zlacker

[return to "Stripe records user movements on its customers' websites"]
1. agwa+tg[view] [source] 2020-04-21 18:28:37
>>mtlync+(OP)
This is a good reason to use a technique like cperciva's payment iframe: https://www.paymentiframe.com/

It lets you use stripe.js (thus getting the PCI compliance benefits) without Stripe being able to spy on your visitors.

◧◩
2. Znafon+Ao[view] [source] 2020-04-21 19:15:11
>>agwa+tg
While I trust him, how can we be sure that paymentiframe.com starts serving an iframe that steals the credit cards in the future?
◧◩◪
3. Kaze40+Cs[view] [source] 2020-04-21 19:41:29
>>Znafon+Ao
From the page:

> Why should I trust you?

> [...] If you're worried about both, consider this a proof-of-concept which you should replicate on your own server (using a separate domain name from the rest of your site).

[go to top]