←back to thread

Stripe records user movements on its customers' websites

(mtlynch.io)
1134 points mtlynch | 1 comments | 21 Apr 20 17:01 UTC | HN request time: 0.316s | source
Show context
agwa ◴[21 Apr 20 18:28 UTC] No.22937839[source]
This is a good reason to use a technique like cperciva's payment iframe: https://www.paymentiframe.com/

It lets you use stripe.js (thus getting the PCI compliance benefits) without Stripe being able to spy on your visitors.

replies(2): >>22938342 #>>22938980 #
ricardobeat ◴[21 Apr 20 20:25 UTC] No.22938980[source]
That is so ridiculously insecure I'm surprised the author has published it without a massive disclaimer.

Do NOT use an unknown third-party, without PCI qualification, to whom you have no contractual relationship, in between you and your payment provider.

replies(1): >>22939553 #
1. jedberg ◴[21 Apr 20 21:33 UTC] No.22939553[source]
It says at both the top and bottom of the page not to trust him, and at the bottom it says to implement it yourself if you care about security.

Seems fairly "disclaimed" to me.