Jens Oliver Meiert

Do you embed resources (scripts, fonts, multimedia) from third parties and their servers? (CDNs that you use—upload to—excluded.)

Please respond depending on where you’re based (or, if you largely develop for an organization, where that org is based).

♽ Reshare appreciated to get a better picture. Cheers!

#embedcode #thirdparty #privacy

Based in EU 🇪🇺: yes
13.1%
Based in EU 🇪🇺: no, self-hosting
55.8%
Not based in EU: yes
9.7%
Not based in EU: no, self-hosting
21.4%
Poll ended at .
Dec 9, 2024 at 6:52pmWeb
Show threadJens Oliver MeiertDec 13, 2024

Thanks to all contributors!

More data would be even better, but it seems there *is* a marked difference between web dev behavior in and outside of the EU.

Personally, I like the awareness the GDPR brought, not to load anything and everything from other servers. So convenient—but also so irresponsible.

Beyond privacy, I recall how at Google, third-party embedding was always prohibited—for security reasons. It’s interesting this still isn’t a more popular concern.

#embedcode #privacy #security

Show threadLippeDec 13, 2024
@j9t I guess sometimes it's helpful for convincing the higher-ups when there is a pricelabel a.k.a. highly likely fine (read: GDPR) attached to a needed change and not "just" some possibly bad actor taking over some third-party-script (read: security)...
Show threadWilliam O'ConnellDec 9, 2024
@j9t What does "CDNs excluded" mean? If you embed from code.jquery.com does that count for what you're asking?
Show threadJens Oliver MeiertDec 9, 2024

@williamoconnell, good question, I’ve left that case open. Resources excluded that you host on “your” CDN—while technically a third party, too, it is, as opposed to a third party’s own or a fourth party’s CDN, under your control what you put there. Hope that clarifies this point!

(To give two examples, the survey would consider someone hosting their fonts on, say, the CloudFront CDN self-hosting—but embedding a script on jQuery’s CDN third-party hosting.)

Show threadAxel RauschmayerDec 12, 2024

@j9t @williamoconnell It may make sense to rephrase “CDNs that you use excluded” because, to me, that includes code.jquery.com—it would be a CDN that I use (if I did).

Maybe: Your own uploads to CDNs excluded?

Show threadJens Oliver MeiertDec 12, 2024
@rauschma, to be clearer on “using,” yes 🙂
Show threadHelen Chong Dec 10, 2024
@j9t I am not based in EU, but I self-host resources whenever possible, especially for my websites. The only exceptions are videos, as videos take up a lot of storage space, and fonts in my small projects.
Show threadMatt WilcoxDec 12, 2024

@j9t @Meyerweb Self hosted. Nothing to do with GDPR tho. Performance is simply better and with lower complications. You only need CDNs if your audience is widely distributed, and that’s a thing which seems to get forgotten. Got a focussed geographical audience, like the UK? Then there is no perf benefit to CDNs.

I also think if people are used to React dog-slow sites, they won’t even notice the network round trips taking slightly different times.

Show threadLukasDec 12, 2024
@j9t eu based and yes. The driver here is business (a need for a specific third party) and third party impediments (eg most of the time there is just no choice on where to host it). We do conform to gdpr by loading stuff after consent is given
Show threadLukasDec 13, 2024

@j9t I am pretty confused about the answers here. I wonder if folks who answer self-host in the eu do that in a corporate environment. There‘s a bunch of reasons why you either can‘t or have no benefit in terms of privacy.

For instance, if you host a third party script, that script might potentially still communicate outside of the eu. In legal terms, the possibility of that already blocks you from running it without consent, while also defies any ambitions about actual privacy.

Show threadJens Oliver MeiertDec 13, 2024
@AES, that’s true. The survey is too simple in that more needs to be checked, like what’s being hosted. There’s a spectrum in terms of assets to be hosted and risks these come with.