loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Libor Polčák and Alexandra Slezáková

Affiliation: Brno University of Technology, Faculty of Information Technology, Božetěchova 2, 612 66 Brno, Czech Republic

Keyword(s): Web Privacy, Session Replay, Data Protection.

Abstract: Session replay scripts allow website owners to record the interaction of each web site visitor and aggregate the interaction to reveal the interests and problems of the visitors. However, previous research identified such techniques as privacy intrusive. This position paper updates the information on data collection by Hotjar. It revisits the previous findings to detect and describe the changes. The default policy to gather inputs changed; the recording script gathers only information from explicitly allowed input elements. Nevertheless, Hotjar does record content reflecting users’ behaviour outside input HTML elements. Even though we propose changes that would prevent the leakage of the reflected content, we argue that such changes will most likely not appear in practice. The paper discusses improvements in handling TLS. Not only do web page operators interact with Hotjar through encrypted connections, but Hotjar scripts do not work on sites not protected by TLS. Hotjar respects the Do Not Track signal; however, users need to connect to Hotjar even in the presence of the Do Not Track setting. Worse, malicious web operators can trick Hotjar into recording sessions of users with the active Do Not Track setting. Finally, we propose and motivate the extension of GDPR Art. 25 obligations to processors. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.222.125.171

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Polčák, L. and Slezáková, A. (2023). Data Exfiltration by Hotjar Revisited. In Proceedings of the 19th International Conference on Web Information Systems and Technologies - WEBIST; ISBN 978-989-758-672-9; ISSN 2184-3252, SciTePress, pages 347-354. DOI: 10.5220/0012192500003584

@conference{webist23,
author={Libor Polčák. and Alexandra Slezáková.},
title={Data Exfiltration by Hotjar Revisited},
booktitle={Proceedings of the 19th International Conference on Web Information Systems and Technologies - WEBIST},
year={2023},
pages={347-354},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012192500003584},
isbn={978-989-758-672-9},
issn={2184-3252},
}

TY - CONF

JO - Proceedings of the 19th International Conference on Web Information Systems and Technologies - WEBIST
TI - Data Exfiltration by Hotjar Revisited
SN - 978-989-758-672-9
IS - 2184-3252
AU - Polčák, L.
AU - Slezáková, A.
PY - 2023
SP - 347
EP - 354
DO - 10.5220/0012192500003584
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic