Mouse Tracking, Video Playback


The buzz in the office this morning was all mouse tracking. How wonderful it was to watch visitors in real-time searching the page, seeing where they clicked and how they tackled a web form. Heat-maps of clicks and scroll behaviour, insight into how intuitive a website is, natural or forced navigation, etc. but something didn’t sound right to me.

I Had a think about it, panicked and made sure it was removed from all test sites.

Basically this script logs keystrokes and mouse movements. There’s a name for that sort of application, it’s called a Trojan virus.

How long before Google’s Safe browsing tool, or my AVG one picks up on this and blocks sites which have the code?

We can’t say it’s harmless, imagine having a fake payments page with this code in. Nothing works when you submit the payment. You think nothing’s happened because it didn’t work, but in reality the details you’ve entered are recorded and can be played back and copied.



  1. Ryan on 29th March 2011 at 4:08 pm

    This is why we have you around mate 🙂 Always thinking out of the box and making sure we don’t do anything stupid

  2. Lawson Willett on 29th March 2011 at 4:25 pm

    Oh my god! thanks I have taken this off my site, it was really handy but virus! your right.

  3. Mouseflow on 29th March 2011 at 8:00 pm


    I’m writing on behalf of

    I’ve read this post with great interest. I understand your security concerns regarding our service, but I think that you’ve jumped to conclusions and that your examples are misleading. Please read my views here:

    First, let me ensure you that security is of paramount importance to us which is why we (and other similar tools in the industry) have these security and privacy features:

    – Passwords are never recorded
    – No personal or financial information is allowed to be recorded. All our users accept these terms.
    – We don’t use third-party cookies to no tracking across sites can take place.
    – Users can opt out of being tracked
    – Only a select number of employees have access to the securely stored data
    – Log files and recordings are deleted after 3 months.
    – Web site owners must notify their users in their terms of use that they are using Mouseflow to record visits.

    Let me also strongly object to the allegations that our service should be regarded as a trojan horse or a virus. Many well known services log data about the user and sends it to a third-party server, including Google’s own Analytics service. The fact that Mouseflow and many other mouse tracking services include mouse movements and key strokes in the log does not make them a trojan horse.

    The example given in your blog with the fake payment page is very misleading. Anyone can create a fake payment page, and you don’t need a mouse tracker to get the credit card information. This is known as phishing and has nothing to do with mouse trackers.

    I hope this has changed your view of our services and that this blog post doesn’t scare off users without cause. Mouse tracking with video playback is a great tool for website owners and a unique way of finding out how intuitive your website is and where it can be improved.

    Our services have been recommended by many blogs and websites, including

    Thanks for reading this,


  4. Foo Fighter on 30th March 2011 at 2:39 pm

    Yes; But…………

    By the time the user realises and visits the terms and conditions page he has already been recorded, and I think a user should be given the opportunity to opt in rather than opt out! I guarantee (as well as pop up blockers) there will most likely be an App for mouse flow blocking as well, and if that is the case surly at very basic level that will impact business, because I certainly would not use a site that is tracking my every move down to my mouse movements, that is…………….

    If I know about it.

    I am sure from a business point of view it has its advantages, but I think a business aught to bear consideration to the user and netcitizens like myself who enjoy browsing the internet without being recorded as well.

  5. andyro on 31st March 2011 at 2:20 pm

    I agree with Foo Fighter. I’m sure this is highly advantageous from a point of view of the business. However, I feel that tracking my every movement on any website is bordering on illegal activities. I fiercely object to mouse tracking of any kind. Yes I’m sure the terms and conditions page states that the user can opt out of this application. But, I never read a terms and conditions page at the beginning when visiting a site. First and foremost I browse through a website, checking its applications etc, and if I’m really interested I stay on and read the terms and conditions page. Now, from what you are stating, it seems like I will be tracked and I have no realization of it. Doesn’t this sound almost unfair to the user?

    Maybe you can create a small post directing the user to read the terms and conditions page first, which states that the user can opt out of mouse tracking. I think this way, users that visit a web page will appreciate the consideration given to them. Users are the glue that holds together any website. If users are opting out of a website because they are being tracked by mouse tracking, the website will be affected at its basic level. Now, the whole purpose of mouse tracking I feel from a business’s point of view is to track and ensure users are searching what will profit them. What will happen to the website when users become too insecure to visit a web page which is keeping track of their every movement? Well, the website will go down the drain. Therefore, I feel that some consideration must be given to the privacy of the user, and what they want to search on a website.

  6. Slayer on 1st April 2011 at 4:01 pm

    WOW, big brother on the Internet

    I have been using the Internet for about 30+ years, and over that time commercialism has taken hold of “at basic level” a virtual place of freedom, you can understand why governments and the police would want to monitor activities from a criminal perspective and would find this service “more than likely” invaluable, but to make it generally available to the public?

    There are also several online services like counters and analytics that monitor patterns for marketing this is usually in general but now if you somehow associate these analytics say: someone’s originating IP and follow that up with video footage of their actions within a site it is just another element and “getting closer” to identifying and singling out individuals with personnel identifiable information and this is illegal.

    I.e. say this system was on a blog, a child writes something like his/her address, the father later on comes along and deletes it, with this system it will not matter there will still be a record of the Childs input in video format, the father has spent money on getting software to tell him where his child is going in the internet this software contradicts that and captures information that should be deleted immediately “with no trace”.

    I do not think this should be something in the hands of common man, government and officials Maybe but not Joe Company on the high street.

    And not something that anyone can use, you hear of websites being hacked all the time and all this information in the wrong hands could be a recipe for disaster and it’s not the company that will suffer, it will be the individual.

    It does not matter how much you say the information is secure, if someone wants it bad enough they will get it, there have even been successful hacks on government institutions with multiple layers of encryption ANY Joe Blogs Website is not secure enough, the mere fact that this type of information is there or has the potential to exist is a BIG problem.

  7. Pc17589 on 2nd April 2011 at 7:40 am

    I agree too; mouse tracking is, with no doubts, a great idea and will certainly benefit the site owners. But morally, it doesn’t seem appropriate conduct from a visitor’s point of view and I believe the users experience should be the most important issue. I think everyone is entitled to their privacy and tracking each and every movement of a site visitor whilst browsing a site just doesn’t seem right at all.

    I also believe that tracking users without telling them beforehand is completely wrong. By stating it in the terms and conditions page that the user can opt out of it is hardly telling them up front, all it does is cover them against any legal action. And I agree with Andyro that stating this in just the terms and conditions page is not enough because how many times do you actually read the terms and conditions of any website, I rarely do unless I am making a purchase maybe.

    My feelings are that there should not be any tracking activities of any kind on any website in the first place because what I browse should be kept private, even our browsers have an option nowadays for browsing in private which keeps other users of the same computer from seeing what’s been looked at, so why would we want strangers to see? Secondly, if there is tracking, the users should have the right to be clearly warned about any such activities on the website and the warning should be posted in a position on the site where it is going to be seen so the visitor has the option of not continuing to be monitored. Just notifying them through terms and conditions is far from adequate.

    Maintaining a high moral ground is always beneficial for any kind of business. I know I would always prefer to use the services of an organization with decent morals which is more likely to make me have more trust in them and I am sure this would increase their business too.

Leave a Comment