Automated testing of systems in production does not always catch real-world issues that users encounter. While tests can validate expected functionality, they often fail to account for unpredictable user behavior and edge cases that only emerge in live environments. This is where RUM (Real-time User Monitoring) comes in. It captures real-time data on how users interact with a website or service to provide friction points to make systems optimize well.

But there’s a delicate balance between optimization and privacy. When tracking interactions, RUM tools can accidentally collect sensitive information from login credentials, personal messages, or credit card credentials, which can pose significant security and compliance risks. 

That’s where privacy-first observability platforms like Kloudfuse shine. In this article, we’ll explore how RUM redaction and masking techniques help optimize but not compromise on security.

What is Real User Monitoring (RUM)

A major frustration for users is experiencing slow-loading websites, unresponsive buttons, and unexpected form submission failures. With so many alternatives available online, users drift away from your service, causing an immediate customer churn. 

RUM functions as a performance monitoring tool that gathers comprehensive information about user interactions with applications. The system records page load durations and tracks the series of user interactions known as a user session or click path. These help detect anomalies and malfunctions in the applications.

How RUM Works

RUM operates by embedding monitoring code within an application. In web applications, JavaScript snippets track key events such as page loads, navigation changes, and background requests (XHR or Fetch API calls). Monitoring libraries are integrated directly into the application package for mobile apps, capturing session data and streaming it to a centralized data store for analysis.

RUM tools may capture PII or sensitive business information when proper safeguards are absent, which creates security threats and legal problems. Incorrect settings might also lead to improper storage of login data, credit card information, or private messages.

Privacy-first RUM solutions address these risks by using redaction and masking techniques. These techniques enable the collection of necessary performance data while protecting sensitive user information. Subsequent sections will demonstrate how these techniques achieve the appropriate balance between observability and security.

Privacy Risks in RUM

Real-time monitoring is valuable as it provides hints on optimizations. As discussed above, it’s more real user-related instead of synthetic monitoring. RUM can see live data and metrics related to various aspects, such as network activity and system performance. This can expose sensitive data such as:

• Sensitive Information in Action Names: If button labels like View Balance or Transfer Funds are logged without masking, they may reveal sensitive information.
  
  

• Personally identifiable information (PII) in URLs: URLs containing customer IDs or transaction references could be exposed in RUM event logs.
  
  

• Session recordings capturing sensitive data: Screen recordings may include displayed balances, transaction histories, or even keystrokes entered into forms.

These exposures invite regulatory scrutiny, legal penalties, and lasting damage to customer trust. Organizations handling user data must comply with strict regulations like GDPR, CPRA, and CDPA. 

Take Meta, for example. A failure to establish proper data transfer safeguards led to a staggering €1.2 billion GDPR fine. Equifax’s data breach cost them 700 million. This wasn’t just in fines but also in lost customer confidence. Didi Global faced a penalty of .2 billion for collecting personal data without consent. 

Customers expect their data to be handled responsibly. Any lapse can push them toward competitors, whether through a breach or unauthorized data collection. Businesses that prioritize compliance, implement strong encryption, and use privacy-first monitoring solutions can avoid these pitfalls. Protecting sensitive data safeguards both their reputation and bottom line.

Enhancing Privacy in RUM with Kloudfuse

Kloudfuse integrates built-in redaction and masking capabilities to ensure privacy and compliance. 

Redaction permanently removes sensitive data, ensuring it cannot be retrieved. On the other hand, Masking replaces the original information with placeholder data, making it available for controlled use. Both techniques are crucial in protecting user privacy and complying with data regulations.

Configuring Privacy in RUM 

Personal identifiable information (PII) can appear in RUM data in two ways: as event attributes (like action names or URLs) and in session recordings. Kloudfuse provides flexible options to handle both cases.

RUM Action Names

PII can be masked by enabling enablePrivacyForActionName. When set to true, action names default to "Masked Element" unless explicitly labeled with a data-dd-action-name attribute.

Kloudfuse allows developers to modify or filter events to further protect event attributes before they leave the browser. The beforeSend hook can be used to sanitize URLs or remove sensitive data before transmission.

Here, removePIIFromURL is a custom function designed to strip out personal data before sending the event. Returning true ensures the modified event is sent, while returning false drops the event entirely.

Redaction in Session Replay 

Session recordings can capture sensitive information visually. To prevent this, Kloudfuse supports HTML annotation-based redaction using RRWeb classes. Developers can annotate elements with .rr-mask to blur them, .rr-ignore to exclude them from capture, or .rr-block to completely remove them from the session replay. Let’s look at an example of an e-commerce checkout app for demonstration.

How RUM Redaction & Masking Works

In this example, we use an e-commerce checkout app to demonstrate how Kloudfuse Real User Monitoring (RUM) can be configured to redact and mask personally identifiable information (PII) such as credit card details, addresses, and other sensitive data. Here’s how the E-commerce checkout app looks like:

Demo Application for E-Commerce Checkout

Setting Up Redaction and Masking in Kloudfuse

Here, we will look at the following steps to build RUM with data privacy and security in mind.

Note: The complete code is available on Github. 

Initializing Kloudfuse RUM SDK

To begin tracking user interactions while ensuring privacy, we initialize Kloudfuse RUM SDK in the checkout application:

Redacting Sensitive Data

Action names on buttons describe user actions, like Submit or Login. However, dynamically generated labels may include PII, such as names or identifiers: Send Money to John Doe. This can expose sensitive data if displayed improperly.

RUM action names come from the DOM, like labels. To control them, set enablePrivacyForActionName to true in the RUM SDK, masking names unless a data-dd-action-name attribute is present. Here’s an example for it:

Here’s the result:

The action name is masked as "Click on Card Details," without exposing the credit card number.

Using beforeSend, we intercept and sanitize any data before it's sent to Kloudfuse. This ensures that:

• URLs do not contain PII (e.g., removing query parameters that could reveal personal details).

• Resource URLs are cleaned up before being logged.

• Any data fields containing credit card numbers, addresses, or emails are masked.

We can provide the beforeSend key inside the Kloudfuse configs to sanitize the data.

For additional security, form fields in the UI use RRWeb privacy classes like rr-mask to prevent sensitive data from being captured in session recordings.

Here’s the session recording that shows that the sensitive information is masked by Kloudfuse.

Session Recording for the Checkout Application

Ensuring Performance Insights Remain Intact

Despite masking sensitive data, performance analytics remain fully operational. Kloudfuse RUM still provides:

• Page Load Metrics: How quickly the checkout page loads.

• User Interaction Data: Tracking checkout flow events like form submissions.

Why Privacy-First Observability Matters

Data is everywhere: flowing through apps, stored in databases, and in the case of our article, emitted to RUM. But with all this data moving around, who’s keeping track of what’s private and what’s not? That’s where Privacy-first Observability platforms like Kloudfuse come in. 

Privacy laws are changing fast, and they’re not getting any easier. GDPR, CPRA, CDPA, you name it. If your company handles personal data, you need to stay ahead, or you risk fines and bad press.

Why It Matters

1. Trust & Transparency: People stay when you care about their data. They'll go elsewhere if they don’t trust you to protect it. 

2. Stay Compliant, Stay Safe: Avoid legal nightmares by catching privacy issues before they turn into fines. 

3. Protect Your Business: Data leaks cost money, reputation, and customers. Good privacy practices keep you ahead of the game.

Privacy-first Observability can help you stay in control. With Kloudfuse’s real user monitoring, you can prevent breaches, avoid fines, and build trust without slowing down your business. 

Conclusion

Balancing real user monitoring (RUM) with privacy safeguards is essential for maintaining user trust. Kloudfuse makes this easier with built-in redaction and masking, ensuring you get the insights you need without exposing sensitive data. 

It’s the best of both worlds: deep observability without privacy trade-offs. Ready to take control of your monitoring while keeping user data safe? Explore Kloudfuse’s documentation and implement privacy-first observability today.