zlacker

[parent] [thread] 2 comments
1. amenod+(OP)[view] [source] 2020-04-21 20:17:16
Sure, but business models change.

The main issue here is that this behavior is enabled by default and hidden. If API would be used like this, I would see no problem:

``` import { ensureUsersAreTrackedForFraudPrevention, loadStripe, } from '@stripe/stripe-js';

ensureUsersAreTrackedForFraudPrevention() ```

Of course, they will never do that, because then many developers would opt-out, and they need the masses to make fraud prevention work.

replies(2): >>djur+841 >>hjnils+Ac1
2. djur+841[view] [source] 2020-04-22 07:06:10
>>amenod+(OP)
If the API was used like that it could be disabled trivially by someone committing fraud.
3. hjnils+Ac1[view] [source] 2020-04-22 08:51:49
>>amenod+(OP)
Likely many developers would opt-in when business sees the 5% surcharge for extra fraud.

And regardless, stripe explicitly says in their documentation that you should include stripe.js on every page of your app, so they can do tracking of pointers movements for fraud detection. This has not been hidden in any way from devs.

[go to top]