The dark side of AJAX

Today I’d like to share an interesting article written by Earle Castledine back in 2005, where he considers the potential risks that certain implementations of AJAX pose to the security and privacy of web users. It is titled “Using the XMLHttpRequest Object and AJAX to Spy On You”.

“Currently, user profiling helps Web site owners detect trends, track page viewing habits and iron out usability problems. Until now though, developers could only analyze posted data—data that users decided they wanted the server to get, and were happy to send off for processing. But in a subtle shift, this balance of power has changed hands. With AJAX, a user’s actions can be constantly and meticulously monitored. Because it can be done, it will be done, and that will lead to a headache bigger than just wasted bandwidth, terabytes of useless information, and slower page load times…”.

Read the full article here.