Please be clear about privacy concerns

[jbenet]

Please add a section to the readme on user privacy that outlines what information this extension leaks and to whom.

[dylanPowers]

Ideally, all requests will never go to computers the user doesn't have control of. Currently it doesn't because I trust gateway.ipfs.io and the networks my requests are going through to get to gateway.ipfs.io. Plus the information I'm sending and retrieving at this point is rather boring. Of course this is all relative to my personal circumstances. With that said, my future intentions are to allow the user to set their own list of back up ipfs daemons to use with the default of it being disabled by default. Having back up servers is nice for devs and when I'm on my chromebook and may or may not have the ipfs daemon running...it's more about flexibility than anything else, but I think it's a pointless feature for the average user and I agree that it needlessly leaks information. For now, I'll link to this in the readme until I have these privacy concerns taken care of

[jbenet]

Ideally, all requests will never go to computers the user doesn't have control of.

yeah, wonder if it would be nice to have an indicator that shows where it's being loaded from: "green " for local and "{gray or yellow} globe" for gateway.ipfs.io.

i trust ... the networks my requests are going through to get to gateway.ipfs.io.

I'd say it's a mistake to trust either the networks and the gateway. I don't trust them, and I'm one of the admins who runs them.

We currently don't even have TLS enabled on gateway.ipfs.io (partly because i don't have a strong regard for the security afforded by the CA system today, and mostly because we just haven't gotten to it), so it's especially bad.

But even after having TLS, it's not that secure. TLS and the CA system has lots of holes. [MITM is not that hard](I've been MITM many times (passive attacks, not targetted). MITM is not hard, and TLS has lots of attack surfaces.

Security is hard. And it's gotten consistently wrong by major organizations.

my future intentions are to allow the user to set their own list of back up ipfs daemons to use with the default of it being disabled by default. Having back up servers is nice for devs and when I'm on my chromebook and may or may not have the ipfs daemon running..

sounds like a good path forward :+1: sgtm.

it's more about flexibility than anything else, but I think it's a pointless feature for the average user and I agree that it needlessly leaks information.

i think it's pretty useful.

also, information leaking can be a big deal. in some countries, people are thrown in jail for participating in the wrong websites. Observing HTTP flows between two IP hosts can be a reason enough. This is really happening. Look into censorship resistance projects like https://getlantern.org and the users they serve.