The first time I saw a session replay of all the mouse movements and input of a user on their own fucking computer that some marketing website-spyware had recorded was the moment I decided the Internet was a mistake.
An intern at my company built a proof-of-concept of this within a month, under a mistaken direction to build "analytics tools". When the intern presented this to the team, everyone was horrified and we never brought it up again after the intern left.
It was already common then, I gather—the ex-developer-product-owner guy who showed it to me (in the course of doing something else) didn’t seem to think it was remarkable, just an assumed capability. I don’t recall the name of the product, but it’d record all the input and page content for an entire session, you could watch it play back like a video. Exactly like standing over someone’s shoulder while they used their computer. Creepy as fuck, but some genius renamed “spyware” to “telemetry” and that was enough to get every developer on board because we’re super insecure and will jump at the chance to pretend we’re building Mars rovers or something else real while we make yet another “app” the world doesn’t need (I suppose that’s why that label was so successful at changing attitudes, anyway)
Click-mapping came earlier, and there may have been a few places mouse-movement and cross-page-load session tracking some sessions, but I don’t think it was a “just turn it on and leave it on” thing for even most large sites. And a lot of early heat maps came from user studies, which is the right way to do that.
[edit] also, that just happened to be the first time I’d seen a single session represented that way, rather than aggregates. Again, it wasn’t some brand-new thing then, it’d been around long enough to have multiple companies offering it as a service, not just an internal tool at a couple giants.
We had one of these, Hotjar I think. To their (smallest possible) credit, there's 0 legible text in the replays, you basically only see the rough UI outlines and everything else is redacted. Wouldn't be surprised if it featured a keylogger though.
I asked our data team what the fuck they need this level of tracking for, and they said "wasn't us, it was marketing that requested it".
So I ask many of the marketing people, and they just say "oh we thought it could be useful!" Without actually clarifying the "how" or "why".
I removed that shit with a quickness after that, and no one's complained so far (duh)
I love the GDPR if nothing else because it scares the - excuse the vulgarity and ableism - retarded decision makers into not doing idiotic shit like this. For any kind of bullshit like this I just bring up GDPR as a shield these days and none of it goes through
> So I ask many of the marketing people, and they just say "oh we thought it could be useful!" Without actually clarifying the "how" or "why".
This stuff bugs me so much; it all feels so cargo-culty. Even ignoring privacy, I wonder how much money and computing power is burned on buying and collecting data that nobody needs and that doesn't actually serve any significant business purpose.
Not saying it’s a good thing but assume that most websites are recording your session at this point.