Home » ISP News »

UK ISP Sky Broadband Says No Need to Fear SessionCam Snooping

Posted Thursday, August 22nd, 2013 (7:09 am) by Mark Jackson (Score 3,151)
spying on uk ISP internet traffic

Sky Broadband has moved to reassure people after some of their customers noticed that the third-party SessionCam service appeared to be monitoring private activity upon sensitive parts of the ISPs online account management (My Sky) pages, such as the page for entering payment details.

The chances are good that you won’t be familiar with SessionCam. It’s essentially a powerful visitor tracking tool that allows websites to forensically monitor the activity of their readers, such as by recording key presses, mouse movements, mouse clicks, mobile gestures, scrolling and it can even replay the activity as a video.

On the one hand such tools are excellent for improving customer service and identifying problems with how a website functions, so it would make sense for an ISP to be using it. But at the same time you wouldn’t normally expect such services to be found tracking activity on payment detail pages or other similarly sensitive sections.

But this is the reason why one of ISPreview.co.uk’s readers raised their concerns with us and sure enough, after a little checking of our own, we found that JavaScript code for SessionCam.com’s Client Integration v4.0 was indeed being used on the members-only My Sky pages and their “Make a payment” page.. among others.

A quick look through Sky’s privacy policy revealed that the closest reference to SessionCam’s capabilities appeared to be this somewhat vague extract from under the ‘Analytics’ (Cookies) section: “It’s also very useful to be able to identify trends of how people navigate (find their way through) our sites“.

Naturally we queried this with Sky Broadband as well as BT, TalkTalk and Virgin Media. A spokesperson for Virgin quickly confirmed that “we don’t use this type of technology“, while BT added that it did use a similar solution called ClickTale to “understand detailed user journeys and behaviours on BT.com” but that this isn’t employed on sensitive pages. Meanwhile TalkTalk has so far been unable to clarify whether or not they use anything similar.

A BT Consumer Spokesperson told ISPreview.co.uk:

BT Consumer currently uses a tool called ClickTale to understand detailed user journeys and behaviours on BT.com. This tool is only used on pre-sales shopping pages and not on any ordering pages or personal customer areas, such as MyBT or account management, where personal details, billing and payment information are held.”

So should you be worried about SessionCam? Sky says no. Sky Broadband confirmed that the tool was being used, including on payment pages, but that this was only intended to help the team at Sky improve the “digital customer experience“. Apparently it doesn’t record any sensitive data entered on their payment pages or any other pages within Sky’s website or share what it does collect with SessionCam.com itself.

Sadly Sky didn’t clarify precisely what aspects of SessionCam they actually use and would only say that it was used as a tool to alert them about any possible “technical issues” that might arise across their website. ISPreview.co.uk understands that individual fields, those that may contain sensitive data (names etc.), are only recorded as a series of asterisks (this allows an ISP to pick-up usability issues without seeing the data details).

Sky does conduct their own internal security audits, which are described as being “extremely robust“, and apparently the ISP has worked with SessionCam to ensure 100% compliance with their standards. Any data that does get stored by SessionCam is transferred to a secure environment using SSL encryption and secured / protected using numerous levels of control at an application, data and infrastructure level.

Never the less we suspect that some people might still be unhappy with the use of SessionCam on such pages and if so then some web browsers and browser plugins will allow you block it from loading.

Delicious
Add to Diigo
Add to Slashdot
Leave a Comment
11 Responses
  1. timeless

    for firefox l suggest using noscript, this was how l found out sessioncam was being used on the billing pages.

  2. Sledgehammer

    Thanks for this very useful piece of info. Maye it shoud be posted on sky?

  3. dragoneast

    Is there a website that doesn’t engage in some form of tracking/data collection? Nature of the beast.

    What always surprises me more is just how antiquated a lot of the back office systems are. I suppose that IT types like what they’re used to. Marketing rules OK.

  4. Kyle

    Ah, so that’s the software employed by sites that pop-up with ‘offers’ as you head for the ‘X’ at the top of the window… interesting.

    If this software can record the screen, how on earth would it not be recording sensitive data? Sky again…

  5. dragoneast

    We don’t like to pay (the full price, or at all) for anything, so how do we think the suppliers make their money except through marketing commissions? No-one’s in this game for the good of their soul.

  6. Captain Cretin

    +1 for NoScript.

    All sorts of strange companies trying to track us, one webpage I visited yesterday lists nearly 20 unnecessary Java scripts trying to run!!!

    • timeless

      thats nothing, lve had a browser on one of my friends systems (firefox with noscript) crash the page was linking to over 200 different pages.. then again it was a page riddled with viruses. was the reason l was over there lol.

  7. NameStar

    Ghostery for the win, currently blocking 1607 tracking things, cookies, widgets, 1×1 dots etc.

    I don’t mind static ads, but if adverts get removed due to tracking then that’s not my problem.

  8. Fighta

    Er – Sky are also *serving* you the ‘sensitive’ page, so seems a bit silly to worry about the fact they’re tracking it too.

    Why would they even be collecting your sensitive data in that way? They’re not interested in your credit card, they want to aggregate all customer behaviour on the site to see at which page people leave the process, etc.

    Way too much paranoia here.

  9. monkshood

    Sessioncam records online sessions for full replay in the future. The HTML request response is captured and sent to amazon web services in the cloud (not to Skys secure data centre although privacy rules to drop certain data maybe applied I guess). So your online session can be replayed in the future as if they were looking over your shoulder at the time you visited the web site. Bit like recording your phone calls. Sessioncam requires a line of javascript to be put on each page. So if you disable javascript via your browser options you will protect your privacy.

  10. Heya i will be to the main time frame the following. I came across this specific board and that i to locate It genuinely beneficial & the item helped me to out and about a whole lot. I am hoping to supply one important thing returning as well as support other individuals like you helped me.

IMPORTANT: Javascript must be enabled to post (most browsers do this automatically). On mobile devices you may need to load the page in 'Desktop' mode to comment.


Comments RSS Feed

* Your comment might NOT appear immediately (the site cache re-syncs periodically) *
* Comments that break site rules, SPAM, TROLL or post via fake IP/anon proxy servers may be blocked *
Promotion
Cheapest Superfast ISPs
  • BT £0.00 (*15.00)
    * Speed: 38Mbps - 20GB
    * Gift: £50 Sainsburys Voucher
  • Sky Broadband £0.00 (*20.00)
    * Speed: 38Mbps - Unlimited
    * Gift: None
  • PlusNet £3.75 (*14.99)
    * Speed: 38Mbps - Unlimited
    * Gift: None
  • TalkTalk £5.00 (*13.50)
    * Speed: 38Mbps - Unlimited
    * Gift: £100 Love2shop Voucher
  • Virgin Media £12.00 (*17.50)
    * Speed: 50Mbps - Unlimited (FUP)
    * Gift: None
Poll
* Javascript must be ON to vote *
The Top 20 Category Tags
New Forum Topics
Promotion

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy and Cookie Policy, Links (.), Website Rules)