|
|
|
|
|
|
by moxie
4660 days ago
|
|
|
Yes, absolutely, there are more hurdles. As an extension of this pinning work, Trevor has also been working on a proposal for 3rd party includes that would allow you to specify a hashsum in the include line, as well as a proposal that would fix cookie scoping in backwards compatible way. |
|
|
Analytics, however, will remain something I'm not overly fond of. For many sites it's unnecessary. For others it's something they could nearly just as easily license and deploy to their own servers. Pulling scripts in from Google Analytics, Statcounter and others -- and especially into privacy concerned apps -- is downright irresponsible.
As I noted here: https://2x.io/read/would-the-nsa-infiltrate-cdns-to-circumve..., even Norway's tax returns site (which hosts info I'd rather not have in any foreign company's hands) use external analytic scripts. They and 90% of the rest of the internet.
No wonder the NSA claim they can circumvent most HTTPS encryption.