zlacker

[parent] [thread] 4 comments
1. skoski+(OP)[view] [source] 2020-04-21 19:07:05
My thoughts exactly as I was reading. Analytics gathering that’s not related to UI improvements wouldn’t bother to collect information on pointer movements.

But it turns out to be a pretty good tool for bot detection. That’s why you can now just check a box to verify you’re human (Something about that sentence feels quite dystopian).

I just don’t see the issue with Stripe’s practice here. They have a clear business model, and selling user data could severely undermine that model.

replies(2): >>buildb+1a >>amenod+ya
2. buildb+1a[view] [source] 2020-04-21 20:13:47
>>skoski+(OP)
Until someone trains a reinforcement algorithm to click the box like a human ;)
3. amenod+ya[view] [source] 2020-04-21 20:17:16
>>skoski+(OP)
Sure, but business models change.

The main issue here is that this behavior is enabled by default and hidden. If API would be used like this, I would see no problem:

``` import { ensureUsersAreTrackedForFraudPrevention, loadStripe, } from '@stripe/stripe-js';

ensureUsersAreTrackedForFraudPrevention() ```

Of course, they will never do that, because then many developers would opt-out, and they need the masses to make fraud prevention work.

replies(2): >>djur+Ge1 >>hjnils+8n1
◧◩
4. djur+Ge1[view] [source] [discussion] 2020-04-22 07:06:10
>>amenod+ya
If the API was used like that it could be disabled trivially by someone committing fraud.
◧◩
5. hjnils+8n1[view] [source] [discussion] 2020-04-22 08:51:49
>>amenod+ya
Likely many developers would opt-in when business sees the 5% surcharge for extra fraud.

And regardless, stripe explicitly says in their documentation that you should include stripe.js on every page of your app, so they can do tracking of pointers movements for fraud detection. This has not been hidden in any way from devs.

[go to top]