The team at Mixpanel has recently discovered that their analytics product had been collecting passwords for months before it was reported by one of their customers. This is unfortunate both for Mixpanel and for consumers, especially since several high profile customers including banks were potentially affected.
Privacy is tremendously important to us. While we track user activity on a website we have strict guidelines surrounding what data can be collected by us or sent to us. At UserSignals our position is to not collect user input from form fields and the Mixpanel incident effectively demonstrates why.
As vendors we need to take more responsibility for responsible data collection. We need to ask questions about how something might go wrong or be abused and make sure that we've thoroughly vetted an idea or approach before implementing it. This topic came up early at UserSignals when we asked whether there was value in knowing how which form fields a user had interacted with and someone immediately asked with great concern whether UserSignals would have access to the data being entered.
While knowing which form fields a user has interacted with and whether they have entered data is helpful in the context of user analytics, capturing exactly what they have entered isn't, especially since the customer website or app has direct access to user input and is better equipped to anticipate the type of data that will be entered and handle it appropriately internally.
The problem with third parties generically collecting form data from websites is that we don't know what data is being entered in a form field. It could be a name or address, with minimal risk. But it could also be something that we aren't set up to safely handle and do not want to store in our system like a password or SSN/ID.
As vendors we should all be cognizant of the inherent risks of broad data collection and make sure that we are implementing appropriate strategies to minimize the risk to end users whose data may be compromised through our missteps.