[Feature Request] For user privacy only allow access of data to user added Nostr client domains

[Sakhalinfox]

Currently most Nostr signer extensions like Nos2x, Nos2x-fox and Alby require permissions to "access data from all websites" which I feel is a bit excessive with regards to user privacy. Although I trust that the extension may not do anything with the data from other websites, I feel there could be a way for the user to configure a list of domains on the extension properties or options to allow access to data just for those domains.

Here is how I envision this to work:

1. User installs the extension and the extension allows probably just access to data for a default list of Nostr client domains like astral.ninja, snort.social...etc and clicks to 'Allow' during extension installation phase.
2. The user inputs their private key and saves it on the extension
3. The user is then presented with another options page on the extension to setup list of Nostr web client domains to allow access for data for the extension to sign events as per NIP-07 or NIP-04.
4. The extension sees only data for those list of websites/domains added.

An example of an extension that does this is Sponsorblock which allows only Youtube domains or user configured local or external domains.

I will be cross posting this on nos2x and alby extension GitHub repositories as well for a more open discussion.

[fiatjaf]

Can you post the link to your Alby post here? I want to follow it and see what they say there.

[Sakhalinfox]

Can you post the link to your Alby post here? I want to follow it and see what they say there.

Sure, here the the cross posts links:

• Alby
• Nos2x-fox

[Sakhalinfox]

I think I may have answered my own question in a way.

On Google Chrome you can do this now by going to extensions > extension details > site access > Allow this extension to read and change all your data on websites you visit > Can choose on click or on specific sites and define a list of sites or perform an 'on click' action to self-authorize reading or changing of data.

On FireFox the option is not readily available in the add-ons page. So, I still need to figure out how to do this.

[sondreb]

I think I may have answered my own question in a way.

Yes, that is the correct way of doing this, not on extension level. Extensions can decide not to load on certain domains, like Blockcore Notes does with an deny-list (stops from loading) and allow-list (shows green validated domain).

[Sakhalinfox]

I'll close the Feature request here since Nos2x is only for chrome and not Firefox anymore. So, I'll continue to discuss on the Nos2x-fox and alby issues since Firefox currently doesn't provide a UX option to control extension permissions for list of user defined domains for access of data.