[erikbern]

I've found these tools extremely useful to understand user behavior. We rely on Fullstory all the time to improve the user experience, to identify bugs, and to debug user issues.

The result of these tools is a far better user experience on our site and many other sites.

"recording every keystroke" makes it sound like there's malicious intent, but it's misleading. It should be added that all these tools have a lot of options to avoid tracking sensitive data (like password fields) and we always rely on that (in fact anything else would be a compliance violation for us).

[titzer]

> "recording every keystroke" makes it sound like there's malicious intent

Thinking from a security perspective, I'm not sure "intent" is an important consideration. The question is: should third parties have the technical capability to do this?

IMO there are enough bad actors out there to answer this with a resounding _no_, at least by default.

If you want to record user browsing sessions, you should ask permission.

[zerocrates]

I suppose the issue here is that these aren't really "third" parties doing the recording, even if they're using third-party scripts.

[arkh]

Yeah the owner of the website which include the script has only their website data.

The third party follows users over all the websites they're deployed on. Best example is google analytics and all beacons scripts (G+, FB like, share on twitter etc.) which track you almost everywhere.

[evgen]

I don't have any malicious intent, but don't mind me as I set up camp here in your bedroom...