Feature request - Consider storing only the hash of URLs queried serverside

[nobuyukinyuu]

As per #51, there are some concerns that this extension is track every URL you go to as its default behavior is to phone home to automatically determine the badge number displaying the number of comments on any given page. There is also a reasonable concern this data isn't really well anonymized server-side, as visited URLs can be clearly seen in the query string through Dissenter's website.

While not a perfect solution, by switching the query data associated with various URLs from direct strings of the URLs to hashes of these URLs instead, browsing can regain some anonymity with the extension enabled, as the true location of the URL can't be easily determined from the server or 3rd parties by hash alone. 3rd parties would still be able to figure out the URL if you post or are in-chat on such a page or have commented there; Joining chat by default should probably also be an option to disable, but I may split this into a separate issue if there actually is one.

[jeroenev]

maybe also implement k-anonimity like HaveIBeenPwned has for their passwords api. urls are not nearly as sensitive data as passwords, but still, shouldn't be that difficult to implement

[kyrahabattoir]

To me it's not so much about 3rd party interception, since the connection to dissenter's server should be secured through SSL (please tell me it is), it's more that the dissenter servers have no business knowing that information otherwise it's not much better than the facebook "like" button.

[article10]

That would be nice, but in my opinion, hashing the URLs sent when having the Comment Badge feature enabled is really a first priority: https://github.com/gab-ai-inc/gab-dissenter-extension/issues/51 - barely any activity there since May of this year.

[nobuyukinyuu]

I'm surprised it's not marked wontfix, as after filing this issue I learned that the front page depends on not hashing URLs to determine what's trending. Perhaps it would be bad PR to do so, because the alternative would probably split the comments section into hashed and unhashed areas, with the former being impossible to integrate into a wider "social" network the way it seems the site is currently conceived without giving up the relative privacy hashing would theoretically serve.

[article10]

It would still be possible to add code to hash the URLs sent to Dissenter by the Comment Badge feature to be hashed, while the URLs on which comments are left are saved in Dissenter unhashed.

This would ensure privacy for those just browsing pages (especially when browsing pages without any Dissenter comments), and still allow Dissenter to display its front page of popular posts.

[kyrahabattoir]

To me, I'd suspect that they can't datamine the hell out of it if it's hashed as the real reason for the silence.

And who cares about the front page, that's hardly a useful feature.

[jeroenev]

After thinking this trough, Hashing would probably break a lot of the page detection logic many pages include additional parameters to find the right page, or extra info for browser history (like articleID for finding right article + title string, which can be optional), or have shortened versions, which all load the same page, but would result in different hashes

[RichyT]

That does bring up the interesting question of what exactly dissenter uses for the lookup. Is it algorithmic or custom tuned for some sites? It should definitely be possible to use an hash based solution. Perhaps have a checkbox for switching it on or off. The question then is would enough people adopt this that it would get backported into the main code and/or into the dissenter browser itself. It could be implemented without the support of gab itself but could it gain traction or would gab try to kill it even. Personally, I don't give a damn about "trending". The new tab thing doesn't even work on brave.