Re: disagree with Scott and Troy
I'm curious how your privacy is decreased by sending a CSP report, especially if that report is sent back to the same host.
I don't know. Possible issues may be discovering how I use GreaseMonkey, or DeCentralEyes.
But just because neither of us can work out how to abuse a new feature not widely in use at all yet, that does not give me any confidence that it cannot be abused. It hasn't been very long since no one realised that canvas was a privacy violation.
As a general principle, I do not permit anyone to receive anything except the most limited information. I don't use UBO (I have other tools) but certainly will not be permitting CSP reports to be sent to most sites. I might make a few exceptions if it seems particularly worthwhile for some site and I particularly trust them. Just like I make a few exceptions to allow some applications to report crashes.
Biting the hand that feeds IT
