Changelog Interviews Securing ecommerce: "It's complicated"
5 snips
Mar 20, 2025 
Ilya Grigorik, a distinguished engineer at Shopify, dives deep into the complexities of securing e-commerce checkouts from threats like digital skimming. He highlights the importance of PCI compliance, particularly the transition to version 4, and shares insights on managing scripts safely during checkout. Ilya also discusses innovative techniques like sandboxing and Content Security Policies to enhance security without sacrificing performance. Tune in to discover how technology is evolving to keep online shopping safe and efficient!
AI Snips
Chapters
Transcript
Episode notes
PostRank Acquisition
- Ilya Grigorik's startup, PostRank, aimed to improve search algorithms by incorporating social signals like thumbs-up and comments.
- This led to its acquisition by Google and Grigorik's work on Google Analytics.
Quantifying Web Performance
- Defining and quantifying web performance is crucial, moving beyond subjective assessments like "that felt slow."
- This led to Grigorik's involvement in the W3C Web Performance Working Group, focusing on objective metrics.
Core Web Vitals and ROM
- Core Web Vitals aim to define key metrics for a good website experience, like heartbeat signals for a human body.
- Real user measurement (ROM) is critical because the online world is unpredictable.