Open Giszmo opened 8 months ago
i can do up a "how it works".
regarding your concern, there are no reading of user browsing history (dont have permission).
Well, the full history gets leaked to the relays if you check with every tab all the time if there is any conversation on nostr.
Pulling events wont write data to relays. Only posting will attached the active tab's URL to the event's JSON.
The relay still gets the query which tells it the url. It doesn't broadcast it but the relay has to be trusted here.
Right. What do you suggest then?
As I said in the issue description I would tell the users.
Sadly there is probably no elegant way around the privacy issue. Hashing would fix the security issue though.
So imagine you are browsing a domain that puts a secret into the URL - early browser bitcoin wallets did that. Your current implementation might currently query the relays for the full https://domain/path?query#anchor
. The anchor
is generally supposed to always remain local but path and query are also a privacy concern. Also the query
and anchor
might contain random stuff that you would not want in your request anyway. So you would need first a normalization where you get rid of session cookies and other such stuff but then you could hash the /path?query
part assuming the anchor
part was dropped anyway. This way, even if /path?query
does contain a secret, you won't leak it unless somebody actually comments on that page.
you're right about the params, I've stripped off the URL in 0.0.11
.
In order to get relevant events, the extension has to query those and the query has to contain the URL. URLs are a privacy and sometimes a security issue. Please add in the description how the user's browsing history is handled. This might require a disclaimer or warning that all URLs of all tabs will get leaked to all configured relays or something.