Privacy

37198 readers

145 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Does using Cloudflare's cdnjs compromise privacy? (lemmy.ml)

submitted 2 days ago* (last edited 2 days ago) by [email protected] to c/[email protected]

15 comments fedilink hide all child comments

Prefacing by saying I'm a total noob to webdev.

I'm trying to move my personal portfolio site off of Squarespace and onto some sort of static hosting. Since I know nothing, I'm cobbling together hugo templates and using LightBox2 to show image galleries. The blog I'm referencing includes LightBox2 using this:

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script>

I would prefer to not subject people viewing my page to any external tracking if I can avoid it. My page has zero tracking/analytics for this reason. I briefly tried downloading LightBox2 and directly including it instead, and was able to get it working mostly, but some things were broken that I would need to debug. Before I do that I was wondering, is this even a problem? Is including stuff from cloudflare cdn like this sketchy? It's possible I'm being overly paranoid but I have no idea.

you are viewing a single comment's thread
view the rest of the comments

[–] CameronDev 2 points 2 days ago (1 children)

One way or another, the server that hosts a resource can track who is requesting what. You as the server owner can just as easily track who is accessing what, but if you avoid using a CDN, then it limits the tracker to just yourself. The cost is that you'll have increased traffic, and there is always the suspicion that you may have tampered with the lightbox.js file to do something malicious.

On the self include side, the instructions you linked seem pretty straightforward, so it should be possible to use it that way. What is issue your facing?

[–] [email protected] 2 points 2 days ago

The issue seems to be with how hugo renders everything down into a /public directory. Somehow this is breaking the static images Lightbox uses to do prev/next/close. It's a small issue and I'm sure the fix is something dumb, it just wasn't obvious to me (the images appear to be correct). But sounds like it's worth just debugging it...