Clicktale, crazyegg, userfly. Suppose I asked you to Google those and then come back.
If I had those sorts of things installed on my pages, I could tell who among you did indeed go and look, and whom amongst you bothered to come back at all, and how long you lingered thereafter.
And if I had forms on any of these pages I could peep over your shoulder and watch you filling in each field, with what amounts to a keystroke logger that I wouldn’t even have had to write from scratch.
What’s the big deal?
Here’s the rationale:
If you were going to submit data to me in a form, then the data is effectively already mine. So getting in a tizz about my watching you as you create those bits of data is a bit silly.
True, but only to an extent. Apparently clicktale is kind enough to replace your keystrokes with ‘?’s instead of the actual characters, in cases where you do NOT click to submit form data. But they’ll still be able to watch your aborted attempt. they’ll have information that shows your behaviour on a site. How long you lingered, what elements on the page you interacted with, what you clicked on, what confused or tripped you up, etc…
All very valuable insights.
If someone can gain those insights while watching you type in your name and your email address, age, sex, birthday etc…
Then your net anonymity flies out the window. Especially in the cases where you have offered up real details instead of made-up ones, someone perusing those logs will know who are, and know how you interact with websites. They’ll know whether you’re slow or fast or patient or easily distracted or just plain stupid. They’ll be able to watch you as you try different random strings of fake entries to try to “deek” some form to get to the goodies. The longer you stay, the more they’ll know about you.
What’s to stop that someone from then sending you a personal email that goes something like this:
Dear Jessica Jones,
You’re such a cheapskate. Don’t ever try to fake us into another free delivery of our Fantastic Widget promo. It’s ONE per household, get it? Your email was already on file… then you went and tried to enter firstname.lastname@example.org and email@example.com and then a fake coupon code. D’you think we’re stupid?! Oh yeah, yeah we’re on to you…
ps: Oh and by the way – we saw you click on that shampoo ad too. So we got curious and looked up your profile pic. Girl, you don’t even got no hair! Ssssss….
Aggregation. You don’t know a good thing till it’s gone…
What can a site owner really do with this info though?
And who has the time to sit through and watch every recorded session of a user fumbling about their site? No-one. That’s what you’re counting on, right?