Another big issue I see is I may trust company X with my data but I as a consumer wouldn’t know I’m actually sharing my data with company Y and I think that is something users should be aware of.
Most people will not actually read any of it, and hit OK without giving it much thought. I feel as if we are just waiting for something bad to happen before we take action in restricting this big data analytics trend.
It seems to be a trend, we are passive until the problem smacks us in the face and then we grudgingly work on solving it slowly.
1) reveals a significant security issue
2) ...without the usual overblown signals to the effect of how important it is (it usually isn't) and "hey, pay attention to me"
...is refreshing, no other word for it. And if it were done more often that way in the mainstream, there would be no need for a clickbait headline arms race.
A screenshot literally unstructures the data.
IMO that seems inefficient. You could do the same at scale with the right implementation of events.
It's not worth the cost to roll your own. I use fullstory.com for web, and it's an incredibly invaluable tool - next best thing to in-person user interviews. I'm able to see front-end errors in TrackJS/Sentry/NewRelic and find the matching session in FullStory to review with my team. With this tooling, there isn't a single issue/bug I haven't been able to re-produce and witness firsthand across any device/platform (like esoteric IE 11/Safari 10 issues).
I'm just looking at either replacing TrackJS with Fullstory, or keeping both if fullstory is helpful with TrackJS.
Not sure if looking at users' screenshots is anywhere near as useful.
Sometimes it would be nice if companies just actually listened to user feedback (e.g. app store reviews, bug reports, etc) instead of only going by automatic metrics.
> Glassbox provides crucial insights on customer struggles and experience issues that cannot be identified by other systems and help us address them immediately” added Chartrand.
That's just a small sample of services that allow you to record the user's screen or take screenshots). App session replay software has existed for years, and of course, they capture all the things that are going on the app including checkouts and profile data (unless you flag those screens on the SDK implementation).
Like someone already pointed out, that video or image will likely be stored somewhere (an S3 bucket or some static storage). I think anyone who is implementing these type of SDKs on their app needs to do their due diligence, and not push sensitive data to these third parties.
“Improved retention,” indeed.
It was the homepage, when I followed the link to it. I was hasty in assuming it was intentional, and I’m glad to hear that’s not the case.
I suspect it’s a bug, possibly caused by my use of an ad blocker. (I’m accustomed to sites malfunctioning in certain ways when the blocker is turned on, but I’d never seen it cause me to be unable to use “back” to leave.)
If it helps, it happened in Safari on iOS 12.1.4. The content blocker I’m using is ‘1Blocker X’ from the iOS App Store.
If the (anonymous) author simply mocked up what these screenshots _might_ look like if they were saved, that's pretty misleading.
But thanks for this - I had no idea such things were prevalent ... now I wonder if I should surf with a proxy on to see what's being sent ...
Most of vendors record keyboard inputs and thus can record password as well as credit card information, there was an affair about it a few years ago . To not have this issue, most of vendors provide a way to not record those information. It requires manual tagging of the website on the element that contains critical content.
But many of session replays vendors have many clients, and don't force or don't verify that all the critical information are masked. This is not GDPR compliant, because when the GDPR apply you need to consent of the user to record his PII, and you are not even allowed to record information like password, sexual orientation, credit card even if you have the consent.
- Nowadays on the web most of payment pages are not hosted on the client website, so those analytics tools are not included (but we still have many websites that don't use third party for that)
- This data is not (most of the time) recorded in a structured way, data of inputs is recorded as some element of an HTML, and thus it is not super easy to extract the information at scale
Wait, why can’t a website record my sexual orientation with my consent?
How will dating sites work then? Or is there a difference between asking about sexual orientation and asking me about what gender I would like to see / what I am looking for? If there is a difference then what’s the point of not allowing sexual orientation to be stored? From a practical point of view the question phrased like what I am interested in / looking for gives about the same information don’t it?
> Paragraph 1 shall not apply if one of the following applies: the data subject has given explicit consent to the processing of those personal data for one or more specified purposes
But I was talking about third party that collect information, not the website itself, I was only working on third party so I don't know what websites are allowed to do
Ah, I see.
As far as their claim, it sounds like marketing speak. My guess is they're listening to events and then superimposing them on the UI to mimic a screenshot.
Can apps screenshot what's displayed in Safari in that case?
What's "their contract" that's prohibiting you from naming the site, apart from a standard EULA that no one reads? Who cares, just name the site?
Honestly, I'm having trouble believing this.
Yeah right bud.