undefined | Better HN

0 pointsDylan168079y ago0 comments

Why are you conflating individually-trusted CDNs with the servers of some random guy? And allowing only images, like most embeds do, is a form of sanitation.

I'll repeat myself. "I think very few websites allow one person to embed arbitrary scripts that will be shown to another person." This is not happening as a result of you using an image host. No scripts are involved there. This is not happening as a result of the site using a CDN. No user triggered that load of jQuery.

It's fine to load jQuery from a specific server that you trust. It's also fine to load ads from the ad network's server, as long as they are policing uploads properly. The problem is they usually don't.

0 comments

Silhouette9y ago

You keep saying they usually don't, but billions of harmless ads are served every day while only a tiny fraction of the served ads are malicious. I just don't see how it's reasonable to assume depending on a third party ad network for content is fundamentally risky yet depending on some other third party service is not. CDNs and other hosting services get hacked and serve malicious content sometimes too, but that is also very rare and also usually gets fixed very quickly if it does happen.

Dylan16807OP9y ago

They don't have a system that makes malicious uploads impossible (outside of hacking, of course). They could implement such a system, without much trouble. They choose not to.

Using a third party ad network is not inherently risky. But most specific third party ad networks are risky, because of bad practices.

That most ads are harmless is enforced through social norms and after-the-fact takedowns. They could do better, but don't. Negligence.

Silhouette9y ago

OK, so let's be constructive. What reasonable, practical alternative do you suggest for someone who is just running a small site and wants to cover their hosting costs?

1 more reply

j / k navigate · click thread line to collapse

0 pointsDylan168079y ago0 comments

Why are you conflating individually-trusted CDNs with the servers of some random guy? And allowing only images, like most embeds do, is a form of sanitation.

0 comments

Silhouette9y ago

Dylan16807OP9y ago

They don't have a system that makes malicious uploads impossible (outside of hacking, of course). They could implement such a system, without much trouble. They choose not to.

Using a third party ad network is not inherently risky. But most specific third party ad networks are risky, because of bad practices.

That most ads are harmless is enforced through social norms and after-the-fact takedowns. They could do better, but don't. Negligence.

Silhouette9y ago

OK, so let's be constructive. What reasonable, practical alternative do you suggest for someone who is just running a small site and wants to cover their hosting costs?

1 more reply

j / k navigate · click thread line to collapse