Author here. Happy to answer any questions or hear feedback about this post.
replies(4):
> This is a common practice for anti-fraud detection systems... You will see similar techniques used all over the web (your bank website, Ticketmaster, airlines websites, etc.).
I respectfully disagree.
My bank tracks my movement on their own website. They don't track movement on other businesses' websites.
I believe many developers integrate with Stripe expecting that their JS library executes and shares data only on the pages where Stripe UI elements appear on the page. The fact that JS library runs on every page and sends data back to Stripe, even before the app calls the API, is unexpected. I believe that Stripe should, at the very least, make this more obvious to integrators and, ideally, give site owners the ability to limit what data Stripe collects.
It's not unexpected when they tell you to include it on every page:
As was in their docs ages ago and still now: https://stripe.com/docs/js
>Including Stripe.js >Include the Stripe.js script on each page of your site—it should always be loaded directly from https://js.stripe.com, rather than included in a bundle or hosted yourself.
>To best leverage Stripe’s advanced fraud functionality, include this script on every page, not just the checkout page. This allows Stripe to detect anomalous behavior that may be indicative of fraud as customers browse your website.
... they are asking you to enable them to track your user's interaction with your entire website.