Support

The reference to jQuery UI is a leftover. We will remove it. Thank you for the heads up. However I do take exception to your unfounded allegations.

I hate tracking and privacy violations more than you do. That's why I have forever ditched Google Chrome and Android (these DO track your browsing history, search habits and physical location). That's also why we replaced Google Custom Search Engine on our site with DuckDuckGo. And the list goes on and on. I personally HATE tracking and won't do anything which will cause my users to be tracked against their will. Implying otherwise is at the very least disrespectful.

You are confusing the Google tracking cookies with their CDN. The CDN cannot set and does not set tracking cookies since it's only serving a JavaScript file. You can check it yourself. The only things you send them is your IP address, the browser user agent string and the Referer field, outside of any behavioral context (browsing history). This information is far from being enough for tracking you. Let's not spread paranoia beyond technical feasibility and reason.

We only fall back to a remotely loaded file when the local file is not present. This is on purpose. If the JS file is not copied when you are transferring Kickstart's files you will be perceiving Kickstart as being broken. This is a problem that has a direct business impact because users are never willing to accept that they screwed up and they are the ones to blame for the issue they are experiencing. The only solution to that issue is either using a CDN to load jQuery or not using jQuery at all.

There are various public CDNs hosting jQuery but only Google's is HTTPS-aware and does not remove old versions of jQuery. The old versions is something very important since there are legitimate reasons for using an older version of Kickstart, e.g. using the Site Transfer Wizard on an old site where only an old version of Akeeba Backup -- with an older bundled Kickstart version -- is available.

Not using jQuery would be possible, with a thorough rewrite of Kickstart. This requires a substantial amount of time. We do not have that time since we spent two months working on GDPR compliance. This pushed everything back and we're already working 12-hour days, 7 days a week to catch up. I'm afraid that rewriting Kickstart, which works fine and is feature-complete, is very low on the list of priorities.

I would like to preemptively discount other possibilities. We cannot host the file ourselves, it's too expensive (just the downloads of the Core versions and the update information is $300 per month -- hosting jQuery would be at least 3x as much and possibly far more if other people started hot-linking to it). This is outside the affordable range. Using a different CDN is also a no-go for the reasons I mentioned. Bundling jQuery inside the .php file while technically possible causes a problem with the file being too big for many hosts to parse (therefore Kickstart doesn't work at all) or starts throwing false positives in malware scanners. Again, the only practical solutions are either using the Google AJAX APIs CDN like we currently do or rewrite Kickstart to not use jQuery. The latter will happen -- simply because modern browsers are consistent enough to not need a thick abstraction layer such as jQuery to handle compatibility, unlike 2008 when Kickstart was originally written -- but it's not a high priority at this moment.