Quick thoughts on the Microsoft AJAX CDN
Posted by: Ajax.NET Professional,
on 16 Sep 2009 |
View original | Bookmarked: 0 time(s)
Today reading on idunno.org about Microsoft AJAX CDN, something I was thinking about a bit, too:
Scott Red Shirt Guthrie announced today that the jQuery and the Microsoft AJAX scripts would be hosted on the Microsoft content delivery network (CDN) which should speed up the initial loading of these script libraries and save you bandwidth, as you wont have to host them any more. Being an untrusting soul, errr, security person, I thought Id take a quick look at how its delivered.
The scripts are hosted on http://ajax.microsoft.com/ which presents the first problem its a microsoft.com domain. When you do any serious browsing to the normal microsoft.com sites youre going to get a cookie, for example if you login to view things that require Live authentication, or you register for an event or even a session ID. On my machine I have seven cookies that are sent to any microsoft.com site and some of them look like tracking identifiers (the omniID for example is a GUID, then theres MUID, a cookie called ANON and so on). Theres no way of knowing what these cookies actually do, but they will be sent with requests for the CDN based script libraries which, if Microsoft were so inclined, could be used to track users as they travel through various sites using the CDN. Of course google does the same thing, and has been doing it for longer. The google script for loading other scripts (yes I know) comes from google.com, so the cookie that identifies your searches will be sent when you browse to a site that uses the google script CDN (adsense and google analytics scripts come from different domains, and so those identifying cookies wont be sent). So there is a potential privacy problem here, if Microsoft were inclined to be evil.
Read the full story here.
