HanabishiRecca
commented
10 months ago I actually realized that it pulls online content from https://improvedtube.com/wishes Now I'm also conerned about potential tracking and privacy issues.
Open HanabishiRecca opened 10 months ago
HanabishiRecca
commented
10 months ago I actually realized that it pulls online content from https://improvedtube.com/wishes Now I'm also conerned about potential tracking and privacy issues.
ImprovedTube
commented
10 months ago hi,
I get it
yay!
pulls online content
an iframe is used to isolate the Github API call from the extension context.
Current popup is very intrusive
not very. (and can be revised/polished.)
more importantly, there should be donations (none currently) and more contributions. The current ~580000 users are comparably collectively ignorant though about that project.
Advertising
The term advertising is often associated with "little context" (or "spam which can finance itself, because media owners are pessimistic/greedy enough to sell their user's attention for $0.0..)
Yet our thread-list is essential, visually non-instrusive content, informing whats going on. (and reminding we are active). (No authors, no app.)
And if i'd chos, for me, it would raise my productivity, if we would move the box in the header and maybe the project would be better overall. - Everybody should reconsider(?) what they are doing If more people came here to type something like you, that would be exciting. Where are they?
On top of that, it does not follow the current theme.
- you can make suggestions. (A bit transparent it blends in. Different font makes it is easy to distinguish form features)
Thanks
HanabishiRecca
commented
10 months ago Description explicitly claims that the extension runs offline.
The current behavior definitely not conforms with that. Not even talking about privacy and security concerns it raises.
But I'm not here to debate. I just stated facts I see.
ImprovedTube
commented
10 months ago hi @HanabishiRecca, it can be fixed /switched off. and technically you can suggest the best possible alternative
Yet our conversations are essential content of the project, informing whats going on.
...in other words /update: We have 2800 stars on Github. So right now we have more than 200 times more users than stars.
I will sleep deeper if the ratio goes down already, so that the product will be better sooner. You see the chart turning up quickly in the last few days (justifying the step taken yet). 
Once it slows down again, then we will have a justification to shrink/reduce the content.
concerns
Please specify which, so that it doesn't sound like fud? Our features with extension permissions run offline. 99.99% of internet users are fine with an iframe. Else they might use [noScript] (to block JS and/or iframes) (https://chromewebstore.google.com/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm)
so they wont see our GitHub frame by default, unless they already whitelisted the domain. (and these 0.00X% might not use YouTube and btw all browser stores track usage of extensions (we can see anonymized statistics in the developer dashboards
(cant be switched of). So a user who has tracking-panic is virtually not-existent 🤔
sorry for any vebosity! i think both of us could have published a fix by now. thanks
HanabishiRecca
commented
10 months ago it can be fixed /switched off.
It would be good. Can't say for other users, but for me personally the popup is irritating. Especially considering that it slaps on top of the interface, blocking actual menu items. Feels like an annoying ad popup.
and technically you can suggest the best possible alternative
At this point I can only suggest:
So right now we have more than 200 times more users than stars.
I understand what you are trying to accomplish. But that is overly-aggressive promotion in my opinion. Most regular users will be ignorant about it anyway, but I think it may became a negative factor for techy users like me, i.e. your actual stargazers and contributors.
Please specify which, so that it doesn't sound like fud?
Isolated iframe still can be used for tracking/fingerprinting on the server side. Even if you never do so, the website can be hacked and a malicious actor will be able to render arbitrary content in it.
Also new 0-day browser exploits are being found constantly, allowing to escape the sandbox and run arbitrary code in the system. Yes, such exploits are usually being patched quickly, but not all users are concerned to update the browser immediately.
I.e. it adds a new risk factor, which is not really justified / not required for the extension to run.
Else they might use [noScript] (to block JS and/or iframes)
I would prefer to trust the extension and not being forced to use an ad/script blocker for it. 🙂
ImprovedTube
commented
10 months ago Also new 0-day browser exploits are being found constantly, allowing to escape the sandbox and run arbitrary code in the system.
i mean extensions run's JS at yours already
website can be hacked
we can host the iframe in the github repo instead.
HanabishiRecca
commented
10 months ago i mean extensions run's JS at yours already
Extension is open source and also verified by addons marketplace, so it is less likely to be compromised.
we can host the iframe in the github repo instead.
Yeah, that sounds better. It will be way more transparent.
Bug Report:
BUG: The new popup (introduced in 4.580 I guess?) is intrusive and breaks layout. HOW: See the screenshot. ImprovedTube Version: 4.581
Screenshot
Current popup is very intrusive, please make an option to disable advertising. I get it, it does not need to be there all the time.
It also breaks layout of the extension itself, making bottom menu items inaccessible in the list mode. On top of that, it does not follow the current theme.
Browser: Firefox 121.0 OS: Linux