|
|
|
|
|
|
by amluto
801 days ago
|
|
|
How many of these websites remember to completely disable analytics on the sensitive logged-in portions of the site? Completely disable doesn’t mean “an intern once logged in to the analytics provider’s config page and asked them to, pretty please, not log certain pages, and no one ever re-checks that config.” The analytics script should straight-up not be present on the sensitive URLs. (Frankly, the script should not be present at all on the sensitive origin. Ever heard of fetch or service workers or any other same-origin mechanism of collecting data?) |
|
|