Beware Session Replay Scripts on VPN websites

One of the main reasons to use a VPN is to provide privacy while online. It may, therefore, come as something of a surprise to learn that many VPN s not only track visitors to their websites, but share this information with extensive advertising and analytics networks.

Even more worrying is the fact that the information collected goes far beyond mere tracking. Session replay scripts have hit the headlines recently because they record every interaction a visitor makes with the website.

According to a recent report by Princeton University researchers:

These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.

Even when text is inputted into a text field but not sent, session replay scripts will still record the data. Alarmingly, a follow-up report found that these scripts can also leak passwords to session replay companies:

In our research we found password leaks to four different third-party analytics providers across a number of websites. The sources are numerous.