Hacker News new | ask | show | jobs
by phailhaus 1888 days ago
As the other poster pointed out, those are properties of HTML and not HTTP/S. But what I'd like to point out is that this:

> heavily restricted javascript

Is basically impossible. Any useful subset of javascript would be turing-complete, and therefore enough to do whatever's necessary to track the user. Literally all you need to be able to do is make an HTTP request and bam, you can track.
1 comments
a1369209993 1888 days ago
Turing-complete is (kind of) irrelevant, the question is what (equivalent of) system calls is has access to. Eg, javascript should not be able to set cookies or cause network traffic after page load by default.

> all you need to be able to do is make an HTTP request

Precicely. Inability to do this is (part of) what > > heavily restricted javascript means.

link
phailhaus 1888 days ago
Haha yeah, never going to happen. No network calls = no real-time dashboards, which is a no-go for basically any company. Not only that, it doesn't really solve the issue. You can just make the user click a button which triggers the network call anyways, and bam you can track again. Restricting javascript wouldn't work.
link