» ISP News » 

UK ISP Sky Broadband Says No Need to Fear SessionCam Snooping

Thursday, August 22nd, 2013 (7:09 am) - Score 5,943

Sky Broadband has moved to reassure people after some of their customers noticed that the third-party SessionCam service appeared to be monitoring private activity upon sensitive parts of the ISPs online account management (My Sky) pages, such as the page for entering payment details.

The chances are good that you won’t be familiar with SessionCam. It’s essentially a powerful visitor tracking tool that allows websites to forensically monitor the activity of their readers, such as by recording key presses, mouse movements, mouse clicks, mobile gestures, scrolling and it can even replay the activity as a video.

On the one hand such tools are excellent for improving customer service and identifying problems with how a website functions, so it would make sense for an ISP to be using it. But at the same time you wouldn’t normally expect such services to be found tracking activity on payment detail pages or other similarly sensitive sections.

But this is the reason why one of ISPreview.co.uk’s readers raised their concerns with us and sure enough, after a little checking of our own, we found that JavaScript code for SessionCam.com’s Client Integration v4.0 was indeed being used on the members-only My Sky pages and their “Make a payment” page.. among others.

A quick look through Sky’s privacy policy revealed that the closest reference to SessionCam’s capabilities appeared to be this somewhat vague extract from under the ‘Analytics’ (Cookies) section: “It’s also very useful to be able to identify trends of how people navigate (find their way through) our sites“.

Naturally we queried this with Sky Broadband as well as BT, TalkTalk and Virgin Media. A spokesperson for Virgin quickly confirmed that “we don’t use this type of technology“, while BT added that it did use a similar solution called ClickTale to “understand detailed user journeys and behaviours on BT.com” but that this isn’t employed on sensitive pages. Meanwhile TalkTalk has so far been unable to clarify whether or not they use anything similar.

A BT Consumer Spokesperson told ISPreview.co.uk:

BT Consumer currently uses a tool called ClickTale to understand detailed user journeys and behaviours on BT.com. This tool is only used on pre-sales shopping pages and not on any ordering pages or personal customer areas, such as MyBT or account management, where personal details, billing and payment information are held.”

So should you be worried about SessionCam? Sky says no. Sky Broadband confirmed that the tool was being used, including on payment pages, but that this was only intended to help the team at Sky improve the “digital customer experience“. Apparently it doesn’t record any sensitive data entered on their payment pages or any other pages within Sky’s website or share what it does collect with SessionCam.com itself.

Sadly Sky didn’t clarify precisely what aspects of SessionCam they actually use and would only say that it was used as a tool to alert them about any possible “technical issues” that might arise across their website. ISPreview.co.uk understands that individual fields, those that may contain sensitive data (names etc.), are only recorded as a series of asterisks (this allows an ISP to pick-up usability issues without seeing the data details).

Sky does conduct their own internal security audits, which are described as being “extremely robust“, and apparently the ISP has worked with SessionCam to ensure 100% compliance with their standards. Any data that does get stored by SessionCam is transferred to a secure environment using SSL encryption and secured / protected using numerous levels of control at an application, data and infrastructure level.

Never the less we suspect that some people might still be unhappy with the use of SessionCam on such pages and if so then some web browsers and browser plugins will allow you block it from loading.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
11 Responses
  1. Avatar timeless says:

    for firefox l suggest using noscript, this was how l found out sessioncam was being used on the billing pages.

  2. Avatar Sledgehammer says:

    Thanks for this very useful piece of info. Maye it shoud be posted on sky?

  3. Avatar dragoneast says:

    Is there a website that doesn’t engage in some form of tracking/data collection? Nature of the beast.

    What always surprises me more is just how antiquated a lot of the back office systems are. I suppose that IT types like what they’re used to. Marketing rules OK.

  4. Avatar Kyle says:

    Ah, so that’s the software employed by sites that pop-up with ‘offers’ as you head for the ‘X’ at the top of the window… interesting.

    If this software can record the screen, how on earth would it not be recording sensitive data? Sky again…

  5. Avatar dragoneast says:

    We don’t like to pay (the full price, or at all) for anything, so how do we think the suppliers make their money except through marketing commissions? No-one’s in this game for the good of their soul.

  6. Avatar Captain Cretin says:

    +1 for NoScript.

    All sorts of strange companies trying to track us, one webpage I visited yesterday lists nearly 20 unnecessary Java scripts trying to run!!!

    1. Avatar timeless says:

      thats nothing, lve had a browser on one of my friends systems (firefox with noscript) crash the page was linking to over 200 different pages.. then again it was a page riddled with viruses. was the reason l was over there lol.

  7. Avatar NameStar says:

    Ghostery for the win, currently blocking 1607 tracking things, cookies, widgets, 1×1 dots etc.

    I don’t mind static ads, but if adverts get removed due to tracking then that’s not my problem.

  8. Avatar Fighta says:

    Er – Sky are also *serving* you the ‘sensitive’ page, so seems a bit silly to worry about the fact they’re tracking it too.

    Why would they even be collecting your sensitive data in that way? They’re not interested in your credit card, they want to aggregate all customer behaviour on the site to see at which page people leave the process, etc.

    Way too much paranoia here.

  9. Avatar monkshood says:

    Sessioncam records online sessions for full replay in the future. The HTML request response is captured and sent to amazon web services in the cloud (not to Skys secure data centre although privacy rules to drop certain data maybe applied I guess). So your online session can be replayed in the future as if they were looking over your shoulder at the time you visited the web site. Bit like recording your phone calls. Sessioncam requires a line of javascript to be put on each page. So if you disable javascript via your browser options you will protect your privacy.

  10. Heya i will be to the main time frame the following. I came across this specific board and that i to locate It genuinely beneficial & the item helped me to out and about a whole lot. I am hoping to supply one important thing returning as well as support other individuals like you helped me.

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £22.00
    Speed 50Mbps, Unlimited
    Gift: Promo Code: HYPER21
  • Plusnet £22.50 (*36.52)
    Speed 36Mbps, Unlimited
    Gift: £60 Reward Card
  • Onestream £22.50 (*27.99)
    Speed 45Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Speed 66Mbps, Unlimited
    Gift: None
  • Vodafone £22.95
    Speed 35Mbps, Unlimited
    Gift: None
Large Availability | View All
Cheapest Ultrafast ISPs
  • Vodafone £26.00
    Speed: 100Mbps, Unlimited
    Gift: None
  • Virgin Media £27.99 (*51.00)
    Speed: 108Mbps, Unlimited
    Gift: None
  • Hyperoptic £29.00 (*35.00)
    Speed: 150Mbps, Unlimited
    Gift: Promo Code: HYPER21
  • TalkTalk £32.00 (*39.95)
    Speed: 145Mbps, Unlimited
    Gift: None
  • Giganet £35.00
    Speed: 200Mbps, Unlimited
    Gift: None
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (3050)
  2. BT (2886)
  3. FTTC (1835)
  4. Building Digital UK (1815)
  5. Politics (1777)
  6. Openreach (1710)
  7. Business (1544)
  8. FTTH (1351)
  9. Mobile Broadband (1345)
  10. Statistics (1321)
  11. 4G (1158)
  12. Fibre Optic (1109)
  13. Wireless Internet (1081)
  14. Virgin Media (1072)
  15. Ofcom Regulation (1069)
  16. EE (767)
  17. Vodafone (747)
  18. TalkTalk (717)
  19. Sky Broadband (704)
  20. 5G (630)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact