Richard Stallman writes: > > PCI compliance is not required by law but is considered > > mandatory through court precedent. > > The crucial questions would be: required _of whom_, in what circumstances? If I understood it correctly, it’s required of the platform. They do not have the option to ship other code if they want their site to be allowed to process credit card data. But this is guesswork on my side. > > > I wonder if users could run the free version of that JS code > > > while talking with Stripe. > > > You could try replacing it in your browser. > > Yes, that's what I'm thinking of. The decentraleyes extension might be able to automate that: https://decentraleyes.org/test/ https://git.synz.io/Synzvato/decentraleyes Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de