Data Exfiltration by Hotjar Revisited

• URL: http://arxiv.org/abs/2309.11253v1
• Date: Wed, 20 Sep 2023 12:23:34 GMT
• Title: Data Exfiltration by Hotjar Revisited
• Authors: Libor Pol\v{c}\'ak and Alexandra Slez\'akov\'a
• Abstract summary: Session replay scripts allow website owners to record the interaction of each web site visitor. Previous research identified such techniques as privacy intrusive. This position paper updates the information on data collection by Hotjar.
• Score: 55.2480439325792
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Session replay scripts allow website owners to record the interaction of each web site visitor and aggregate the interaction to reveal the interests and problems of the visitors. However, previous research identified such techniques as privacy intrusive. This position paper updates the information on data collection by Hotjar. It revisits the previous findings to detect and describe the changes. The default policy to gather inputs changed; the recording script gathers only information from explicitly allowed input elements. Nevertheless, Hotjar does record content reflecting users' behaviour outside input HTML elements. Even though we propose changes that would prevent the leakage of the reflected content, we argue that such changes will most likely not appear in practice. The paper discusses improvements in handling TLS. Not only do web page operators interact with Hotjar through encrypted connections, but Hotjar scripts do not work on sites not protected by TLS. Hotjar respects the Do Not Track signal; however, users need to connect to Hotjar even in the presence of the Do Not Track setting. Worse, malicious web operators can trick Hotjar into recording sessions of users with the active Do Not Track setting. Finally, we propose and motivate the extension of GDPR Art. 25 obligations to processors.

Related papers

• Are LLM-based methods good enough for detecting unfair terms of service? [67.49487557224415]
  Large language models (LLMs) are good at parsing long text-based documents. We build a dataset consisting of 12 questions applied individually to a set of privacy policies. Some open-source models are able to provide a higher accuracy compared to some commercial models.
  arXiv  Detail & Related papers  (2024-08-24T09:26:59Z)
• The Privacy-Utility Trade-off in the Topics API [0.34952465649465553]
  We analyze the re-identification risks for individual Internet users and the utility provided to advertising companies by the Topics API. We provide theoretical results dependent only on the API parameters that can be readily applied to evaluate the privacy and utility implications of future API updates.
  arXiv  Detail & Related papers  (2024-06-21T17:01:23Z)
• LARP: Language Audio Relational Pre-training for Cold-Start Playlist Continuation [49.89372182441713]
  We introduce LARP, a multi-modal cold-start playlist continuation model. Our framework uses increasing stages of task-specific abstraction: within-track (language-audio) contrastive loss, track-track contrastive loss, and track-playlist contrastive loss.
  arXiv  Detail & Related papers  (2024-06-20T14:02:15Z)
• HonestBait: Forward References for Attractive but Faithful Headline Generation [13.456581900511873]
  Forward references (FRs) are a writing technique often used for clickbait. A self-verification process is included during training to avoid spurious inventions. We present PANCO1, an innovative dataset containing pairs of fake news with verified news for attractive but faithful news headline generation.
  arXiv  Detail & Related papers  (2023-06-26T16:34:37Z)
• Transition Relation Aware Self-Attention for Session-based Recommendation [11.202585147927122]
  Session-based recommendation is a challenging problem in the real-world scenes. Recent graph neural networks (GNNs) have emerged as the state-of-the-art methods for session-based recommendation. We propose a novel approach for session-based recommendation, called Transition Relation Aware Self-Attention.
  arXiv  Detail & Related papers  (2022-03-12T10:54:34Z)
• Masked LARk: Masked Learning, Aggregation and Reporting worKflow [6.484847460164177]
  Many web advertising data flows involve passive cross-site tracking of users. Most browsers are moving towards removal of 3PC in subsequent browser iterations. We propose a new proposal, called Masked LARk, for aggregation of user engagement measurement and model training.
  arXiv  Detail & Related papers  (2021-10-27T21:59:37Z)
• Disentangling Online Chats with DAG-Structured LSTMs [55.33014148383343]
  DAG-LSTMs are a generalization of Tree-LSTMs that can handle directed acyclic dependencies. We show that the novel model we propose achieves state of the art status on the task of recovering reply-to relations.
  arXiv  Detail & Related papers  (2021-06-16T18:00:00Z)
• Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks [4.878606901631679]
  In recent world events, video calls have become the new norm for both personal and professional remote communication. We design and evaluate an attack framework to infer one type of such private information from the video stream of a call -- keystrokes. We propose and evaluate effective mitigation techniques that can automatically protect users when they type during a video call.
  arXiv  Detail & Related papers  (2020-10-22T21:38:17Z)
• Exploiting Unsupervised Data for Emotion Recognition in Conversations [76.01690906995286]
  Emotion Recognition in Conversations (ERC) aims to predict the emotional state of speakers in conversations. The available supervised data for the ERC task is limited. We propose a novel approach to leverage unsupervised conversation data.
  arXiv  Detail & Related papers  (2020-10-02T13:28:47Z)
• Mining Implicit Relevance Feedback from User Behavior for Web Question Answering [92.45607094299181]
  We make the first study to explore the correlation between user behavior and passage relevance. Our approach significantly improves the accuracy of passage ranking without extra human labeled data. In practice, this work has proved effective to substantially reduce the human labeling cost for the QA service in a global commercial search engine.
  arXiv  Detail & Related papers  (2020-06-13T07:02:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.