Why so many sites depend on JavaScript from external domains?

3 points by neemetamm ↗ HN
Browsing web without Javascript is sort of a blessing: there are almost zero advertisements and the experience is often noticeably faster. For sites that require Javscript such as SPA-s, I can always add an exception to my NoScript plugin.

However, many sites that don't work without Javascript, include scripts from other domains belonging to Google, Facebook and plethora of advertisement platforms. All of them are known for tracking and profiling users in order to exploit their data for monetary reasons.

My question is that what are the technical justifications of loading a script from external server?

I can see more cons than pros:

+ browser can cache the file and when multiple sites use the same file, the experience will be faster as there is no reason to download the file more than once, + it is easier to copy-paste the URL of the dependency rather than download and host it yourself.

- when the external service goes down, so does your site, - external services can and will track your visitors, - as a developer, you cannot view your own site in local machine when offline - the external domains may be blocked by your ISP or country - people with NoScript plugin have to review every domain you download your script from to see if it can be trusted ;)

4 comments

[ 0.81 ms ] story [ 17.0 ms ] thread
They use them:

a) to improve page load times by serving resources the user's browser may have already cached

b) to serve ads

c) to track usage so that they can optimize advertising and conversions

d) in some cases, to implement A/B testing experiments without having to hard-code them into the site

The downsides you mention are pretty minimal. For the vast majority of sites:

a) NoScript users are a teensy minority so small as to be statistically insignificant

and

b) the site is FAR more likely to have downtime of its own infrastructure than for Google or Facebook or whatever other CDN to go down.

(comment deleted)
It's also a security risk. JS from an external domain could easily capture login form data.
There are no feasible technical justifications for doing so.

The big touted benefit (caching) is a non-issue IMHO, since it only helps the first page (if you haven't visited the site before, at least) - after that, even if the files had been originally delivered from your website, they'd be delivered from cache either way.

As a developer, you might at some point have to develop on a site while not having an internet connection - good luck with that. Even your local copy is going to throw up.

Saying that your site is more likely to be down than Facebook's site is also a false positive. If your site is down, nothing works, obviously. If Google's CDN site is down and yours isn't - your site still won't work. There is absolutely no reason to add one more point of failure to your site. Many of the 3rd-party sites used to load JS and even CSS do not have the technical staff or knowledge of Google or Facebook.

The main reason I actually see this being done is due to laziness. No need to go download the file locally and maintain it. No need to make sure the server is setup properly and sending the right cache headers. Just copy/paste a link and forget about it. Who cares?