Some privacy issues with master.pureos.net and software.pureos.net


#1

Hello,

as a company with privacy in mind, you will probably be interested in the following issues. They concern the websites at master. pureos. net and software. pureos. net, which I stumbled upon due to a recent blog post about PureOS.

  1. Both sites do not redirect from http to https by default.

  2. They embed scripts from foreign hosts, namely jquery. com, bootstrapcdn. com and cloudflare. com. Although that is a bad practice, many websites do the same. And this as a consequence, enables the three to track many unaware web users over a great number of websites. I am sure, your visitors do not want to get tracked. Please stop it!

You can either host javascript libraries yourself, or you can replace them. A look at http://youmightnotneedjquery.com/ might help (or might not). I am not going to demand a functioning website without javascript, although this would be ideal. Maybe at least print a warning if javascript is disabled.

  1. Not privacy-related, but still an issue: master.pureos.net simply does not work completely. Probably it is still under construction, which increases my hope that you will fix the above issues.

Cheers!

PS: I have inserted spaces into domain names to circumvent the annoying forum restriction of max 2 links per post. Also, is there really no preview function?