No boundaries: Exfiltration of personal data by session replay scripts

“No boundaries: Exfiltration of personal data by session-replay scripts” (freedom-to-tinker.com ) “No boundaries for user identities: Web trackers exploit browser login managers” (freedom-to-tinker.com) … ● Session recording scripts create a “video” of … ● Who added items to the cart but didn't convert … ● Where do users leave the onboarding flow … More than just site optimization: Jornaya (LeadID) uses … The problem: recordings require a ton of data … The problem: pages contain a ton of sensitive data … Session recording scripts are (too) easy to integrate … A timer counting how long it takes you to embed their code … Recording includes CVV field → Not PCI compliant … From: https://www.pcisecuritystandards.org/pdfs /pci_fs_data_storage.pdf …  … Unexpected input types can also cause password leaks … Demo from: https://codepen.io …