Jsdelivr vs unpkg4/19/2023 ![]() Note that this re-downloading doesn't actually protect against any of the privacy concerns mentioned above (and in fact makes them much worse), it's only to stop random websites from being able to tell what other websites you've visited via cache timing attacks. One of the significant benefits touted by CDNs is speed, but this doesn't make as much sense as it once did.įirst off, modern browsers don't cache requests to CDNs across multiple domains, since that can be used to track users - this means that even if someone has already downloaded the library you're including from the CDN on one website, they'll have to download it again when they visit your website. (If you want to avoid getting tracked this way, Decentraleyes is a useful browser extension) Speed They pinky promise that they won't sell logs (privacy policy subject to unilateral change by them at any point, of course), and you just have to hope that they won't get hacked. Most people realize that companies like Google keep a profile of nearly everywhere you go on the web, but normal people haven't even heard of Cloudflare, and despite that, they have a similarly complete picture of where you go on the internet. When a website includes a javascript file with a CDN, that CDN is then able to tell that you've visited that website. The most major concern that stems from this centralization is that of privacy - in the normal case, the only people who know when you visit a website are the people running that website, and the operators of the internet infrastructure between your computer and the server (which is also shockingly centralized, but that's a story for another day). ![]() There's a fundamental tradeoff here between efficiency and resiliency, and when 12.5% of the internet can have an outage because of one provider going down, I think we've swung way too far away from resiliency, as a society. This means that one of these CDNs going down, or an attacker hacking one of them would have a huge impact all over society - we already see this category of problem with large swaths of the internet going down every time cloudflare or AWS has an outage. The big javascript CDNs are used by huge numbers of people - cdnjs brags that it's on 12.5% of websites on the internet, and serves more that 200 billion requests per month, jsdelivr serves nearly 100 billion requests per month, and unpkg serves ~2.4 billion unique IP addresses per month. Here are some reasons not to use a javascript CDN, and some alternatives to consider instead. ![]() However, it also has downsides when it comes to privacy, security, and systemic risk, and it may actually be slower in some common cases. This has the advantage that it's quicker to get started with, and it's often claimed to load faster. Many javascript projects have install instructions recommending that people use a CDN like jsdelivr or unpkg to include the code on their website. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |