Linked by Thom Holwerda on Thu 4th Jul 2013 12:33 UTC, submitted by twitterfire
In the News "Internet users worried about their personal information being intercepted by U.S. intelligence agencies should stop using websites that send data to the United States, Germany's top security official said Wednesday." Cute, but pointless. France does it too, as does the UK. Documents from the Dutch intelligence agencies indicate that they, too, are involved in mass surveillance, the extent of which will supposedly be investigated by parliament.
Thread beginning with comment 566325
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Good luck with that....
by BushLin on Fri 5th Jul 2013 08:36 UTC in reply to "RE: Good luck with that...."
BushLin
Member since:
2011-01-26

FYI Ghotery does nothing to stop Google getting referrers though ajax.googleapis.com and in fact their support staff are either rude or brush off this as a threat (it has been brought up many times on their forums).
e.g.
https://getsatisfaction.com/ghostery/topics/sites_using_js_files_hos...
https://getsatisfaction.com/ghostery/topics/http_ajax_googleapis_com...

If you do care about this then use something like RefControl for Firefox and tell it to block 3rd party referrers by default.

Reply Parent Score: 3

Alfman Member since:
2011-01-28

BushLin,

That's a good point about the 3rd party referred by HTTP header, I kind of wish it were a standard browser option. But all of the browsers have strong corporate advertising ties, so it's unlikely these things will ever get cleaned up without 3rd party plugins.


I'm rather disappointed with the way the industry has converged around 3rd party javascripts. Here we're talking about privacy, but an even larger concern to me as a web developer is security. Many clients are running 3rd party javascripts in their websites, but unfortunately there's no way to isolate the 3rd party code from the rest of the website. This gives 3rd parties the technical capability to hijack sessions, hook in keyloggers, covertly inject links, etc. It's an all/nothing trust relationship which is very bad for security.

One client hired an SEO company (orange-soda), who had me install their 3rd party script. Low and behold hackers managed to exploit this 3rd party script on our site. We immediately removed their code, but I still consider 3rd party javascript code inherently insecure.

Edited 2013-07-05 16:35 UTC

Reply Parent Score: 3