More Proof We Don’t Control Our Web Pages
I’ve talked about this before: As web designers, we can’t trust the network. Sure, we have to contend with mobile data “dead zones” and dropped connections as our users move about throughout the day, but there’s a lot more to the network that’s beyond our control.
Here’s a roundup of some of my “favorite” network issue related headlines from the last few years:
- Sky Broadband misclassified the jQuery CDN as a malware site and broke much of the web for their users.
- Comcast admitted to injecting self-promotional advertising into web pages served by their Xfinity routers. (They have also been called out for artificially inflating subscriber bandwidth usage with their own crap.)
- United was recently called out for blocking access to the New York Times on their in-flight Wi-Fi.
- Someone discovered AT&T was injecting CSS, images, and JavaScript into pages served via their airport hotspots.
- Samsung smart TVs were found to be injecting video ads into video streaming apps.
- Sprint injects JavaScript into pages served via its data connections.
- Browser add-ins can inject their own advertisements. They can also alter the DOM, load conflicting versions of JavaScript libraries, and more. Awesome, I know. (This is being addressed, but is a persistent issue when add-ins have the ability to manipulate the DOM.)
Some of these issues can be avoided by serving content over HTTPS, but that still won’t enable you to bypass things like firewall blacklists (which led to the jQuery outage on Sky). Your best bet is to design defensively and make sure your users can still accomplish their goals on your site when some resources are missing or markup is altered.
We can’t control what happens to us in this world, we can only control our reaction to it.
Comments
Note: These are comments exported from my old blog. Going forward, replies to my posts are only possible via webmentions.You may be interested in CSP : Content Security Policy. http://www.w3.org/TR/CSP/ ;)
Thank you, Aaron! Kudos, also, to Nicolas Hoffmann and Smashing Magazine for explaining how a Content Security Policy can thwart these corporate hijackers.
Webmentions
Likes
Shares