Hacker News new | ask | show | jobs
by wang_li 2979 days ago
A more egregious way Google collects data on internet users is through their hosted libraries service. You visit some completely unaffiliated site which happens to use jquery or some other library and instead of hosting it themselves they have a script tag with a src=ajax.googleapis.com/...
2 comments
pgeorgi 2979 days ago
For that, see https://developers.google.com/speed/libraries/terms

That stuff is kept separate from all account data (like with Google DNS[0] and fonts[1], too): no common cookies, "unauthenticated" (ie. no cross-referencing with Google accounts), logs retain no referrers

[0] https://developers.google.com/speed/public-dns/privacy [1] https://developers.google.com/fonts/faq#what_does_using_the_...

link
ballenf 2979 days ago
I don't read it as stating that the data is kept entirely separate. In fact it references the general privacy policy making it quite clear that whatever data is collected is governed by the same rules as everything else.
link
gowld 2979 days ago
What data is collected?
link
tmalsburg2 2979 days ago
What's the meaning of the data being kept separate when these databases could be linked with minimal effort (e.g. via IP addresses), for examples at the request of law enforcement (US or other).
link
flukus 2979 days ago
They don't use this data currently. It's a hedge against the day when firefox and safari start including something like uBlock by default.
link
908087 2979 days ago
The solution to this is here:

https://decentraleyes.org

link
ballenf 2979 days ago
Pretty cool looking service. Since I've never heard of it, I wish the down voters would explain the problem with it (at the time of writing it's a dark gray, so only a little negative).

Is it simply that people don't seem library CDNs as a source of privacy piercing data?

link
dylz 2979 days ago
They generally aren't, as far as I can tell?

SRI (no changing content for a specific user) + crossorigin ('The "anonymous" keyword means that there will be no exchange of user credentials via cookies, client-side SSL certificates or HTTP authentication'), no referrers via meta tag or header.

The other end gets your IP and browser UA, with nothing else. It is pretty low on the totem pole of worry.

link
tmalsburg2 2979 days ago
I guess the problem is that one-liners that just drop a link without explanation are suspected to be spam and they often are.
link
908087 2979 days ago
That certainly wasn't spam, but unfortunately I was in the middle of something else at the time and didn't have time to post the explanation I probably should have included.
link