undefined | Better HN

0 pointsfreeopinion1y ago0 comments

I'd like to throw a little blame onto many namebrand websites.

Sites like Digital Ocean try to load dozens of third-party trackers for a single page. Their supposedly secure payment processing includes cross-site violations that are blocked by modern browsers.

When their credit card management pages fail to work with reasonable browser defaults or sane browser add-ons they immediately advise their users to strip out all security protections. You are supposed to just trust content coming from seemingly unrelated domains including multiple processors you may or may not have ever heard of. Paypal? Ok, plausible. Stripe? I guess, but both? Pendo? Sentry? Optimizely? Hexagon? Google Ads? Google Analytics? Six other different Paypal domains? Eight other Stripe domains? Multiple Typekit domains? TagManager? Spuare? The list keeps going.

Plenty of reasonable protections cause alarm bells left and right. The answer? Disable those protections. Train users to think they are the problem.

0 comments

freeopinionOP1y ago

I'd be interested in anybody explaining why a welcome page needs assets from 17 other domains, including paypal and stripe.

https://cloud.digitalocean.com/welcome

Why are multiple payment processors included on this page that doesn't involve any payment?

Domenic_S1y ago

pptm.js is paypal's tag manager, for "Marketing Solutions". Gives the vendor shopper insights (clickthru, etc).

Stripe recommends putting stripe.js on every page to help detect fraud better (https://docs.stripe.com/js/including)

j / k navigate · click thread line to collapse