Hacker News new | past | comments | ask | show | jobs | submit login

That's the same as the ISP, CDN, CMS, and plenty of other software and vendors in the middle getting access to that information. There's a difference between a service provider and data ownership.



> That's the same as the ISP, CDN, CMS, and plenty of other software and vendors in the middle getting access to that information.

I don't think it's the same.

At least with HTTPS (or even the use of VPNs, DNS over HTTPS, and the upcoming/proposed encrypted SNI), the ISPs won't have any metadata except the IP headers, which I think is a good rebalancing.

There's no requirement for the CMS to be hosted by a third party. Joomla, Drupal, Wordpress, etc. are all popular self-hosted solutions.

The CDN typically does not have all the information, either: a CDN's job is (often, but not always) to deliver media assets (images, videos, audio), large files (e.g. ISOs, executables), or to deliver things like fonts or javascript libraries. These things are (again, often, but not always) supplied from a different domain.

My browser, for example, doesn't send referer headers when dealing with these sites, and it definitely doesn't send any cookies which aren't set for the CDN's domain explicitly. Different amounts of information leak when you CNAME to a CDN on your own domain, or you load third party advertising scripts in a page.

To me, at least, there's a difference between a third party (such as a CDN or ISP) knowing what domain I was on, versus third-party advertising scripts getting their hands on my detailed browser information by (ab)using JavaScript APIs and extensive fingerprinting.

> There's a difference between a service provider and data ownership.

Can you elaborate? I don't think I understand this point. For example, under the GDPR where I live, I have rights to data which I produced, regardless of the service provider or the domain it's delivered on.


Those are all vendors that get access to cookies and traffic. The point is that data flows through plenty of companies are various levels and providing a CMS or CDN is no different than providing ad serving.

The real issue is whether your data is more protected, and with first-party serving (and all the other anti-tracking restrictions), it's isolated to each domain instead of the cross-site tracking we had before. It's basically a user-to-site connection only now, regardless of the backend tech they use.

Any serious privacy change would require regulation as you noted, GDPR and CCPA in the US will provide the real protections soon enough.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: