Disclaimer: You are looking at a post I wrote some time ago. The information and opinions contained within may be outdated and may differ from my current views. Please proceed accordingly.

"Track Visitors Right Down to Their Mouse Moves"

Mar 15, 2006 9:43 AM
Tags: ajax, privacy, security, usability

Am I the only one who thinks that Crazy Egg is a little creepy?

Ajax gives you the ability to track visitors right down to their mouse moves. ... Crazy Egg is a website tracking system that records every click by your users [and] then produces a heat map that is overlaid on your site, allowing you to understand exactly what your users are doing.

Tracking clicks is not new, nor is storing an unnecessary amount of information in cookies.

But, by ethically-iffy use of Ajax, you can now track pretty much everything a user does in a web page: what they clicked, where and when they moved their mouse, how long they spend doing different things, even what they typed into forms *before* submitting them. That rough draft of your comment, before you rephrased it more politely? Got it.

I mean it's one thing to do this when you are specifically doing usability testing in a lab with the person's consent. But it seems a bit "Big Brother" to go monitoring users' behavior to this degree, without so much as a "this site is under surveilance" or "this visit may be monitored for quality assurance purposes".


Comments: "Track Visitors Right Down to Their Mouse Moves"

All the data is in aggregate, no single person is discernable from that kind of info. Does it really matter that you're generating data that they can use to improve the usability of their site?

Posted by: Bob Ippolito on March 15, 2006 2:27 PM | permalink

Well if the data is kept in aggregate, that's a mitigating factor. But I can see sites with identifiable users doing this (e.g. e-commerce sites).

Posted by: Joe Grossberg on March 15, 2006 3:07 PM | permalink

Crazy Egg is definitely aggregate, it's a service (not software) for web developers/marketing folk... not big brothering. I know the guys that did their UI, so I've been familiar with it for a long time.

Nefarious tracking has been possible for a long time, but I haven't seen any. I definitely don't think someone would or could turn it into a useful web service like Crazy Egg, because snooping on people is really domain specific unless it was something as dumb as a keylogger.

I guess the key technology that I would use if I were writing that kind of code would be Flash. Flash 5 introduced an XMLSocket object that allows you to establish a persistent TCP connection with a server, and it's pretty much invisible to the user and even a HTTP proxy (like fiddler or whatever) since it's out of band.

You could use that socket to periodically send anything you want, and with Flash 8's ExternalInterface API (or the Flash/JavaScript Integration Kit hack for older versions) you can pretty seamlessly put it into the AJAX picture.

Posted by: Bob Ippolito on March 15, 2006 11:45 PM | permalink

Yeah, I dunno ... I'm loath to give companies the benefit of the doubt after the nonsense Yahoo! and Google have pulled recently.

Posted by: Joe Grossberg on March 16, 2006 9:49 AM | permalink

wondering if there are different offering for webapplications that are hosted online. can the same service be used for webapplications? what are the security loopholes if an webapplication use service like crazyegg that tracks every move of the user? what are the privacy policies in this case? will the service track all of the customer entry details that is used in the app?

Let me know your thoughts and comments

Posted by: Pradeep on October 14, 2007 10:05 PM | permalink

No more comments! Either someone has violated Godwin's Law, I'm tired of the discussion or, most likely, the ten-week window has closed. You can, however, contact me through email.