#Stripe is Silently Recording Your Movements On its Customers' Websites
@Gargron heh I find it interesting that I see this right after my teammate suggests we use stripe for a project and I said I didn't have the time/energy to look into whether I considered it ethical... not that I think they'll care.
@Gargron stripe has always been a bit suspicious company . ô.o
@Gargron Oh FFS, why must everyone be shit?
> Does anyone know of *any* better alternatives
Yes, I do: don't use a payment service at all, ask people to do a bank transfer (? German: #Überweisung").
I don't know about other regions of the world, but for the #SEPA-Area (which is quit big: ~ all of Europe), publish #IBAN and #BIC and you're ready.
I outlined this here some time ago:
" I noticed that every page navigation generated a new HTTP POST request to a Stripe URL"
"This was strange because none of the pages I visited contained any calls to Stripe’s library."
oh my stars these are directly contradictory what business does this author have ANYWHERE near a website that handles money
"Based on the name mouse-timings, it seems that Stripe is recording my users’ mouse movements."
luckily for us Stripe didn't name it dna-transcript, then it would be recording our DNA.
@Gargron Worse, some websites don't load at all until js.stripe.com is allowed. I never dared to check in the #JavaScript code how that happens because it's too infuriating.
@Gargron PS. I spoke with Patrick (their CEO) and he’s put my mind at rest. Birdsite link (sorry): https://twitter.com/aral/status/1252685385626460160?s=20
@Gargron To be fair, they're pretty plain about this in the integration docs -- it's hard to miss:
> To best leverage Stripe’s advanced fraud functionality, include this script on every page, not just the checkout page. This allows Stripe to detect anomalous behavior that may be indicative of fraud as customers browse your website.
- https://stripe.com/docs/js
Workaround is to just not do that (as we do).