Privacy

37170 readers

244 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Does using Cloudflare's cdnjs compromise privacy? (lemmy.ml)

submitted 1 day ago* (last edited 1 day ago) by [email protected] to c/[email protected]

15 comments fedilink hide all child comments

Prefacing by saying I'm a total noob to webdev.

I'm trying to move my personal portfolio site off of Squarespace and onto some sort of static hosting. Since I know nothing, I'm cobbling together hugo templates and using LightBox2 to show image galleries. The blog I'm referencing includes LightBox2 using this:

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script>

I would prefer to not subject people viewing my page to any external tracking if I can avoid it. My page has zero tracking/analytics for this reason. I briefly tried downloading LightBox2 and directly including it instead, and was able to get it working mostly, but some things were broken that I would need to debug. Before I do that I was wondering, is this even a problem? Is including stuff from cloudflare cdn like this sketchy? It's possible I'm being overly paranoid but I have no idea.

you are viewing a single comment's thread
view the rest of the comments

[–] Fijxu 4 points 18 hours ago

I don't trust cloudflare. That is just a JS CDN that pulls a file, but is still gathered from an external server. In my case, when I have to use CDNs to use a JS library, I just download the file and host it locally.

You don't own the CDN, is controlled by other people, which means that of course is less private to the end user, and more insecure since you rely on the people running the CDN and the author or the library. What would happen if the library author/authors get hacked and they add malicious code to the library? (Asumming it doesn't contain a integrity attribute like the one on your example).

Is better to trust yourself, it doesn't cost you anything to download a few kB of a JS file and serve it directly from your server. The page is not going to load 2s faster if you use a JS CDN

And no one wants this to occur to their websites: https://fossa.com/blog/polyfill-supply-chain-attack-details-fixes/