undefined | Better HN

0 pointstedunangst4y ago0 comments

The threat model where the analytics company is hacked. I don't know why you would trust your bank to never let that happen.

There are some APIs on the bank site you need to conduct your business, and there are also some extraneous APIs. Yeah, sure, you tell the bank it's their fault clickwatcher.js got hacked, and maybe they give you your money back, but it seems like unnecessary exposure to unnecessary hassle to leave all that crap running fully trusted.

0 comments

bastawhiz4y ago

But having a more hardened browser literally does nothing to protect you. If your bank's website is hacked because of a third party API, the most well-hardened browser (as the commenter that I replied to describes) in the world will happily allow all of your money to be stolen. A slow-but-secure JS engine does not protect you from JS that's doing things it's allowed to do.

tedunangstOP4y ago

Oh, oh, oh. I thought this was the thread where we turned javascript off or used adblock or some such. Yeah, secure vs insecure jit engine isn't going to help here.

j / k navigate · click thread line to collapse

0 pointstedunangst4y ago0 comments

The threat model where the analytics company is hacked. I don't know why you would trust your bank to never let that happen.

0 comments

bastawhiz4y ago

tedunangstOP4y ago

Oh, oh, oh. I thought this was the thread where we turned javascript off or used adblock or some such. Yeah, secure vs insecure jit engine isn't going to help here.

j / k navigate · click thread line to collapse