Dunkelheit

Against CDNs

published on

Content Delivery Networks or CDNs for short are a common means for sourcing libraries and frameworks into a web page without having to provide a local copy on the server. It helps cut down on bandwidth and resource usage when serving web content. Which sounds like a great deal for the webmaster. To be fair, it pretty much is a great deal but only for the webmaster and the CDN provider.

When clients connect to a website and pull JQuery or Bootstrap or some other framework from a CDN instead of the web server serving the page contents they are being tracked. That doesn’t sound like a very good deal for the user. CDN data can be used to track users around the web without the use of cookies, just by requesting the library from a CDN you are providing an awful lot of metadata without knowing it.

This is why it is important to minimize your exposure to sites and services that use these. Of course that means 90% of the web is probably no longer usable. It is important to be smart about it at the least. Should you use social media websites such as Facebook they already know who you are, the frameworks they use are served by them too. Your exposure to request tracking doesn’t matter in this scenario since you are already using Facebook. Which you probably shouldn’t use if you value your privacy. Although it is possible to use Facebook without exposing your web usage to them, that is for another post, another day.

So let’s say for example you like to read web blogs like mine. Hopefully they serve those frameworks, etc from their own server. You should check to be sure!

My blog is served entirely in static HTML and CSS documents so there is no frameworks being loaded at all. However I encourage that you check right now anyway. After all I could be lying (I’m not).

If you find that a blog you enjoy reading is using CDNs to serve frameworks, libraries, etc to your browser consider asking the admin to stop.