Today we launch SecurityBaseline: monitoring 67.000 governments and 200.000 sites.
Headlines: 3.000 governmental sites use tracking cookies illegally, over 1.000 database management interfaces are publicly reachable, 99% of governmental email is poorly encrypted.
> 3.000 governmental sites use tracking cookies illegally
In the USA the government often excludes itself from privacy and other similar laws, did the EU fail to make that distinction?
Maybe post this as Show HN? And adjust headline to fit max chars.
Thanks, will do that.
yes
Tiny request that you probably can't do anything about - but despite this page being in English, the HTML is incorrectly reporting it as lang="nl-NL" in the first line of the source. There's a few other hreflang="nl" floating around pointing to English pages as well.
(Only noticed because I have a tiny indie search engine that can only index English right now, and the "nl-NL" is causing the page to be misclassified.)
Weird niche bug report aside though - love to see this project, congratulations for working on this. I think it's a great idea.
I'd personally love to see a closer look on government sites that drop cookies before the consent banner has asked permission to do so. I'm not worried about cookies, but if we're going to ignore the consent banner anyway, why waste everyone's time with asking in the first place.
Q: would you mark google.com with any "high risk" findings?
there are quite a few like this, that on close inspection, are just fine
I see some 25 French municipal sites are on "sites.google.com". By default we also import and attribute the main domain google.com to those organizations. That is usually correct, but obviously wrong in this case.
The data was removed, and tomorrow's reports will reflect that.
the question is: if `https://www.google.com` were to be included in this analysis, would you expect to see any "high risk" findings?
and the reason i ask is that some of the findings, i have seen, would apply to google.com, yet no one would consider them "high risk", so why do this to other services?
this effort would be better served by raising attention to truly important issues, or defects, than to try to identify as many problems as possible, and for lack of a better word, presenting the results in a away that's unnecessarily dramatic