Would you post on a forum that has an embedded element that calls a 3rd party style sheet that's hosted on a forum member's personal site?

Posted by Rambler in Privacy (edited )

I already know the answer for most of you will be, "No", but it's something I've come across recently on another site and something that opened my eyes as to how much people really just don't care about privacy in general.

I won't name and shame, though some of you may know what I'm referring to.

Timeline of events:

  1. December 30th, a member of the forum points at that the website in question is fetching a stylesheet from a domain that is hosted by one of the forum admins.
  2. Forum admin in question responds stating it's just a stylesheet and not to get your panties in a twist over it. He hosts it on his site because he doesn't have access to the server to host it locally.
  3. Community members rip OP for caring about it and praise the forum admin for the great work he does.
  4. I get to the conversation late, and simply say, "IDK why the OP got hate for this. It's a valid concern for those who are privacy minded. At least the site works with no JS enabled."
  5. I'm told that it's a free site that and I'm free to leave. Good point, that is in fact true.
  6. I state, "I don't recall random 3rd party websites being mentioned in the privacy policy outside of the Google analytics and ads that I already block."
  7. That prompted a response from the actual forum owner, the one who does have server access to host the stylesheet locally instead of letting one of his admins host it. He states, "When you block Google analytics and our ads you make it more difficult for us to support all of the investments going into these sites.. Especially considering our ads are all topical and fitting to our audience. Just consider the ramifications..."
  8. I state the it's a two minute fix, that there is no reason to host a stylesheet on a community member's personal site when the guy who owns the site has responded, is aware of the concern, and could copy it over in 2 minutes, if that and that those who don't care it's hosted elsewhere, won't notice it's now hosted locally and those who do care, will be satisfied.
  9. More retardation follows.

I mean, it's just a stylesheet. But I still think a large community with thousands of members shouldn't allow elements of their website that can't be disabled to be called from community members sites, regardless if they're a moderator or an admin. They don't need to know how often the site is visited, what IPs are accessing that stylesheet, etc.

What are your thoughts on this? Would you still visit this site if I had part of the styling hosted on a community member's site?

Just seems a bit strange is all, since the fix is so simple (host it locally) yet they refuse to implement it.

EDIT: Crazy thing is, this is a tech related forum and the group who I thought would care about it seemingly doesn't care at all. Maybe myself, the OP who noticed it, and like one other person are the crazy ones.

6

Comments

You must log in or register to comment.

mr4channer wrote

no, this is why most foss projects fail, because they do something their own way instead of listening to users.

0

Wahaha wrote

Truthfully speaking, I wouldn't care that much. My default position towards websites is distrust. As long as the site in question has some value to me I'm compromising. It's an unfortunate state of affairs, but the web wasn't designed with either privacy nor with security, nor with anonymity in mind, so you don't get any of those. I don't expect this to change, either. Not on the clearnet, anyway. Most people don't even know how things work. They visit websites like they visit a doctor. Unequipped with the knowledge to even notice if something is horribly wrong. We evolved to live in communities where everyone had each others back, so this attitude of trust was an advantage. Nowadays, where nobody has each others back and everyone is looking out only for himself, trust isn't a good thing anymore.

1

Rambler OP wrote

Replying to (#1,406)

I think the concern was more around the fact that now an unknown and random 3rd party can determine who visits the site looking at the logs of how often their stylesheet was requested. I expect that the website owner would be able to view the logs of his own site, but not that a 3rd party (even if an admin) would be able to do the same to a degree.

1

abralelie wrote

Don't ublock and umatrix block resources from external sites by default? The whole website might show up as a jumbled mess for me. I always try to keep the number of 3rd party request low and especially if the website isn't important to me, I'd stop using it if it required too many external resources.

Plus, if they're that lax about security, who knows what else is lurking? Wouldn't surprise me if their ssh user and password were admin:passw0rd! or something.

P.S I'm glad that's not what you were suggesting to use here because then I'd have quit immediately.

2