I think it's amusing how people want to fix existing spyware by installing more potential spyware on top of it.
nostr:npub1alpha9l6f7kk08jxfdaxrpqqnd7vwcz6e6cvtattgexjhxr2vrcqk86dsn browser extension now allows you to bring nostr free speech with you to any website!
nostr:npub1uapy44zhu5f0markfftt7m2z3gr2zwssq6h3lw8qlce0d5pjvhrs3q9pmv nostr:npub1r0rs5q2gk0e3dk3nlc7gnu378ec6cnlenqp8a3cjhyzu6f8k5sgs4sq9ac nostr:npub1a7n2h5y3gt90y00mwrknhx74fyzzjqw25ehkscje58x9tfyhqd5snyvfnu
what do yall think π nostr:note1dxc5r7a7tnpxj2wxg8zrapmdappmljjanvqa5ufzjt2qprfdtwrqvljc0c
Discussion
π
Hereβs the code
https://github.com/jinglescode/web-content-conversation
Not sure how the former can be fixed.
What do you suggest Luxy?
I said potential spyware. Now it looks safe, then an update comes. I'm more referring to the current extension model as insecure in general. Like, why cannot we allow extensions to only access the tabs with select websites open? We can only choose whether or not to allow them to run in "private windows", but when we do, they have unlimited access to all open tabs.
This lack of fine-grained control is begging to be abused, and it's only a matter of time someone does so.
What do I suggest? I suggest to let browsers browse and not run arbitary code, I suggest to return their codebase to some humanly-auditable size and to offload all client-side complexity to standalone applications. Preferably command-line, maybe with some HTTP interface accessible on a local port if noobs are so inclined not to use CLI.
Current 2.5-engine "modern web" oligopoly must die.