goglin: Thank you for your reply. NYT was thinking the same way but got a victim themself by including third-party sources.
I am sure that gog.com doesn't deliver malicious code, but I want to explain why people refrain from enabling scripting on sites
other than gog.com.
Good news for you then, (probably at the beginning of next week) we will have this (or similar, with no angular mangling) script embedded on our domain. :)
Johny.: (snip)
I've enabled "Do not track" in Firefox and didn't had this warning concerning opbeat. In FF private mode GA was blocked, but site worked OK. I'll check more machines/FF versions/smth.
goglin: steps to reproduce:
- start Firefox (no addons needed - create a new profile with 'firefox -p' if necessary)
- open the settings menu, switch to the privacy tab, click "Change Block List" and select "Disconnect.me strict protection" (this restarts Firefox)
- start a new private window
- open gog.com
- enjoy :)
Blocking opbeat.com would be a solution for me even if it can't be the intention of DNT that people have to manually search through the blocked scripts to find where their data are sent to and to start reconfiguring their firewall configuration ;-)
For me - I see only that analytics.js was blocked due to tracking security. We are detecting that and letting people block GA freely, so site works OK. This problem will disappear as I mentioned.
We're sending only errors to opbeat, so if you encounter any - we'll know about it. You can still block it if you wish.
I guess living with blocked scripts/other things can be hard sometimes. :D I like modern JS and browser possibilities and I let sites to use cookies, localStorage, all the scripts they want - so my experience is full. But that's me. :)
