会话重播脚本:隐私分析

IF 3 3区管理学 Q1 COMMUNICATION

Information Society Pub Date : 2022-06-01 DOI:10.1080/01972243.2022.2078916

F. Grodzinsky, Keith W. Miller, Marty J. Wolf

{"title":"会话重播脚本:隐私分析","authors":"F. Grodzinsky, Keith W. Miller, Marty J. Wolf","doi":"10.1080/01972243.2022.2078916","DOIUrl":null,"url":null,"abstract":"Abstract Session replay scripts record a user’s actions while visiting a website or using a computer application. These recordings are typically sent to third party companies whose stated purpose is to analyze the recordings to help correct bottlenecks and illuminate problems that are difficult for users to navigate. We examine how session replay scripts are being marketed and how they are used by application developers. The extent of gathered data is intrusive, often going beyond the stated objectives, and often collected without users’ knowledge. Using Nissenbaum’s privacy as contextual integrity framework, we demonstrate how replay scripts violate the norms of both appropriateness and distribution, and hence the privacy of the user. We examine two scenarios: one where the session replay data are sent back to the application developer, and another where captured data are sent to third party companies. We compare the scenarios to two analogous situations: surveys taken at a museum and video surveillance in a brick-and-mortar store. We analyze in detail the case of FullStory, a vendor of session replay scripts. In conclusion, we offer suggestions on how to preserve private information in both scenarios.","PeriodicalId":51481,"journal":{"name":"Information Society","volume":"38 1","pages":"257 - 268"},"PeriodicalIF":3.0000,"publicationDate":"2022-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Session replay scripts: A privacy analysis\",\"authors\":\"F. Grodzinsky, Keith W. Miller, Marty J. Wolf\",\"doi\":\"10.1080/01972243.2022.2078916\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract Session replay scripts record a user’s actions while visiting a website or using a computer application. These recordings are typically sent to third party companies whose stated purpose is to analyze the recordings to help correct bottlenecks and illuminate problems that are difficult for users to navigate. We examine how session replay scripts are being marketed and how they are used by application developers. The extent of gathered data is intrusive, often going beyond the stated objectives, and often collected without users’ knowledge. Using Nissenbaum’s privacy as contextual integrity framework, we demonstrate how replay scripts violate the norms of both appropriateness and distribution, and hence the privacy of the user. We examine two scenarios: one where the session replay data are sent back to the application developer, and another where captured data are sent to third party companies. We compare the scenarios to two analogous situations: surveys taken at a museum and video surveillance in a brick-and-mortar store. We analyze in detail the case of FullStory, a vendor of session replay scripts. In conclusion, we offer suggestions on how to preserve private information in both scenarios.\",\"PeriodicalId\":51481,\"journal\":{\"name\":\"Information Society\",\"volume\":\"38 1\",\"pages\":\"257 - 268\"},\"PeriodicalIF\":3.0000,\"publicationDate\":\"2022-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Society\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.1080/01972243.2022.2078916\",\"RegionNum\":3,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMMUNICATION\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Society","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1080/01972243.2022.2078916","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMMUNICATION","Score":null,"Total":0}

引用次数: 1

摘要

摘要会话回放脚本记录用户在访问网站或使用计算机应用程序时的操作。这些录音通常会发送给第三方公司，这些公司的既定目的是分析录音，以帮助纠正瓶颈并说明用户难以导航的问题。我们研究了会话重播脚本是如何营销的，以及应用程序开发人员是如何使用它们的。所收集数据的范围是侵入性的，往往超出了既定目标，而且往往是在用户不知情的情况下收集的。使用Nissenbaum的隐私作为上下文完整性框架，我们展示了回放脚本如何违反适当性和分发规范，从而侵犯了用户的隐私。我们研究了两种场景：一种场景是将会话回放数据发送回应用程序开发人员，另一种场景则是将捕获的数据发送给第三方公司。我们将这些场景与两种类似的情况进行了比较：在博物馆进行的调查和在实体店进行的视频监控。我们详细分析了会话回放脚本供应商FullStory的情况。最后，我们就如何在这两种情况下保存私人信息提出了建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Session replay scripts: A privacy analysis

Abstract Session replay scripts record a user’s actions while visiting a website or using a computer application. These recordings are typically sent to third party companies whose stated purpose is to analyze the recordings to help correct bottlenecks and illuminate problems that are difficult for users to navigate. We examine how session replay scripts are being marketed and how they are used by application developers. The extent of gathered data is intrusive, often going beyond the stated objectives, and often collected without users’ knowledge. Using Nissenbaum’s privacy as contextual integrity framework, we demonstrate how replay scripts violate the norms of both appropriateness and distribution, and hence the privacy of the user. We examine two scenarios: one where the session replay data are sent back to the application developer, and another where captured data are sent to third party companies. We compare the scenarios to two analogous situations: surveys taken at a museum and video surveillance in a brick-and-mortar store. We analyze in detail the case of FullStory, a vendor of session replay scripts. In conclusion, we offer suggestions on how to preserve private information in both scenarios.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Information Society Multiple-

CiteScore

5.00

自引率

0.00%

发文量

期刊介绍： The Information Society is a multidisciplinary journal intended to answer questions about the Information Age. It provides a forum for thoughtful commentary and discussion of significant topics in the world of information, such as transborder data flow, regulatory issues, the impact of the information industry, information as a determinant of public and private organizational performance, and information and the sovereignty of the public and private organizational performance, and information and the sovereignty of the public. Its papers analyze information policy issues affecting society. Because of the journal"s international perspective, it will have worldwide appeal to scientists and policymakers in government, education, and industry.