Add link about security #906
Comments
|
As @mgifford wrote - all external scripts are a potential attack vector and security risk. For customers coming from EU it can also be worth mentioning that newest changes may make sending personal data out of EU illegal. I am not a lawyer! But here is the latest info from NGO that caused the "wheels to move"; https://noyb.eu/en/austrian-dsb-eu-us-data-transfers-google-analytics-illegal In terms of overlays I imagine sites will potentially send very sensitive information about end users (for example disability info, together with IP addresses and maybe even personal identifier data from forms (third party scripts can have access if they choose so. It would be an interesting security homework to check data being sent to overlay providers. |
|
I would think that there would have to be implications for the GDPR. Also worth while noting that the GDPR is actually more global than most people think. It is worded in a way to protect European Citizens, not just the boundaries of continental Europe. |
|
@mgifford - yes, for sure, the so called Schrems II is GDPR related. Agreed. And yes, GDPR is way more global than just EU. |
|
Can someone write this up? |
I figured this might encourage more people to question whether overlays are a good idea or not:
https://www.govloop.com/community/blog/government-websites-cant-rely-on-the-claims-of-accessibility-overlays/
It's not like you're adding Google Analytics to your site. There are many more risks involved.
The text was updated successfully, but these errors were encountered: