Linked by Thom Holwerda on Thu 4th Jul 2013 12:33 UTC, submitted by twitterfire
In the News "Internet users worried about their personal information being intercepted by U.S. intelligence agencies should stop using websites that send data to the United States, Germany's top security official said Wednesday." Cute, but pointless. France does it too, as does the UK. Documents from the Dutch intelligence agencies indicate that they, too, are involved in mass surveillance, the extent of which will supposedly be investigated by parliament.
Thread beginning with comment 566394
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Good luck with that....
by Alfman on Fri 5th Jul 2013 16:27 UTC in reply to "RE[2]: Good luck with that...."
Alfman
Member since:
2011-01-28

BushLin,

That's a good point about the 3rd party referred by HTTP header, I kind of wish it were a standard browser option. But all of the browsers have strong corporate advertising ties, so it's unlikely these things will ever get cleaned up without 3rd party plugins.


I'm rather disappointed with the way the industry has converged around 3rd party javascripts. Here we're talking about privacy, but an even larger concern to me as a web developer is security. Many clients are running 3rd party javascripts in their websites, but unfortunately there's no way to isolate the 3rd party code from the rest of the website. This gives 3rd parties the technical capability to hijack sessions, hook in keyloggers, covertly inject links, etc. It's an all/nothing trust relationship which is very bad for security.

One client hired an SEO company (orange-soda), who had me install their 3rd party script. Low and behold hackers managed to exploit this 3rd party script on our site. We immediately removed their code, but I still consider 3rd party javascript code inherently insecure.

Edited 2013-07-05 16:35 UTC

Reply Parent Score: 3