karlgroves
commented
3 years ago @mgifford can you provide some suggested wording for this?
Open mgifford opened 3 years ago
karlgroves
commented
3 years ago @mgifford can you provide some suggested wording for this?
mgifford
commented
3 years ago How about something like this:
Adding 3rd party JavaScript libraries to your page always adds additional security risks, reduces page performance and increases the CO2 produced to load the page. Any additional JavaScript files should be added to your page only after careful considering the alternatives.
I wondered off beyond just security, but think it drives the point home.
Adding 3rd Party Javascript is always a bit of a security concern. You have to really trust that they are implementing best practices and being incredibly diligent in maintaining it.
I would be surprised if most widget companies are that committed to either privacy or security.
I suspect this isn't the only violation: https://www.govtech.com/security/Cryptojackers-Hit-Government-Websites-A-New-Flavor-of-Hacking-Courtesy-of-Third-Party-Code.html
I bet there are examples where more than users CPU cycles were being taken.