[einaros]

While an absolute necessity, it doesn't solve the immediate issue of NSLs and widespread use of unnecessary services.

Let's say that the NSA would like to track bitcoin transactions through MtGox. I don't know how easy it would be for them to plug a backdoor into a server in Japan, and let's assume that the NSA can't break the RC4 crypto their web server is configured to use ..

Since MtGox uses Google Analytics, and possibly pull other scripts from Google's CDN, they could either eavesdrop on whatever data comes back from them by default -- or insist that changes are made to ... pick up more.

[moxie]

Yes, absolutely, there are more hurdles. As an extension of this pinning work, Trevor has also been working on a proposal for 3rd party includes that would allow you to specify a hashsum in the include line, as well as a proposal that would fix cookie scoping in backwards compatible way.

[einaros]

That would pretty much cover the use of CDNs that have proper versioning schemes.

Analytics, however, will remain something I'm not overly fond of. For many sites it's unnecessary. For others it's something they could nearly just as easily license and deploy to their own servers. Pulling scripts in from Google Analytics, Statcounter and others -- and especially into privacy concerned apps -- is downright irresponsible.

As I noted here: https://2x.io/read/would-the-nsa-infiltrate-cdns-to-circumve..., even Norway's tax returns site (which hosts info I'd rather not have in any foreign company's hands) use external analytic scripts. They and 90% of the rest of the internet.

No wonder the NSA claim they can circumvent most HTTPS encryption.

[001sky]

even Norway's tax returns site...uses external analytic scripts.

I'm curious who build that? Can they not count the filed docs.