

Heads Up: Does your site still work with IE8's InPrivate Blocking turned on? - briansmith

I noticed a lot of sites, including the sites of some YC companies, have lost a lot of functionality when InPrivate Blocking is turned on. Basically, any site that JavaScript or images from from another domain (especially addthis.com, google-analytics.com, gravatar, disqus, intensedebate, adsense, recaptcha, etc.) are breaking, sometimes badly. AFAICT, the only way to keep a site working in IE8 with InPrivate Blocking turned on will be to host <i>everything</i> from the same domain (or a subdomain) as the page.<p>Note that InPrivate Blocking functions independently of InPrivate Browsing; you can keep your local history and cookies functional (InPrivate Browsing Off) while having InPrivate Blocking On. That means it is convenient enough to use all the time (like I am doing) in order to block ads and other annoying widgets. It is also something that is pretty easy to turn on and use accidentally (especially since its effects don't start right away).<p>If you depend on any third-party content on your site, you should definitely make sure your site works in InPrivate Blocking mode before IE8 gets pushed out to millions of people on Windows Update.
======
simonk
Is that really how it works? If you have CDN like Facebook you have things on
other domains.

~~~
briansmith
AFAICT, you can have things on another domains if and only if nobody else but
you is using the same objects on the same domain. But, anybody will be able to
DoS you by simply linking to content on that domain.

My understanding is that it works like this example:

My domain is example.com and I have a CDN examplecdn.com for images (e.g.
<http://examplecdn.com/dog.jpg>). Now, let's say an attacker posts a link to
<http://examplecdn.com/dog.jpg> to Reddit and Digg. If a user visits
example.com, Reddit, and Digg while they are all linking to that image, and if
the user has his InPrivate Blocking level set to "3", that image will stop
loading from all pages not hosted on examplecdn.com, including example.com.

