[titzer]

> "recording every keystroke" makes it sound like there's malicious intent

Thinking from a security perspective, I'm not sure "intent" is an important consideration. The question is: should third parties have the technical capability to do this?

IMO there are enough bad actors out there to answer this with a resounding _no_, at least by default.

If you want to record user browsing sessions, you should ask permission.

[zerocrates]

I suppose the issue here is that these aren't really "third" parties doing the recording, even if they're using third-party scripts.

[arkh]

Yeah the owner of the website which include the script has only their website data.

The third party follows users over all the websites they're deployed on. Best example is google analytics and all beacons scripts (G+, FB like, share on twitter etc.) which track you almost everywhere.