• 0 Posts
  • 10 Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle




  • I actively do this with uMatrix - granted, I only block non-first-party JavaScript. Most sites I visit only require a few domains to be enabled to function. The ones that don’t are mostly ad-riddled news sites.

    There are a few exceptions to this - AWS and Atlassian come to mind - but the majority of what I see on the internet does actually work more or less fine when you block non-first-party JavaScript and some even when you do that. uMatrix also has handy bundles built-in for certain things like sites that embed YouTube, for example, that make this much easier.

    Blocking non-first-party like I do does actually solve this issue for the most part, since, according to the article, only bundles that come from the cdn.polyfill.io domain itself that were the problem.





  • That’s kinda backwards, isn’t it? If I want to verify my identity to a company, they would send me something that only I could decrypt. Some government agency provides all the public keys of all citizens, the company takes my public key, encrypts some secret with it, sends it to me, and asks me to decrypt and return it. If I’m able to do so, I must be who I say I am otherwise I would not be able to decrypt the secret.

    In an ideal world, the company (or, even better, the employee) would have a similar certificate that I could use to encrypt my response with.