Make the extension work offline

[m3thm4th]

Is it possible to make this extension work completely offline?

[wrbl606]

It is possible, in fact the offline version was already written. Online one is just a fallback, I don't feel comfortable having screenshots sent to my server but it's the only option to make this work currently.

This issue prevents me to upload the offline version. You can comment there to indicate the issue to the Mozilla team.

[m3thm4th]

You should at least provide a proper privacy policy where you explain how you collect and store data and how long you retain them and if or how you share them and assure GDPR compliance etc. if you intend to receive data from your users.

If Tesseract is too big to be implemented maybe removing the OCR functionality might be a valid compromise, it doesn't seem to be vital for the extension to work anyway.

[wrbl606]

OCR is implemented to provide a way to anonymise/generalise guides created with what-to-click. I see the benefits of keeping the solution fully offline, so I planned to create an option to enable/disable scrubs which require OCR.

Also, the OCR server is not even storing the screenshots on disk, it just passes it from memory straight to tesseract. Full implementation is available in this repository too, to confirm. I'll provide privacy policy too in the future, but it the meantime your support with the linter issue I mentioned will be very helpful.

[m3thm4th]

The issue you opened in that repo is the latest open, second latest total, and you provided a pull request. I'd say it's just a matter of time until someone takes the time to review it. There are also other issues without reply from some months ago. If you are in a hurry you can try to @ members of the repo, but I would just wait for the time being.

[wrbl606]

FYI, extension's Privacy Policy can now be found here. Still, I'm working on making the extension less server-dependent due to my new findings about CSP, so I'll keep you posted if you want. If privacy policy is enough for you, please close the issue.

[m3thm4th]

Thanks for providing at least a privacy policy, you should also add what do you do of the IP address you receive with the UA string, if you log it or not, and change the line

We retain the user agent data for a limited period of time, which is necessary for the app's operation

to something like We retain the user agent data for the time necessary for the app's operation which in my opinion explains better that the data is deleted as soon as the processing is completed (at least this is what I suppose you meant by that, unless I'm wrong and in that case that "limited period of time" should be explained better).

I think the issue should stay open because it's about making the extension work offline, client-side only, and since you already agreed to make it work server-less, you can close it after you implement that solution.

Of note, if it turns out to be impossible to have it work offline with full functionality, a solution with limited offline functionality (e.g. no OCR) and the full functionality provided by the server would be an optimal solution. This way users who don't want their data to leave the device will switch a toggle to "offline functionality" and those who absolutely need full functionality will have the privacy policy to decide whether it's worth for them.

[wrbl606]

Hello again, 1.7.0 is much less chatty with user data while retaining full functionality. Now, the only thing that needs to be fetched from the internet is the code that doesn't fit into the extension itself. So, the extension is still contacting the server but no personal data is involved, and once loaded, the code should be cached on the device.

This is the best I can do in terms of offline functionality. I no longer see the OCR toggle viability, so I won't put any effort into implementing it.

[m3thm4th]

Nice, thanks. Please update the privacy policy to clarify that the only external connection is the initial one and it's a one-time-only download, this way users will feel safer installing this extension.

[wrbl606]

I'll leave the privacy policy as is for now. Not that many people are reading it anyway and I also cannot guarantee that the browser doesn't decide to clear the cache and call the servers again after the initial download (the cache headers are setup like this but those are just a suggestion for the browser).

[wrbl606]

I'll leave the privacy policy as is for now. Not that many people are reading it anyway and I also cannot guarantee that the browser doesn't decide to clear the cache and call the servers again after the initial download (the cache headers are setup like this but those are just a suggestion for the browser).

[m3thm4th]

I guarantee you people will read it and care a lot about the privacy of this extension. This is a privacy respecting alternative of the popular Scribe, if you manage the privacy right, much of Scribe's userbase will migrate to your extension.

[wrbl606]

To make #4 possible, the extension has to be Manifest v3 compatible. That means, that the only code executed within the extension has to be available locally. Recent tesseract.js's developments should make that possible —https://github.com/naptha/tesseract.js/issues/732

[wrbl606]

@m3thm4th Just to let you know, thanks to Tesseract's support, the 1.8.0 version of What-to-click is fully offline 🎉 Thanks @lmk123 for digging into the issue ❤️