I tested what happens when you paste code into popular online developer tools. Some sites contact 96 external domains, set 540 cookies, and run real-time ad auctions on your data. Here is everything I found.
Well, nice to have validation of my feeling that what passes for “developers” nowadays are clueless idiots far more often than it used to be.
Site 5: regex101.com — The Honorable Mention What it does: Regular expression testing and debugging Why it is different: regex101.com stands out as significantly more privacy-respecting than the others tested. Here is what they do right:
My boy regex101, sorry if I ever doubted you.
I love you
It’s in the name after all. 1 regex, 0 other stuff, and 1 com.
I have never understood how a dev can be comfortable pasting a valid jtw Auth token into a random website to decode it, when there are several very good cli tools that will do this for you locally, faster, and much more securely
Yeah and this isn’t exclusive to dev tools. Shit like that is why I run umatrix in strict mode with JS disabled by default.
That
/unsaved/{id}path with a unique server-assigned identifier means your diff content was transmitted to and stored on their servers.Not necessarily. URLs can be changed client-side, within the browser, through JavaScript. The fact that the URL changed to unsaved alone is no proof. It could very well be browser-local, labeled unsaved and held in session store for example, ready to be saved.
With the other indications, you can of course make a guess and/or consider it a strong indication.
It should be pretty obvious/observable when observing interaction and network requests within the browser. A network request with the content as body would be much better proof.
