I mostly do front-end work, so I get why you would default to CDNs - it's more likely that users ALREADY have that CDN link downloaded and cached on their machine than not. It's absolutely an upgrade for 99.9% of most use cases.
Here, on the other hand, you are trying for peak privacy, though, so the situation reverses. Every single third-party request is a potential attack vector. Contrary to general best practices, you would want to force yourself to include every CDN package unless there was some MASSIVE benefit to excluding them (and disabling the utility that relies on it), like hundreds of MBs of data for a rarely-used utility, or something that you wouldn't want to force on the majority of users.
That aside, I really appreciate this collection! Local first will always be preferred to server apps as far as I'm concerned, so this is fantastic!
> it's more likely that users ALREADY have that CDN link downloaded and cached on their machine than not
This isn’t how it’s worked for years. Browser isolate isolate assets like this to mitigate fingerprinting which renders the whole concept of use-CDN-since-it’ll-be-cached moot.
I mostly do front-end work, so I get why you would default to CDNs - it's more likely that users ALREADY have that CDN link downloaded and cached on their machine than not. It's absolutely an upgrade for 99.9% of most use cases.
Here, on the other hand, you are trying for peak privacy, though, so the situation reverses. Every single third-party request is a potential attack vector. Contrary to general best practices, you would want to force yourself to include every CDN package unless there was some MASSIVE benefit to excluding them (and disabling the utility that relies on it), like hundreds of MBs of data for a rarely-used utility, or something that you wouldn't want to force on the majority of users.
That aside, I really appreciate this collection! Local first will always be preferred to server apps as far as I'm concerned, so this is fantastic!
> it's more likely that users ALREADY have that CDN link downloaded and cached on their machine than not
This isn’t how it’s worked for years. Browser isolate isolate assets like this to mitigate fingerprinting which renders the whole concept of use-CDN-since-it’ll-be-cached moot.
> CDNs are necessary
What exactly can't be repackaged / hosted alongside?
The bloat is still there, regardless of where its downloaded from.
It could all be done alongside but this seems redundant to me, the resources are already hosted elsewhere specifically for this purpose.
Right, including extra user tracking.
Yes, everything online seems to want to track you. I will seriously consider making all resources local. Then the tools could be used offline as well.