[csteubs]

Valid point, but the e-commerce side of the business benefits immensely from these tools (I use FullStory every day for debugging, it's a life saver). I wouldn't say that simply having a replay script on your page is the scarlet letter the author of the post makes it out to be.

All of these VPN services lean really hard into the fear factor for marketing, and this article seems no different. Just identifying a minor worst-case risk on their competitor's sites, extrapolating that risk and hoping no one notices these are websites (not services), and bundling it up nicely in an SEO-friendly blog post. VPN services are notoriously suss when it comes to disclosure anyway, but they're largely marketing to the lowest common denominator of the privacy-paranoid.

Next week's cruft article: "Your VPN provider knows your IP address"

Rinse and repeat.

[meowface]

The whole article seems like almost entirely fluff to me. The real concern they posed, and the question they didn't actually answer for some reason:

Which VPN providers are using replay scripts on their website from services that don't properly exclude passwords, payment information, and PII from the replays?

That's actually worth reporting about. The rest seems like fearmongering.