Keystrokes occur when a site visitor types data into a field on a page. There has been some debate around the risks of capturing keystroke data for the purpose of session replay recordings. Rather than debate the details and level of risk, we feel some valid concerns have been brought forward and we welcome this as an opportunity for improvement.
Firstly, as of Tuesday the 28th November 2017, Hotjar recordings of sessions that originally loaded over HTTPS (an encrypted and secure web protocol) are now replayed within Hotjar over HTTPS.
Secondly, on the 12th of December we will also be making several changes to the way keystroke data can be collected and displayed in recordings:
- As a means to safeguarding your user data we will no longer automatically collect keystroke data from fields in recordings. If you have a specific need to visualize the actual characters being typed within a field, you will be required to proactively ‘allow’ these fields by adding an attribute in your site’s HTML code.
NOTE: Since this change will affect all sites currently using Hotjar you will be required to add these attributes ahead of the 12th of December if you want to avoid the interruption of data collection.
- As a fail safe precaution, we will restrict keystroke data collection on certain field types even if they are allowed. While Hotjar already has restrictions in place for password and credit card number fields, we are extending this to include more field types. Hotjar will also detect any potentially sensitive data entered into allowed fields and suppress that data (characters are shown with asterisks ‘*’ instead). We’ve included more details on this specific change in our documentation.
- For all new sites set up in Hotjar we will be changing the default setting for recordings so that keystroke data will not be recorded. The new default will suppress all keystroke data within the visitor’s browser so that none of this data is sent to Hotjar. Instead in Hotjar recordings you will see characters replaced with asterisks ‘*’. By changing this default setting we eliminate the risk of this data being collected in error and when it’s not really required.
- Only users with admin access to the site’s organization in Hotjar will be able to enable the capturing of keystroke data. This change allows organizations to limit the decision to collect keystroke data to specific individuals.
All the changes listed above are designed with your users’ privacy in mind. They will reduce the risk of potentially collecting and replaying personal user input data.