Eliminate reliance on the fraidyc.at domain

[PresGas]

Hello! This is more a question than a bug so made a blank form. In trying out fraidycat on Firefox, I am noticing the tab for my installation has the fraidyc.at URL in it rather than something like: moz-extension://bigoluuidnumber/extrabits Is the data passing through the hosted service there rather than local to our machine? Where is all the data stored?

Another thing I tried was uninstalling the addon and then going to the old url. It prompted me to install it again, but instead of having a clean slate to add follows it showed all my previous data (as if the addon was never uninstalled).

Any extra info on this would be appreciated. It may be a good place to explain the privacy thinking for the project.

Thanks!

[kickscondor]

I used to serve the app from the moz-extension:// url but ran into issues with that because the background script would run on the same page as the extension. This meant that the app would freeze while it was doing fetches.

So I now use the https://fraidyc.at/s/ url just to solve the issue. No data is sent to the server. And very little HTML is used from that address. It simply allows the extension and the background script to run separately.

I realize that this isn't the best option - especially if fraidyc.at ever goes down - but I can't find a way around it at the moment.

[PresGas]

I appreciate the explanation and does put me at ease! :+1: I think my question/concern was how much it "phoned home" and maybe how to explain it if I recommended it to others. So when it used to freeze, it would eventually unfreeze when the process was finished? Finally, when it froze; would app be the whole browser or just the tab?

[kickscondor]

There are two requests to https://fraidyc.at/:

• The HTML wrapper at https://fraidyc.at/s/ which is an empty page the extension can inject itself into.
• The https://fraidyc.at/defs/social.json file, which updates any rules for fetching data - this allows me to fix issues with Twitch, Facebook, Reddit and other sites that are a moving target, without needing to get a new download approved. (Similar to ad blockers.)

Yes, the process would eventually unfreeze. Any tabs with Fraidycat open would freeze.

[kickscondor]

I should add that I don't keep logs for the fraidyc.at domain and I never will. Don't care about the statistics.

[PresGas]

You are made of awesome! Thanks for the additional info AND (of course) keeping it FLOSS for people to find/verify these things on their own!! Feel free to close this or make a summary part of your FAQ.

[JasonSwindle]

Is there an option to use our own domain / domain name vs fraidyc.at?

[makew0rld]

I realize that this isn't the best option - especially if fraidyc.at ever goes down - but I can't find a way around it at the moment.

fraidyc.at is currently down. For me anyway, this site says it's up for some reason. This is a great extension, but I think it's very important to remove the dependency on the domain. Currently I can't use the extension because the domain is down.

Additionally, as I understand it, the domain also represents an attack vector, where the private contents of the extension could be extracted or modified.

[JasonSwindle]

I can conform as well that https://fraidyc.at/s/ is not working, thus making the add-on unusable.

[makew0rld]

Now working again.

[JasonSwindle]

We really need to have this add-on work if the domain goes down or if the author just buggers off and leaves this software as abandoned ware. @kickscondor What happens, and how do we prevent this?

[kickscondor]

I agree with all of these sentiments! This is the one major weakness in my approach right now. I don't know of a good way around it - given the problems I listed up higher.

Perhaps there is a way to intercept the call to fraidyc.at/s/ from the extension and prevent it from even hitting the server - and responding with the full web app (which is already being injected by the content script.)

I don't actually need to hit the fraidyc.at server - I just need the external domain, in order to have the web app run in a separate thread from the background script.

[makew0rld]

I don't work with JS, but is not possible to use web workers? This article explains how, although it is old.

[aereaux]

I know very little about web/extension development or the problems involved here, but just some ideas (that might not work):

• Is it possible to have a fallback moz-extension:// that is used when the fraidyc.at site is unavailable?
• Or perhaps allow me to configure my own URL. This probably wouldn't work for everyone, but I have an HTTP server running on my machine that I could serve something with.

[lost-books]

this is just to ping @kickscondor that https://fraidyc.at/s/ is currently down

love this app & have become reliant on it. would be nice to have it able to run locally or on my own server to avoid this issue. cheers!

[JoshMock]

whois fraidyc.at says the domain is pending deletion and, if I'm reading correctly, that it officially expired 2023-01-28. :grimacing:

[aereaux]

Anyone have a workaround or a way to extract one's feeds?

I'm not an expert in how firefox extensions store data, but it seems that there's some data in storage-sync-v2.sqlite in the profile directory.

[JoshMock]

Anyone have a workaround or a way to extract one's feeds?

There's a page on the wiki about this. About to give it a try to see if it works, will report back.

[JoshMock]

The directions for Firefox worked correctly, can't vouch for Chrome. I'd suggest copying the output of logging /follows.json and saving it to a file on your computer as a backup. All the metadata about your RSS feeds, titles, tags, etc. is in there.

[tcecyk]

(FF on Linux) echo "select data from storage_sync_mirror;" | sqlite3 ~/.mozilla/firefox/*.fraidycat/storage-sync-v2.sqlite | jq '.[].data | fromjson | ."follows/1" | fromjson' and iterating on follows/1..n is a oneliner to extract feeds

[lost-books]

nice to see this service back online today, but still interested in how as a non-technical user i can run it without reliance on a 3rd party server!

[mustaqimM]

The fraidyc.at domain was renewed on 2023-04-14 but @kickscondor hasn't been online since 2022. Is the owner of the domain still them?

[JoshMock]

Absolutely no promises yet, especially if my ADHD hyperfocus moves on to a new subject before I get a functioning prototype, but I'm working on a fork of Fraidycat that runs as a standalone web server and does all the RSS fetching server-side. I only have so much free time to devote to it but I'm chipping away at it a little bit most days, but I'll post here if/when something is ready.

[kickscondor]

@JoshMock There is also a branch with similar work, if you are interested: v1.1. It runs Fraidycat under a local web server using uWebsockets. Of course, don't let this deter you from forking! I have not had time to work on Fraidycat or any of my personal endeavors.

[kickscondor]

Can I also ask anyone who is monitoring this issue - are you interested in removing all contact with fraidyc.at? As I mention here, the scraping rules are regularly updated by hitting that site as well.

We can do this by way of a poll: (react to this comment)

👍 I'm okay with the updates to scraping rules coming from Fraidyc.at. 👀 I like the auto-updates to scraping rules, but wish they came from Github or somewhere else more reliable. 👎 I personally don't want the extension to contact Fraidyc,at or anywhere else for scraping rules and would prefer to manually update.