Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Find a generic way to disable extensions on security critical websites (e.g. banks) #2

Closed
karlicoss opened this issue Jul 14, 2019 · 3 comments
Closed

Find a generic way to disable extensions on security critical websites (e.g. banks) #2

karlicoss opened this issue Jul 14, 2019 · 3 comments
Labels
enhancement New feature or request security Security/privacy critical things

Comments

@karlicoss
Copy link
Owner

karlicoss commented Jul 14, 2019
edited
Loading

Since extension is sending urls to the backend, it's potentially not secure to do so on websites like banks. While extension supports blacklisting it's not really great to rely on user to do so.

Perhaps some of these lists https://github.com/cbuijs/shallalist would be a good start, unclear how often is it updated though.

Also need to add a UI explanation if the link is blacklisted; and an option to whitelist urls from the 'default' lists in case user really really wants it.
@karlicoss karlicoss added help wanted security Security/privacy critical things enhancement New feature or request and removed help wanted labels Jul 14, 2019
@karlicoss karlicoss mentioned this issue Dec 27, 2019
Open
@karlicoss
Copy link
Owner Author

adblock lists could be helpful?

@karlicoss karlicoss changed the title Find a way to disable extensions on security critical websites (e.g. banks) Find a generic way to disable extensions on security critical websites (e.g. banks) May 25, 2020
@karlicoss
Copy link
Owner Author

I've gone with couple of builtin shallalist filters https://github.com/karlicoss/promnesia/tree/master/extension/shallalist

But would be nice to

  • download it dynamically
  • autoupdate
  • generally this is ought a library or something, so many extensions could benefit

@karlicoss
Copy link
Owner Author

I guess this is pretty much done here.. #156

Just need to add a disclaimer to readme about what data is send to the (user-running, ideally local, but still!) backend and when.

karlicoss added a commit that referenced this issue Nov 22, 2020
@karlicoss
general: add privacy policy/guide/faq
e45a690 
- #2
karlicoss added a commit that referenced this issue Nov 22, 2020
@karlicoss
docs: add privacy policy/guide/faq
df9c1b5 
- #2
karlicoss added a commit that referenced this issue Nov 23, 2020
@karlicoss
docs: add privacy policy/guide/faq
ba7ea9a 
- #2
@hytor-yang hytor-yang mentioned this issue May 24, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request security Security/privacy critical things
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@karlicoss