
Ask HN: What to put first by creating a new app – performance or privacy? - tymbaka
Hi HN!<p>I have currently a dilemma - to sacrifice my new web based application&#x27;s performance or user&#x27;s privacy. Both are harmed in a minor manner, but still.<p>The situation is following - I have to choose either to apply my tool on my user personal web pages so that I don&#x27;t break the page loading style, order and time, but brake users privacy - anyone can see in what ways my app is used in the particular webpage and the information may include user private data (such as future changes, content text versions etc.) via an insecure client-side validation. Or I can do it vice versa - brake the users web pages behaviour and keep users private data safe.
There is a possibility to let the user choose what method to use, but I guess that makes the tool too complicated to use (explain the differences; lower overall trust in the tool; time to develop both solutions).<p>Which path would you advise to choose?<p>As for a real world example - let&#x27;s take http:&#x2F;&#x2F;www.convert.com and http:&#x2F;&#x2F;optimizely.com A&#x2F;B testing tools (both are chosen randomly in search of current, similar problem solutions). The first one loads the website test instantly but anyone with basic code knowledge can check what particular webpage tests are in progress. The second loads only the test you are allowed to see, but for a short time the users web page flickers from the original to test design.
======
kleer001
What is at stake? Is this a finance app? Is it keeping track of people's dog
sitting appointments?

The money/time involved in the application should drive the security measures.

No need to put a padlock on your bag lunch. And don't keep $10,000 in your
wallet.

Another thing, try to balance actual cost with potential cost. Somewhere
around 10:1 is a good place to start. Think insurance actuary tables. Are you
constantly being attacked? Are your user accounts worth millions? Would a
break-in reach international news?

