kickscondor / fraidycat

Follow blogs, wikis, YouTube channels, as well as accounts on Twitter, Instagram, etc. from a single page.
Other
1.76k stars 56 forks source link

Eliminate reliance on the fraidyc.at domain #210

Open PresGas opened 3 years ago

PresGas commented 3 years ago

Hello! This is more a question than a bug so made a blank form. In trying out fraidycat on Firefox, I am noticing the tab for my installation has the fraidyc.at URL in it rather than something like: moz-extension://bigoluuidnumber/extrabits Is the data passing through the hosted service there rather than local to our machine? Where is all the data stored?

Another thing I tried was uninstalling the addon and then going to the old url. It prompted me to install it again, but instead of having a clean slate to add follows it showed all my previous data (as if the addon was never uninstalled).

Any extra info on this would be appreciated. It may be a good place to explain the privacy thinking for the project.

Thanks!

kickscondor commented 3 years ago

I used to serve the app from the moz-extension:// url but ran into issues with that because the background script would run on the same page as the extension. This meant that the app would freeze while it was doing fetches.

So I now use the https://fraidyc.at/s/ url just to solve the issue. No data is sent to the server. And very little HTML is used from that address. It simply allows the extension and the background script to run separately.

I realize that this isn't the best option - especially if fraidyc.at ever goes down - but I can't find a way around it at the moment.

PresGas commented 3 years ago

I appreciate the explanation and does put me at ease! :+1: I think my question/concern was how much it "phoned home" and maybe how to explain it if I recommended it to others. So when it used to freeze, it would eventually unfreeze when the process was finished? Finally, when it froze; would app be the whole browser or just the tab?

kickscondor commented 3 years ago

There are two requests to https://fraidyc.at/:

Yes, the process would eventually unfreeze. Any tabs with Fraidycat open would freeze.

kickscondor commented 3 years ago

I should add that I don't keep logs for the fraidyc.at domain and I never will. Don't care about the statistics.

PresGas commented 3 years ago

You are made of awesome! Thanks for the additional info AND (of course) keeping it FLOSS for people to find/verify these things on their own!! Feel free to close this or make a summary part of your FAQ.

JasonSwindle commented 3 years ago

Is there an option to use our own domain / domain name vs fraidyc.at?

makew0rld commented 3 years ago

I realize that this isn't the best option - especially if fraidyc.at ever goes down - but I can't find a way around it at the moment.

fraidyc.at is currently down. For me anyway, this site says it's up for some reason. This is a great extension, but I think it's very important to remove the dependency on the domain. Currently I can't use the extension because the domain is down.

Additionally, as I understand it, the domain also represents an attack vector, where the private contents of the extension could be extracted or modified.

JasonSwindle commented 3 years ago

I can conform as well that https://fraidyc.at/s/ is not working, thus making the add-on unusable.

makew0rld commented 3 years ago

Now working again.

JasonSwindle commented 3 years ago

We really need to have this add-on work if the domain goes down or if the author just buggers off and leaves this software as abandoned ware. @kickscondor What happens, and how do we prevent this?

kickscondor commented 3 years ago

I agree with all of these sentiments! This is the one major weakness in my approach right now. I don't know of a good way around it - given the problems I listed up higher.

Perhaps there is a way to intercept the call to fraidyc.at/s/ from the extension and prevent it from even hitting the server - and responding with the full web app (which is already being injected by the content script.)

I don't actually need to hit the fraidyc.at server - I just need the external domain, in order to have the web app run in a separate thread from the background script.

makew0rld commented 3 years ago

I don't work with JS, but is not possible to use web workers? This article explains how, although it is old.

aereaux commented 3 years ago

I know very little about web/extension development or the problems involved here, but just some ideas (that might not work):

lost-books commented 1 year ago

this is just to ping @kickscondor that https://fraidyc.at/s/ is currently down

love this app & have become reliant on it. would be nice to have it able to run locally or on my own server to avoid this issue. cheers!

JoshMock commented 1 year ago

whois fraidyc.at says the domain is pending deletion and, if I'm reading correctly, that it officially expired 2023-01-28. :grimacing:

aereaux commented 1 year ago

Anyone have a workaround or a way to extract one's feeds?

I'm not an expert in how firefox extensions store data, but it seems that there's some data in storage-sync-v2.sqlite in the profile directory.

JoshMock commented 1 year ago

Anyone have a workaround or a way to extract one's feeds?

There's a page on the wiki about this. About to give it a try to see if it works, will report back.

JoshMock commented 1 year ago

The directions for Firefox worked correctly, can't vouch for Chrome. I'd suggest copying the output of logging /follows.json and saving it to a file on your computer as a backup. All the metadata about your RSS feeds, titles, tags, etc. is in there.

tcecyk commented 1 year ago

(FF on Linux) echo "select data from storage_sync_mirror;" | sqlite3 ~/.mozilla/firefox/*.fraidycat/storage-sync-v2.sqlite | jq '.[].data | fromjson | ."follows/1" | fromjson' and iterating on follows/1..n is a oneliner to extract feeds

lost-books commented 1 year ago

nice to see this service back online today, but still interested in how as a non-technical user i can run it without reliance on a 3rd party server!

mustaqimM commented 1 year ago

The fraidyc.at domain was renewed on 2023-04-14 but @kickscondor hasn't been online since 2022. Is the owner of the domain still them?

JoshMock commented 1 year ago

Absolutely no promises yet, especially if my ADHD hyperfocus moves on to a new subject before I get a functioning prototype, but I'm working on a fork of Fraidycat that runs as a standalone web server and does all the RSS fetching server-side. I only have so much free time to devote to it but I'm chipping away at it a little bit most days, but I'll post here if/when something is ready.

kickscondor commented 1 year ago

@JoshMock There is also a branch with similar work, if you are interested: v1.1. It runs Fraidycat under a local web server using uWebsockets. Of course, don't let this deter you from forking! I have not had time to work on Fraidycat or any of my personal endeavors.

kickscondor commented 1 year ago

Can I also ask anyone who is monitoring this issue - are you interested in removing all contact with fraidyc.at? As I mention here, the scraping rules are regularly updated by hitting that site as well.

We can do this by way of a poll: (react to this comment)

👍 I'm okay with the updates to scraping rules coming from Fraidyc.at. 👀 I like the auto-updates to scraping rules, but wish they came from Github or somewhere else more reliable. 👎 I personally don't want the extension to contact Fraidyc,at or anywhere else for scraping rules and would prefer to manually update.