sha2nk | 7 years ago | on: RecapJS: Browser session record/replay without leaking user data
sha2nk's comments
sha2nk | 7 years ago | on: RecapJS: Browser session record/replay without leaking user data
The pixelation is just a visual effect. When redaction is on, the text content/images etc are not captured at all. During replay/playback the place where the original content was is filled with randomly generated data whixh is then pixelated.
sha2nk | 7 years ago | on: RecapJS: Browser session record/replay without leaking user data
The actual amount in bytes will vary with the complexity of the app, the amount of activity in the session and the length of history the recorder is configured to store.
Typically this will be a few MBs for the default 10 minutes of history.
sha2nk | 7 years ago | on: RecapJS: Browser session record/replay without leaking user data
In the case of offline recording the data is stored in indexedDB. Localstorage limits are typically too small to store a reasonably sized session recording.
sha2nk | 7 years ago | on: RecapJS: Browser session record/replay without leaking user data
Thanks for pointing it out. We are indeed using wevcrypto to encrypt the data generated during the recording. This usecase, however, we’d argue is quite well suite for webcrypto.
The typical critique (including the one you linked to) referring to the presence of scripts from multiple untrusted soutces doesn’t quite apply in this case because the encryption used isn’t really meant to protect against such scripts. Any script active on the page already has access to all the information RecapJS is gathering (and eventually encrypting) so there is no need for RecapJS to worry about them.
The only time RecapJs handles sensitive data that needs to br protected from third party access is during replay/playback. In this case the threat is mitigated by either hosting the player (which is a static web application) in a closed off network in the case of offline replay or by loading an audited piece of js in case of remote full session storage.
sha2nk | 7 years ago | on: RecapJS: Browser session record/replay without leaking user data
Thanks for sharing this. We had posted this as a “Show HN” a couple of weeks ago but it didn’t get a lot of traction there. Happy to answer any questions!
sha2nk | 7 years ago | on: Show HN: RecapJS – Record and Replay Browser Sessions Without Leaking User Data
Thanks for your thoughtful comments!
Regarding blurring: It’s just a visual layer on top. The actual content that is underneath the blurring layer is just some randomly generated data. If you are familiar with chrome debugger you can check it out for yourself. The actual data is never recorded when blurring is on.
Regarding console logging: It’s already supported! There is a panel on top right of the replayer UI that opens a panel at the bottom. This will show you a record of console logs as well as network logs. We’ll work on making it more discoverable.
Sorry that you are facing errors. Please send an email to [email protected] and we can sort it out for you.
page 1
We are exploring other options with the right balance between minimizing information leak and usability.