Websites recording Keystrokes

First of All if this is the wrong section, then please relocate:

My question is about websites that record every keystroke you make, such as banks/ online stores/ gambling sites/ ... and so forth!

It came to my attention that a particular website I use could/ has/ does record it's customers every keystroke, as such they have told me who, what, where, when, I was last on their site, what time I entered a certan transaction, and for how much. I'm wondering if I can block them from seeing these Keystrokes, ( If, If in fact they actually can see them,) so that they are only known to me, an no one else? is there such a program that can do this

 

I'm as usual a bit confused and concerned.

When you key in a password to a site they must be able to match that data with your "account". So yes the bank logs when, the amount of the transaction etc so they can execute your instructions.

The site dealing with $ must/should be https... secured via encryption when packet sent.

None of the above is recording keystrokes. Data they need yes.

If keystokes are being logged illegaly on your setup that activity would be via a trojan etc executing right on your system.

I use a product called Keyscrambler and enter account numbers and passwords via copy/paste, not perfect but with all the other security layers most of us have that should do it.

I must be missing something here in the translation.

 

It is hard to tell from the OPs message whether the website in question is *really* receiving every keystroke or whether it is just thought to be by the OP and/or a support person for that website. I'd closely examine the source and possibly run a capture. However, on the subject of capturing keystrokes...

There is an important distinction between sending entered information on the fly... something websites can do, for example "search as you type"... and only sending the final sequence of characters that a user is happy with and explicitly submits. An example would be if someone started entering information for a different site they use, or accidentally pastes the wrong thing into a form input. They wouldn't want that information sent to the website until they've had a chance to correct it.

I doubt there is a way to reliably prevent a website from serving pages with scripts/flash/whatever that successfully captures typing/pasting on the fly. You could try to block related events, but even if there is support for that, you'd have to block vanilla events so that their handlers don't poll.

 

From what the OP said, I see no reason to suspect keylogging. Weblogs record IP address, pages accessed, and browser string. Cookies and other local storage record user preferences and history. Websites can obviously log everything that you send them. They certainly log transactions.

 

How can this mean they're logging every keystroke? They might be logging your transactions with the service they're providing to you, and in the case of banks, online stores and such, all information flowing between you and their server is encrypted with a unique key and only after your browser has verified the server's certificate is authentic. As long as no one in between knows what you're sending/receiving, that's all that should really matter.

 

I wonder if they can record keystrokes that happen in other browser tabs.

I didn't know about Keyscrambler. It looks like it only works with Windows. Do you know of any equivalents for Debian Linux?

 

this is a feature built into wsa on https sites it prevents the keylogging fom taking place..

 

No I don't. Try doing a google search and you might hit something.

Here is the KS link for those interested

http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm