Search the Community
Showing results for tags 'princeton'.
Found 1 result
-
Recently a study from Princeton analysed what is called session replay. Oversimplified, it is a third party company acting as man in the middle between your PC and the website you are visiting, which then tracks and stores every mouseclick and keystroke to help the site owner analyse their website. In order to do this, everything you type is not only stored at the website (like for example Evernote), but also on the servers of the analytics company. Obviously this poses a significant security issue. Or like one of the researchers from Princeton puts it: "Collection of page content by third-party replay scripts may cause sensitive information, such as medical conditions, credit card details, and other personal information displayed on a page, to leak to the third-party as part of the recording," Steven Englehardt, a PhD candidate at Princeton University, wrote. "This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes." When Walgreens was caught red-handed, they stopped using those third parties https://www.wired.com/story/the-dark-side-of-replay-sessions-that-record-your-every-move-online/ as the risk was far higher than potential benefits. Evernote was also "featured" in this study, and was caught using one of those analytic providers ("hotjar"), potentially storing everything you enter in your notes on a non-Evernote server on a Malta jurisdiction. Funny enough Evernote just changed the privacy policy just a few months ago to highlight that indeed they were using those services/scripts. And Evernote highlighted how you could opt out. You canot opt out in Evernote. But read the instructions on the service provider's website. Dear Evernote, really? You put so much effort in providing a secure environment? And then you put it all at risk and allow a third party to record everything I do? Every word I type? Record it on their servers? Just for the benefit of optimising your web-design? Seriously? I would suggest you read these forums, there are enough suggestions to optimise your product to keep you busy the next few years, like getting rid of the upgrade button if you are a paying user... After the discussions around your last privacy policy update, I no longer believe this to be a mistake, I think this is a mindset issue. You put so much effort on improving your product, that you miss out on the basics. I understand that AI is more sexy than privacy. But I would have hoped you would not miss out on the basics. This really was the straw that broke the camel's back. So today I have cancelled my subscription. Oliver Additional Sources https://arstechnica.com/tech-policy/2017/11/an-alarming-number-of-sites-employ-privacy-invading-session-replay-scripts/ https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html (Evernote is #359 of most visited sites - and uses tracker) https://evernote.com/intl/de/privacy/policy (you find the version dating from July, but if you go to what's new, you see the change I refer to under the cookies section )- 17 replies
-
- 2
-
-
- privacy
- session replay
- (and 2 more)
