This mental model is the main problem with such a proposal -- loading resources from other domains is in no way equivalent to allowing owners of these domains to "listen in" on the user's interaction with your site.
-
-
This all comes down to liability, which is what it’s all about. I go to A’s website. A) They proxy stuff and leak my data. I go after A. B) They embed XYZ like everyone else and XYZ leak my data. I go after A. A says “We had no idea!” I have no play.
-
Two questions: 1) Would a site "have any idea" about sharing data if the same happened in a server-side module they installed? 2) How would you learn about this if it happens purely offline? Sadly, it seems difficult to have a constructive technical discussion about either one.
-
One other thing to note is that if offline sharing becomes more popular, users lose more control. Backend request may be over HTTP, data may be tied to your profile on the site, you can't reset your identifier, etc. I'd be wary of pushing developers in that direction.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.