On Sat, Oct 29, 2011 at 4:22 PM, Daniel Friesen
<lists(a)nadir-seen-fire.com> wrote:
- It doesn't scale very well. If you do try to add
more vendors and users
do enable most of them, you still end up loading from each enabled vendor
slowing things down.
With the exception of the FB Like/Recommend button, everything
(even
the FB share link) is just an image paired with a HTML link. Maybe
other sites allow embedding their logos, so the only image which needs
to be loaded externally is the FB one.
- Frankly the UI is pretty bad.
That's the
price you have to pay for total privacy, unfortunately.
- Once you enable a vendor we drop right back to a 3rd
party script being
injected into the page such that it can do malicious things.
Btw, if you're a 3rd party with a script in a page you can go pretty far
abusing XHR and history.pushState to make it look to a user like they're
browsing the website normally when in reality they're on the same page
with the script still running. Oh, and that includes making it look like
you're safely visiting the login page when in reality you didn't change
pages and the script is still running ready to catch passwords.
Do you have any
links with further info on this?
Marco