Thursday, April 23, 2020

Stripe payment system is collection location data, browsing and click data for all your browsing activity on strip enabled sites

Surveillance State Scope Creep
I usually don't repeat post like this, but this affects many people and is super aggro.
On Tuesday, developer Michael Lynch questioned Stripe's data collection in a blog post, noting that the biz's JavaScript library, used by web merchants to implement client-side aspects of Stripe's payment system, records browsing activity and reports the data back to the company.

The data transmitted goes beyond what's necessary for a transaction. According to Lynch, the library when present on a page reports the URL even if the page does not include a Stripe payment form, and includes mouse movement telemetry and unique identifiers that let Stripe match visitors against data from other Stripe-implementing sites.

"No amount of privacy policy language will make this okay," said Cyphers. "Stripe should not be profiling people's behavior on web pages where [the e-commerce form] isn't present." 

No comments:

Post a Comment