Reply to post: You can see any requests your browser makes, and this is a load of nonsense

Stripe is absolutely logging your mouse movements on websites' payment pages – for your own good, says CEO

andy 103
Boffin

You can see any requests your browser makes, and this is a load of nonsense

I really wish before people came out with this "all JavaScript is evil" nonsense they would actually understand how it works.

It's possible for anyone to see HTTP requests in their browser by using the Developer tools (F12 in Chrome) and then opening the Network tab. Any data which is being sent is shown in the Request section. This is the case for any website and any request including ajax requests which are commonly made through JS libraries.

So, all these people moaning have tried it on a site where Stripe.js is present on every page? What did you see in the Request data that "logs all your activity"? Oh, you haven't, and it doesn't. I know this because I've done it myself.

It does send some data aside from for the payment, including a timestamp of how long you were on the site. But that is legitimately useful in combatting fraud as it could identify a bot submitting card data, amongst other things such as geolocation details.

I've already replied on a previous comment where someone was trying to describe how they thought JS was to blame for the BA attack. A total lack of understanding of how that actually worked (I've explained it in my reply).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022