Craig Sanders wrote:
jquery hosted from ajax.googleapis.com rather than their own local copy is astounding. don't they realise that that's yet another web bug that potentially allows their users' identities to be linked across multiple sites by google? or do they just not care? developer convenience trumps security.
That one also pisses me off -- even I can't block it :-/ APPARENTLY people hotlink to it because google tells them to (for obvious reasons -- it lets google snoop *and* issue "security fixes" without needing approval of site admins).
i've even seen sites that you'd think would know better, or where you'd expect the users to understand (or at least be paranoid about) web-bugs and tracking use jquery from googleapis.com. security sites, torrent sites, political sites. serious WTF moment when i started seeing that...do these sites WANT to look like false-flag sting operations?
I'd put that down to them using a standard app or library, which does it, and nobody mentioned it to them.
there's also a trend to make sites impossible to use without javascript.
I'm still managing, mostly. I guess the main exception would be .com sites, which I don't use very often. I had to start sending a User-Agent field after Wikipedia decided to drop HTTP queries that lacked one, on the assumption they were from people who were leeching AND too stupid to use wget or libcurl.