Smylers wrote:
That's a sometimes convenient feature for site developers, but
there's nothing you can do with content loaded from two sites you
can't do with content loaded from one.
Here's some I can think of:
* Many sites are funded by displaying adverts from a third-party service
which picks appropriate ads for the current user-page combination.
Serve ads from the host site.
Further, I don't see how users can be tracked across multiple sites.
This is useful to serve users a variety of different ads, rather than
the same one lots of times, even as they read multiple sites which all
use the same third party ad service.
That's a feature, not a bug. Or another way: users shouldn't be able to
be tracked across sites. That they are is a bug, not a feature.
* Third party traffic analysis services, ranging from simple image hit-
counters to something like Google Analytics, require being part of a
page's loading.
Not all such services do require this though. Google Analytics
implementation decisions are not the only ones possible.
I don't have time to respond in detail to each of the valid points your
raise. I may later. However each of them can be handled in a different
way that doesn't require third party content and mashups. The reason we
have designed these systems this way is because it was quick and easy,
not because it was the only way to do these tasks. If we break these
things such that third party content is no longer the simplest solution
that could possibly work, then developers and sites will move on to the
next simplest solution.
The bottom line is that bad implementation decisions made years ago with
respect to third party content are causing security issues now. We can't
paper over these problems. Anything less than addressing the root cause
will fail.
Addressing the root cause will cause pain because a lot of systems you
mention will have to be rewritten to work in the new world. So be it.
Nothing else will work, and the sooner we recognize that, the sooner
everything will be fixed.
--
Elliotte Rusty Harold [EMAIL PROTECTED]
Refactoring HTML Just Published!
http://www.amazon.com/exec/obidos/ISBN=0321503635/ref=nosim/cafeaulaitA
