Session replay scripts are still a massive privacy and security problem

Session replay sounds harmless when it is pitched as a UX debugging tool. In practice, it can become a detailed recording layer for what people do on a page: where they pause, what they type, how they scroll, which fields they focus, and how they move through a flow. That is already sensitive. Pair it with analytics, identity stitching, and behavioral scoring, and the risk gets much larger than “we wanted better product insight.”

Security researchers have been warning about this category for years. Princeton’s web tracking work found third-party trackers embedded across a huge share of the web, and separate research has shown how replay tooling can capture far more interaction detail than users expect. The real issue is not only that a script records behavior. It is that the recording can sit inside a larger stack of inference, retention, and sharing.

At checkout, the danger is sharper. A replay script placed near payment, shipping, account, or identity flows can observe a highly valuable moment in the user journey. Even when teams intend to mask fields, mistakes happen, implementations drift, and surrounding metadata still reveals a lot. The more aggressive the analytics culture, the more pressure there is to keep collecting “just enough” detail until the boundary between debugging and surveillance becomes meaningless.

Replay also matters because it changes what kind of product environment the user is actually in. A page with replay, fingerprinting, and high-pressure conversion tooling is not just a store. It is an observation surface. That is exactly the kind of thing a privacy defense layer should make visible. If a session is being recorded at high fidelity, the user deserves to know that before assuming the page is simply helping them buy something.

That is why Cloak should keep treating session replay as a major signal, not a footnote. Blocking or exposing replay scripts protects more than one request. It protects the user from having an intimate decision moment turned into raw material for analytics, profiling, and downstream behavioral scoring.