targeted advertising), this is highly concerning for users and adds a very macabre, Orwellian feeling to your everyday browsing. Fortunately, there is a way you can stay safe; AdBlock Plus has been updated to support blocking said plugins in the wake of this research. Installing AdBlock Plus will allow you to be safe from this keylogging format, but remember that it's more than likely that there's a lot we're unaware of with regards to how deep such breaches go – so always be careful of what information you're giving away online.
What do you guys think? Are you concerned about your privacy online? Drop a line below telling us what you think, or post over in our forums.