 |
| Surveillance State Scope Creep |
I usually don't repeat post like this, but this affects many people and is super aggro.
On Tuesday, developer Michael Lynch questioned Stripe's data collection in a blog post, noting that the biz's JavaScript library, used by web merchants to implement client-side aspects of Stripe's payment system, records browsing activity and reports the data back to the company.
The data transmitted goes beyond what's necessary for a transaction. According to Lynch, the library when present on a page reports the URL even if the page does not include a Stripe payment form, and includes mouse movement telemetry and unique identifiers that let Stripe match visitors against data from other Stripe-implementing sites.
"No amount of privacy policy language will make this okay," said Cyphers. "Stripe should not be profiling people's behavior on web pages where [the e-commerce form] isn't present."
No comments: