[mdominguez]

This already happens. On one of our web fingerprinting solutions we provided our certificate to the vendor so they could use our domain when we loaded their resource (the fingerprinting code) on our app running on the user's browser (sorry - more of a data, slightly backend dude over here, so maybe networking doesn't even work like I'm describing) and the ad blockers wouldn't block the script execution - even thought the script is NOT an ad

[thefreeman]

So you work for a financial institution and you provided your private key to a third party company so they can impersonate your server to host fingerprinting code?! That sounds really irresponsible.

[mdominguez]

I wasn't working in a financial institution, no. We did provide some services, but it isn't qualified as a bank. And maybe it wasn't they impersonating our server, but yeah, it was fishy.