Sir, I have 2 questions for you, coming from a poor immigrant college student.

What is it that you're doing? And how do you do it?

You got your answer from GOG. They use Cloudfront as part of their performance monitoring tools. What you're essentially asking them to do is modify their entire log in structure just to satisfy your paranoia. You shouldn't be remotely surprised that they haven't contacted you again, but you seem to believe that you obsession with this makes you the centre of the universe when GOG's support is being flooded with actual complaints about payment, login and download issues that actually affect people's ability to use the site.

Alaric.us explained to you in the last thread what the script was and it concurs with the explanation you received. It's a script used to generate performance metrics. It uses an Amazon CDN because the server needs to be located elsewhere to provide accurate results. If you choose to ignore actual explanations as to what a script does whose source code is open for all to see just to stroke your tinfoil ego, that's your problem. If you don't have the know-how to examine the code yourself, that's your problem. GOG has given you everything you need to solve your problem.

So is it any surprise that you're not receiving any response to your repeated unreasonable requests?

Why? If you're going to start shitposting your nuttery in a new thread, we may as well mock you here too. No need for you to spam another thread about this same topic in the first place.

I think there is a spelling mistake in the thread title, it should be customer, not customers

Its probably on the list of things to fix on this website, and that list is far to big for one company to hold, so they have had to get Amazon in...

Is this thread even real? OP really expects a second reply to a very unique and complex problem after already having received a genuine basic answer. Since the 5/24 there was exactly 3 business days in Poland (Thursday and Friday they had off, Sat and Sunday as well ^^).
Also this problem is a really unique (meaning it next extra man power to work on it if they decide to work on it - changing a website is not done by standard customer support ^^) and there is no high priority problem here at all anyway so if there is an offered solution it may take a while - there is no problem with payment , nor was somebody overcharged, nor was someones account hijacked nor has somebody lost access to his account (the OP HAS ACCESS to his account but just REFUSES to access his account).

Actually, he posted in a few threads so he does not refuse to access his account. He's just annoyed by a third party script breaking the login process. It's not like GOG is owned by Amazon so there's no need for it breaking the core feature of this site, is there?

I'm still lost here and I'm not trying to give the OP shit, but what the hell is this "Amazon Script" he is talking about?

For starters, I don't know what the hell it is, why I don't seen to have it, and why it's a problem to begin with.

The only thing I know about Amazon is that, because of my location, I am forced to use it constantly, and it has proven itself to be one of the safest and most reliable sites out there in terms of security and customer service, so again I'm lost as to why he is so upset.

Of course, I'm jumping to conclusions; I'm not even sure he is talking about that Amazon. For all I know it could be some malicious spy ware named after the river, which would admittedly piss me off too.

nvm then - i missread that part <It's been two weeks since I became unable to access my account (and all the games in it) without letting Amazon in (do not want, thank you). > and thought he is not only "mad"/"disappointed" about the running script itself but actually refuses to unblock the script and by this technically blocks access to his account (and by that then complains about not having access to it..).

To all you fellow GOGlodytes who currently revel in ridiculing the OP for his "paranoid tinfoil hat delusions":

I don't think any of you have understood the actual concern he has, which is completely legitimate.

You think he is concerned with what the Cloudfront hosted script included by GOG actually does. He isn't.

The problem is not the script, but where the script resides. Anybody can host any kind of file on Cloudfront. Naturally, GOG.com do not include any script in their site if they don't know what it does. That is not the issue.

The issue is that by hosting their script on Cloudfront, GOG makes it mandatory for users to allow their browsers to access Cloudfront, which means that any other site which might host something less savorable on Cloudfront is then free to serve up said less savorable content to the user's browser.

"So don't visit shady sites", I hear you say. Well, the site itself doesn't have to be shady. It just has to have some sort of vulnerability which allows users to embed external content in it remotely. Take for instance a trusty, reputable site such as, oh, I don't know, say, GOG.com. Some of the users who have been here for several years may remember when someone discovered a vulnerability in the forum software, allowing users to embed HTML code directly in a thread title. Said someone were fortunately not malicious, but chose to highlight the problem by exploiting it somewhat innocently, in order to make sure that GOG fixed it ASAP. The result was that, for a while, anyone visiting the General Discussion forum were instantly redirected to a brony site. Someone less benign could have done something much worse, and done so much more easily by hosting malicious code on, say, a free cloud hosting service.

In short, the fact that you cannot log into your GOG account without allowing access to Cloudfront is actually a potential security risk, despite the fact that the script GOG includes from there is completely clean.

I don't actually expect anybody to man up and apologize to the OP, and I fully expect some more ridicule to be headed my way. So be it. I said my piece.

Ahem. Isn't that post basically explaining how to whitelist said script only and not cloudfront globally?

By that logic, you probably shouldn't download very much at all. In fact, you should probably give up PC gaming altogether, as very few content distributors exclusively use their own CDNs. Steam uses Highwinds, PSN uses Limelight, GOG uses Edgecast. All potential vulnerabilities. (I believe GOG used Akamai at one point?)

But that is all moot, because as you point out, GOG's own site has hardly been a paragon of absolute security, regardless of the external CDNs that it uses. I buy from GOG because of what it does, but I would never consider buying anything through the Galaxy client directly, for instance. I know the bandwagon hate for major companies like Amazon is strong, but ultimately, it's very likely to be more robust security-wise than an SME like GOG with less in-house security expertise.

As you yourself pointed out, it was a vulnerability that enabled some benign hacktivist to redirect the forum to a brony site. No disrespect to GOG, but this is the company you would want to host a JavaScript script in place of Amazon Cloudfront? Well, that's what you're getting now.

Assuming it is included directly on the top-level page, yes. Otherwise, no. Also, I don't know if all NoScript plugins for all browsers happen to have that option. All in all, I'd say it's better not to host anything critical to the usage of the site on a free cloud hosting service.

NoScript is a very specific plugin for FireFox. As far as I know, there aren't any other NoScript plugins for different browsers, though there may be no script plugins for them.