Open CollinChaffin opened 6 years ago
spmbt
commented
6 years ago Hi! I did explain it in this dialog: https://greasyfork.org/ru/forum/discussion/11352/quick-question In short words: Google cleans own localStorage in his domain google.com or national (google.de etc.), so we have to save settings of user in some another domain. For example, github.io
CollinChaffin
commented
6 years ago But why is MY data being stored on YOUR darn Github.io?!? Why not MINE? Your explanation makes no sense at all there are FAR FAR easier methods to store localstorage in a browser to a different area/variables that Google wouldn't clear (and I'm not agreeing that they even clear what you are saying they are) then to perform an active UPLOAD to a friggin other persons' Github hidden repo!
At no time in ANY of your descriptions either here on GH or on GF do you EVER mention you are storing a bunch of our Google data on YOUR personal storage, to which I have zero access. When you clearly are taking measures to obfuscate your code (I too am a DEV and this is very clearly obfuscated and now twice you have not even admitted to that) at the same time you are secretly without ever disclosing anywhere all your script users personally identifiable Google localstorage data on your personal Github, it looks beyond questionable to me and frankly sir, extremely violating to just about every fair use any privacy software statement in use today.
What is the reason if it is so harmless and innocent that you do not openly disclose this activity and post the full un-obsfucated version of this script for your users to review?
spmbt
commented
6 years ago Collin, I think you do not understand the work of localStorage in a bit. The data in localStorage is always stored on you, on your computer, whatever site you visit - spmbt.Github.io or your own. But the site must have a https protocol, because Google is working on such a protocol.
However, in the script I can not specify your site, since I do not know your site and do not know the stability of its work. About Github.io it is known that it is stable and that I can place on it the necessary JS script.
you are storing a bunch of our Google data on YOUR personal storage
--- I NOT STORE data to my storage (see above). I save it to localSorage of your browser. (Your)
What is the reason if it is so harmless and innocent...
---The reason is complete harmlessness and that this description would be completely uninteresting to non-specialists.
there are FAR FAR easier methods to store localstorage in a browser to a different area/variables that Google wouldn't clear
--- I don't know method, which save data against localStorage.clear() from Google. Suggest me it, if it really present.
CollinChaffin
commented
5 years ago I have been doing DEV myself for 30 yrs and understand localstorage fully. Your script is obfuscated and yes I do see from the latest versions that if I visit https://spmbt.github.io/googleSearchExtraButtons/saveYourLocalStorage.html and view localstorage on my machine that you are now saving all Google's private data there.
Despite that being local, even that practice is questionable since that iframe code has still, in essence, broken the whole point of localstorage going back to cookie days and grabbed another site's private data (could at some point include login tokens, etc.) and making a second non-volatile copy that the original vendor and owner of that information no longer has control over, including that of keeping it safe etc.
Either way - it's a horrible practice and nobody else is doing this because of the ramifications. The whole point of local storage is to keep THAT SITE'S local storage confined to that site. As far as I know, Google deletes/clears very specific local storage keys/value pairs and not a blatant removal of all. So, again why not store settings for this script specific to Google in the proper local storage location in google.com using key/value pairs simply unique to you that nobody should delete instead of this "cross-site" stuff?
mikhoul
commented
5 years ago I understand you don't like the project as it is but Why @CollinChaffin if you are so concerned about your privacy you don't fork "googleSearchExtraButtons" and provide a better solution if it seem so easy to do for you ? 🤔
Regards :octocat:
spmbt
commented
5 years ago Hi, Collin! Thank you for attention to this subject! This is not best decision because we haven't another better methods to save data of our script by JS of browser. Proposal of Jason Barnabe https://wiki.greasespot.net/GM.setValue is not universal and not used in part of browser (and GM object is deprecated for browser developers, I guess?)
As far as I know, Google deletes/clears very specific local storage keys/value pairs and not a blatant removal of all.
--- No, unhappily, Google and Facebook cleans all localStorage. (I think it may be due to avoid attack of clogging all storage by third-side scripts). In old versions of this script it was not be need.
Rather good case is start own localhost server and save data to it, but it is complex for simple userscript and 99% of users...
it's a horrible practice and nobody else is doing this
--- Yes, it not need for normal developing of scripts by site owner. It need only for userscript where conflict of intersts of owner and users is present.
I see your translated partial answer to this but this sure looks like stealing of user data these calls to post my data via xLocStor to your Github at this URL:
spmbt.github.io/googleSearchExtraButtons/saveYourLocalStorage.html
Can you please explain in detail and is there a reason you do not offer a non-obfucated version of the code for review here?