TL;DR Version: many legitimate websites record extremely detailed data about everything you do on the site, including your mouse position and where you scroll, using a tool like ForeSee Replay. Since there is no global opt-out, you need to install an ad blocker to prevent this kind of bandwidth-wasting privacy intrusion.
This afternoon I opened a few eBay tabs, and I have a vague recollection of seeing one of those standard ForeSee popups asking if I’d like to participate in a survey. I almost always say “No Thanks”, and I’m 99% sure I did not agree to a survey today.
This evening, I noticed my laptop’s outbound network traffic was heavy, which seriously slows down our rural DSL (4mbit down, 1mbit up). The more I looked at this, the less I liked it: chrome was sending piles of HTTPS data off to four different AWS-hosted servers that list themselves as “ForeSee Record Status (cxReplayRecorder) v2.4.11” (IP addresses: 52.203.189.90 52.204.75.38 52.206.152.106 52.1.20.34, but they’re load balanced). I grabbed some of the traffic with Wireshark, but it’s encrypted, so I still have no way of telling what exactly was sent.
I knew the traffic was coming from chrome, but I have a bad habit of keeping about a hundred tabs open (!), so I carefully watched the bandwidth usage as I incrementally closed tabs. As soon as I closed the ebay tabs, the traffic stopped. Reopening the tabs didn’t bring the traffic back–it only happens when the tracker code decides it has enough data to be worth sending back out.
ForeSee seems particularly evasive in the way it phrases the ‘survey’: not only will you (maybe) answer questions, the ForeSee® Replay code also tracks every mouse click, mouse *hover*, and scroll that you do on the site. Their Replay viewer lets them see heat maps showing where people click, or even hover the mouse. (This is useful data for building the site, but it’s not disclosed that it is part of the ‘survey’.)
The tracking servers dump a pile of metadata, from which I can see:
- There are about 10 active replay recorder servers right now.
- Each server is receiving about 1,000 ‘transmits’ per minute.
- Each ‘transmit’ occupies about 100 kilobytes (on average), which is a lot of bandwidth, and a lot of information captured.
- A typical server seems to capture over a terabyte per week, from over 10 million users.
To stop this, install an ad blocker like the free Ad Block Plus, and add “/foresee/*” to the filter list.
Dr. Lawlor's Code, Robots, & Things 