Session Recording May Pose A Threat To Your Cybersecurity
NEW YORK (CBSNewYork) - Many online companies use session recording tools to track how long users spend on their site and what they click on. But could these tools pose a threat to your cyber security?
"I ordered something for my podcast and I needed it by a certain time," said Clay Parker, who works as a director at CBS2.
When the product didn't arrive on time, Parker emailed the company. He was told he selected the wrong shipping time, and they said they could prove it.
"Not only can I show you a screen grab that you chose two day shipping, I can also show you actually navigating the site through the checkout process," Parker recalls being told. "I click on the link and lo and behold there's my mouse on his site navigating his site. All the text fields, my card is there, my home address, everything."
The link he clicked took him to Inspectlet, a third-party site that tracks customers online purchases and behavior patterns for marketing purposes. Inspectlet, along with other tracking sites Hotjar and Mouseflow boast big-name clients like Costco, Office Depot and eBay.
"We all understand our info is out there, but this recording of the website and seeing me actually navigating the site felt super invasive and creepy to me," Parker said.
"I think it's a lot more common than you think," said cyber security expert Siobhan Gorman.
Gorman says online retailers have been tracking consumers for years, and these days nearly every site does it. The technology is increasingly sophisticated.
"It is the kind of thing that raises concerns and something that consumers don't realize is being collected," Gorman said. "Companies will claim you're voluntarily providing this info but obviously you can't make the purchase without providing your address and credit card."
Gorman says these third-party tracking sites are often more vulnerable to hackers and sometimes even sell your data to other companies, which is legal under certain privacy policies.
So what's an online shopper to do?
"It's unfortunate many companies make it difficult to find how to opt out, but normally there is some mechanism to do it. It takes a bit of looking," Gorman said.
She says find the privacy policies on your favorite sites and opt our of data collection. The setting is usually at the bottom of a website in fine print, and varies from state to state.
