Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Image via Riot Games

Riot Games, League of Legends, Nintendo, and Minecraft are among the 1,200 websites that track your keystrokes

A study from Princeton University found tons of websites tracking user's keystrokes and online sessions.
This article is over 7 years old and may contain outdated information

Researchers at Princeton University found that over 1,200 websites, including Riot Games, Dota 2 Russia, and Nintendo, are using tracking technology to record what you do on their site.

Recommended Videos

These websites are using two different methods of recording. The researchers found these by analyzing seven services that record user data, then using bots to visit these sites and see if they had the analytics script embedded.

The first, and most invasive, method is called session replay (or session recording). It tracks everything the user does—every single keystroke a user inputs, including passwords and other sensitive information. Of the 1,200 sites, 482 use this method.

“These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers,” researchers said in a blog post. “Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.”

Among the 482 websites that use session replay are two video game companies, Dota 2’s Russian site and Nintendo. Internet service provider Comcast also uses this tracking method. The researchers noted that just because a website on its list does not have this tag, “does not mean that recordings don’t occur, simply that we don’t know if they do.” They also specified that website developers that have this script embedded may choose to “not enable session recording functionality,” and therefore session recordings might not always occur, as they choose a sample of users.

The second method of tracking is labeled as “analytics scripts exist” in Princeton’s study. Essentially, sites with this code track which of their pages you visit, and the searches you make on their website. At least 13 gaming-related sites are included in this study, such as riotgames.com, leagueoflegends.com, leagueoflegends.co.kr, lolesports.com, xbox.com, minecraft.net, kinguin.net, g2a.com, wargaming.net, worldofwarships.eu, controversial skin betting sites csgolounge.com and dota2lounge.com, and media site gosugamers.net. Many big-name companies, such as Intel, Costco, and Adobe, use these more common analytic scripts to track users.

“This data can’t reasonably be expected to be kept anonymous,” researchers said. “In fact, some companies allow publishers to explicitly link recordings to a user’s real identity.”

H/T BBC News | Saira Mueller contributed to this report


Dot Esports is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author
Image of Nicole Carpenter
Nicole Carpenter
Nicole Carpenter is a reporter for Dot Esports. She lives in Massachusetts with her cat, Puppy, and dog, Major. She's a Zenyatta main who'd rather be playing D.Va.