|
|
|
|
|
|
by gok
2822 days ago
|
|
|
The cost of determining the tracking behavior of every dependency of every part of your web site is prohibitive. Can you be sure that every hosted font and JavaScript framework you use is hosted on a server that isn't, say, logging IP addresses? Why bother? It's much easier to just throw up a warning popup, which users universally dismiss. |
|
|
At least on the library side, there tends to be a default-to-trust to the point where large projects put dependencies on libraries that are built by literally one-guy-with-a-github. I posit that developers should be more critical of including dependencies, and factors like "can we guarantee support" and "how do we know it doesn't have malware, both now and in the future, and who can we hold responsible if it does" should be considered for every dependency we add. As it is, I find a lot of developers will uncritically slurp in any dependency or library that saves them a bit of effort.
If the tooling isn't there to help with this problem then it should be built.