Stripe records user movements on its customers' websites

(mtlynch.io)

1134 points mtlynch | 1 comments | 21 Apr 20 17:01 UTC | HN request time: 0s | source

Show context

mtlynch ◴[21 Apr 20 17:01 UTC] No.22936825[source]▶

>>22936818 (OP) #

Author here. Happy to answer any questions or hear feedback about this post.

replies(4): >>22937478 #>>22937646 #>>22937672 #>>22938279 #

swyx ◴[21 Apr 20 17:56 UTC] No.22937478[source]▶

>>22936825 #

title is a little sensationalist, i find that a little hard to forgive :) it is well understood any anti fraud system records movement. how does your analysis fare on Google's reCAPTCHA v3?

or rather the actual issue, the x00,000's of sites that actually record movement for product research and, yes, marketing? sensationalizing this issue on stripe, which is a probable good actor, doesn't help the sites and web users deal with the real bad actors.

but its a well written article with solid recommendations so kudos for that.

replies(4): >>22937556 #>>22937570 #>>22937649 #>>22937950 #

falcolas ◴[21 Apr 20 18:03 UTC] No.22937570[source]▶

>>22937478 #

No, it’s not well understood. Perhaps you, and people in your direct field understand this, but does an average web developer who is reading Stripe’s documentation? Does a consumer?

Silent, given the lack of documentation or notification, is 100% appropriate here.

replies(1): >>22942189 #

1. lowan12 ◴[22 Apr 20 04:29 UTC] No.22942189{3}[source]▶

>>22937570 #

I mean, the docs literally spell this out, so I'm not sure how much you or the author of the article wants their hand held:

> To best leverage Stripe’s advanced fraud functionality, include this script on every page, not just the checkout page. This allows Stripe to detect anomalous behavior that may be indicative of fraud as customers browse your website.

https://stripe.com/docs/js

↑