Even though I do agree that the total recording of sessions is not nice, such tools can be extremely important during early stage testing with your web app's UX. Especially for solo founders who don't have colleagues to tell them that they can't figure out how to use your app :)
Nice way would be to do some recording for a week or so. Get any sessions that obviously were quite long and the user didn't achieve anything. Go through them and try improving UX so the user won't get stuck there the next time.
Looks really cool, but I find myself thinking about the privacy implications of using this, especially by default. Even if the user gives consent, it still implies recording every single mouse movement and keystroke on the site.
Has this been normalised? Is this the new default?
Food for thought.
This is so awesome that you made this open source. There's a bunch of companies that basically use this tech and making lots of $$. We're actually working on a user testing service and currently using a chrome extension to record video:
May consider switching and using your library!
Thanks for sharing this :)
I played with the examples and I am extremely impressed. I couldn't tell at all that I was being recorded; I figured the examples would just be videos of people interacting with those pages. The speed-up feature is very neat too.
Very good work. I am actually a little surprised something like this is open source.
You should offer a commercial and open source version. The commercial service could provide a few extra features at a modest price point, but support development of the open source platform. Perhaps it could pay your bills and be a cheaper alternative to the existing expensive commercial offerings. I could see you taking a big bite out of their market if you keep it up.
really nice!
Few years ago, I created something very similar when working for validately.com - user testing company. The solution was tailored for our needs and was quite unique and rather sophisticated.
Below few main points:
- automatic injection of recording script by proxing original site / app via our domain (optionally user's could have inject the script by themselves)
- using iframe to serve the recorded page in order to preserve context and allow to display content on top of the page
- audio recording
- broadcasting in real-time
- storing all assets from a recording (images / stylesheets) to make playing back independent from original urls
Not everything was perfect and there were always something to improve. Some sites did not work at all due to technical limitations. But the technology was good enough so the company could grow and transit to webrtc based solution.
I am very grateful for this rare opportunity as the project taught me insane amount of useful stuff. Would love to work on something similar again.
Regarding security & privacy of products like these, I think it would be interesting to not capture any data not included within the app's codebase by default, instead of relying on any kind of redaction steps.
For example,
A table and interacting with a table, the cells would just be filler elements. Form field data just wouldn't be captured, contents unique to any record on a page would be filled with sample data.
That way you get to see how someone interacts with a page, but not any context/personal information.
I think relying on sensible defaults or redacting data is a lost cause and puts the trust/responsibility in the wrong hands. Some companies may care about redaction while others don't prioritize it.
How does this compare against something like Full Story?
Very cool. So much better than loading youtube videos. Would be great if there is a way to annotate parts of it. Apologies if it is a feature creep :(
This is similar to Heap's Identify [1]. Main difference is Heap focuses on metrics while this looks to be for debugging and UX. Any plans for a heatmap feature built-in or third party?
This looks awesome! Does anyone have recommendations for a tool that can do this but also let me save the video? Preferably, below 100MB per 5sec recording...
I mean, come on, how smooth is this library?
will this work with MVC frameworks like Angularjs, Vue and ReactJS?
I checked the DOM of a angularjs app and when I enter something in the input field, its not appearing in the DOM at all.
Very nice project. May I suggest to add "Chinese version" (in english) to the link Chinese in the Readme?
Interesting, seems like the core tech of smartlook / hotjar
This is NOT Open Source in a way you think it is yet, because the repo doesn't have a LICENSE attached to it, so the owner own every right and you are not allowed to sell it or do whatever you want with it.
neat. include that blog link in the readme
Great work yz-yu. Hope you've learned a lot- I've personally found the session replay space to be incredibly rewarding.
However, as a session replay industry competitor and a former security researcher for most industry players, I caution anyone thinking of using a side-project like this on production applications to proceed slowly with care.
Security and Privacy are extremely hard to get right here. The tricky thing about session replay analytics is that attackers have a huge attack vector, and compromise means gaining a treasure trove of all user data. The nature of replay is in a way a form of XSS. Modern security features help (like CSPs, iframe Sandbox attribute) but browser changes can cause issues.
Some of the challenges: - CSPs can often be bypassed using Google API libraries, <Object/>, <SVG> - Blacklisting <SCRIPT/> tags can often be bypassed with an XML namespace - CSS based data or password exfiltration. - Clickjacking, "data:" urls etc. - Could you imagine a web request proxy server deploying Service Workers? - postMsg() from further nested frames
Substantial work goes into sandboxing replay environments and limiting PII. Defense in depth is particularly important here. Enterprise level research, auditing, monitoring and care should be taken seriously.
This is not working on replaying opening select elements.
Cool, I'll put that on my website!
Hi, hackers, the author here.
Since I've seen some people are talking about the open source idea and comparing rrweb to some commercial products, I'd like to share a blog post about the vision of rrweb.
http://www.myriptide.com/rrweb-introduction/
Also, you will know about how rrweb works in this post.