What data is uploaded to the servers?

  • 1
  • Question
  • Updated 1 year ago
I was wondering exactly what data is uploaded to the servers for profiling? For work, I often need to view sites that have confidential/sensitive data on them and having that go across the wire into someone else's control would not bode well.

I see it captures URL paths on the page, which is cause for concern, but does it go further and send any other HTML elements?

Thanks
Photo of Excited

Excited

  • 2 Posts
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Annelise

Annelise, Official Rep

  • 250 Posts
  • 13 Reply Likes
Hello Excited,

Thank you for your post and your question! Covenant Eyes focuses mainly on reporting URLs including advertisement links or background URLs assisting a webpage to run. However, on HTTPS pages our reporting is fairly limited for two reasons:
1) HTTPS prohibits us from seeing much of the content on the page
2) We don't want to see our user's secure information so we do not pursue improved monitoring of HTTPS sites for the safety of our members. 

We have a great support article that best explains how we monitor HTTPS that I think will help clear up the questions that you have. Feel free to read it at your earliest convenience: http://www.covenanteyes.com/support-articles/does-covenant-eyes-monitor-secure-https-sites/

If you have any further questions feel free to contact our Customer Service at 877.479.1119.

Best regards,
Annelise
Photo of Excited

Excited

  • 2 Posts
  • 0 Reply Likes
Thank you, Annelise.

The article left me with a few more questions. Does CE choose not to monitor an HTTPS site (e.g. the page's content is stored on CE servers and CE does not parse it) or can it truly not see the content (e.g. the URL is what is sent to CE servers and CE attempts to access the URL itself).

My concern comes into play on quite a few scenarios, but the most comprehensive is this:

We have a site publicly available over HTTPS (multi-factor authenticated), so I know it wouldn't be accesible from CE servers. However, it populates most of the data on the page through calls through a RESTFUL API, returning data in JSON. Is it the case that:

  1. Only the page's URL is sent to CE
  2. The page's URL and the data call URLs are sent to CE
  3. The Page's URL, the data calls, and the JSON are sent to CE
  4. Other?

Thank you in advance for helping me determine if CE is something I can leverage.