Session Replay 指的是重播將使用者的行為錄下來重播，市面上有很多這樣的服務，像是 User Replay 或是 SessionCam。
這篇文章就是在討論這些服務在處理個資時的方式，像是信用卡卡號的內容，或是密碼的內容，這些不應該被記錄下來的資料是怎麼被處理的：「No boundaries: Exfiltration of personal data by session-replay scripts」，主要的重點在這張圖：
後面有提到目前防禦的情況，看起來目前用 adblock 類的軟體可以擋掉一些服務，但不是全部的都在列表裡。而 DNT 則是裝飾品沒人鳥過：
Two commonly used ad-blocking lists EasyList and EasyPrivacy do not block FullStory, Smartlook, or UserReplay scripts. EasyPrivacy has filter rules that block Yandex, Hotjar, ClickTale and SessionCam.
At least one of the five companies we studied (UserReplay) allows publishers to disable data collection from users who have Do Not Track (DNT) set in their browsers. We scanned the configuration settings of the Alexa top 1 million publishers using UserReplay on their homepages, and found that none of them chose to honor the DNT signal.
Improving user experience is a critical task for publishers. However it shouldn’t come at the expense of user privacy.