Comment

Comment on I made a Firefox fork with Fediverse integration

<- View Parent

rozodru@lemmy.world ⁨3⁩ ⁨weeks⁩ ago

No automatic browsing activity reporting - The extension only searches for Lemmy discussions when:

A page finishes loading (background.js:119-128)
URL changes are detected (content.js:37-54)

What data is sent:

Only the current page URL and its variations (content.js:73-80)
URL variations include cleaned URLs (no tracking params), with/without www, http/https variants (content.js:109-168)

Where data is sent:

Only to Lemmy instances you’ve configured (background.js:149-152)
No third-party analytics or tracking services
All requests go directly to Lemmy APIs for post searches

Privacy protections:

Results are cached locally for 30 minutes (background.js:141-143)
No persistent logging of browsing history
You can disable the notification indicator (content.js:172-184)
Only sends URL when you actually visit a page, not preemptively

User control:

You choose which Lemmy instances to search
You can remove instances at any time
The extension only activates on http/https URLs

Answer: No - The extension does not report all browsing activity to third parties. It only queries your configured Lemmy instances with the current page URL to find relevant discussions, and only when you actually visit a page.

source

Sort:hotnew top

lambalicious@lemmy.sdf.org ⁨3⁩ ⁨weeks⁩ ago
Sending the current URL and directly from your own IP too is quite the privacy hurdle already. I’ve already posted on what kind of things could be done to improve this, but first, a notice.

Your README says in the Privacy section:

Does not track your browsing

On the current implementation, this should be changed to:

Enables unverified third parties to track your browsing data

As that honesty is quite important.

As for measures that could be taken to improve on this issue, I have three suggestions (I might Issue Tracker them to the codeberg later, if I can find my credentials XD)

Set up a uBO-stye control pane that allows to set this on or off per-domain or per-site. Bonus points if it allows for per-site specific on which lemmy instances to use the same way as uBO’s “3p” Custom Rules does. This already prevents a number of undesirable use cases, such as automatically sending LAN / non-DNS names to third parties when they can’t really be searched for anyways.

Anonimyzing assist: Allow for sending only the global context of the visited site (eg.: only the domain) instead of the full URL.

Anonimyzing assist: Allow to cache requests to send them later / send them in batches, to avoid clock-based / timezone-based tracking attacks.

Anonimyzing assist: Allow for the browser-specific request being sent through a proxy or relay, so that IP origin information is not leaked. (I think this only really makes sense for users not logged-in?)
source
- rozodru@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  Thanks, when I have the time I’ll look into implementing this.
  
  source
  - woelkchen@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    I don’t think the ideas of Lambalicious work with Lemmy. What would sending the domain name only achieve? I assume it uses the same logic as Lemmy uses to find crossposts? Obviously it needs the whole address then.
    
    Maybe instead of crawling automatically, the users need to click a button to look up discussions? (I have yet to install your extension, so I have yet to experience the workflow myself, sorry.)
    
    Maybe link to the privacy terms of the default instances? In general, I think your approach is good. You don’t collect any data, the feature is 100% opt-in. A central relay/proxy is even worse than your current approach. People are obviously free to set up their own Lemmy/Mastodon server if they want a relay.
    
    source
    NikkiDimes@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    
    What would sending the domain name only achieve?
    
    I’m guessing the idea could be to fetch a batch of recent discussions based on pages within a domain, then filter the results locally. This could even work very well with local caching.
    
    source
    lambalicious@lemmy.sdf.org ⁨2⁩ ⁨weeks⁩ ago
    
    A central relay/proxy is even worse than your current approach. People are obviously free to set up their own Lemmy/Mastodon server if they want a relay.
    
    Lemmy/Mastodon are quite heavy to set up if all you want is to proxy outbound connections. Just using any available proxy you have (which could very well be eg.: a SOCKS proxy set up on FoxyProxxy) is quite nimble and takes up at most a few kbs of RAM.
    
    That said, for anonymizing the IP origin this only mostly works if enough people use the same general relays (basically the same principle as TOR, VPNs), which means this only becomes effective once enough people use this plugin that it becomes worthwhile to position such infrastructure.
    
    source