According to a study recently carried out at Princeton University, hundreds of websites record users’ every click, movement and scrolling behavior.

The websites include the likes of The Guardian, Reuters, Samsung, AlJazeera and WordPress.

The report sheds light on how detailed the tracking can be. Using techniques like “session replays,” the websites record keystrokes and movements a user makes while they navigate a page.

The study was focused on some of the big companies that offer session replay services like SessionCam, UserReplay, FullStory, Clicktale, Yandex, Smartlook, and Hotjar.

Why this is dangerous? Apart from invading users’ privacy, this behavior can record all the senitive and personal information a person puts in on a website. The report says that most of these services exclude password input fields from recordings, but mostly mobile-friendly forms end up revealing sensitive information, including passwords, credit card numbers or the credit card security codes.

The report says that, “All of the companies studied offer some mitigation through automated redaction, but the coverage offered varies greatly by provider. UserReplay and SessionCam replace all user input with an equivalent length masking text, while FullStory, Hotjar, and Smartlook exclude specific input fields by type.”

READ MORE | Google plans to ‘de-rank’ popular Russian sites