What's worse is when you see sites running JavaScript from multiple analytics companies, social media companies, and CDNs - even on pages that should be private (login forms, personal details, etc.). It's even worse when those sites break without those scripts. This is a concern that far too many developers overlook. I made this (harsh) comment [0] on such a site posted to HN a few months ago.
CDNs are way overrated, from what I've seen. I think, for most use cases, you're better off avoiding the multiple HTTP requests and just compressing all your JavaScript into a single file. Serve that from your own server and you'll save the client from another domain name resolution too.
Do yourself a favor and install NoScript. For one thing, it will show you how easily Google can (or, could have) track your internet usage - and, as you pointed out, so much more. In my experience, about 50% of sites serve scripts from some Google domain.
You're welcome! And I agree that the upsides of CDNs are overrated - but in fairness they do have the benefit of being very easy to use, high performance, and ease the bandwidth costs of applications. The geographical proximity thing is a nice feature, and expensive to reproduce. Of course, even these upsides come with their own downside: front-end developers have gotten into the habit of including every lib under the sun. Heck, it's just a script tag! This makes the page heavier, which makes the CDN even more indispensable, and it leads to a downward spiral of browser-hosted bloat-ware that requires a CDN to load in a reasonable amount of time. This is, of course, a win for the CDN sponsoring companies.
What's remarkable to me is how ubiquitous and unquestioned the use of CDNs has become.
BTW NoScript/Ghostery don't address the CDN issue. They don't actually block CDNs, they just block explicit trackers (mainly in the forms of iframes and scripts linked to known-bad hosts).
NoScript is configured by default to only allow scripts and "active content" to run from domains you allow. You can temporarily allow certain domains, or permanently allow them. So yes, it does address the CDN issue. If someone includes a script from apis.google.com, that script won't run until I permit content from that domain to run (and I only ever do that temporarily, and only if the site needs it). Likewise for any other domain: CDN, analytics, whatever.
I don't know much about Ghostery - NoScript addresses most of my privacy concerns around web browsing.
What's worse is when you see sites running JavaScript from multiple analytics companies, social media companies, and CDNs - even on pages that should be private (login forms, personal details, etc.). It's even worse when those sites break without those scripts. This is a concern that far too many developers overlook. I made this (harsh) comment [0] on such a site posted to HN a few months ago.
CDNs are way overrated, from what I've seen. I think, for most use cases, you're better off avoiding the multiple HTTP requests and just compressing all your JavaScript into a single file. Serve that from your own server and you'll save the client from another domain name resolution too.
Do yourself a favor and install NoScript. For one thing, it will show you how easily Google can (or, could have) track your internet usage - and, as you pointed out, so much more. In my experience, about 50% of sites serve scripts from some Google domain.
[0]: https://news.ycombinator.com/item?id=7187593