|
|
|
|
|
|
by danShumway
1913 days ago
|
|
|
> That doesn’t prevent someone from being able to impersonate you. But why is that a problem? If somebody wants to get notified of replies to my comments, let them. I understand why you need a unique token so that collisions don't happen, but that token doesn't need to be one-to-one unique with Hackernews usernames. It's OK to have two unique tokens that are separate from my session cookie that point to me as a user, and to have the "read" status be per-token, not per-user. More to the point, why does this read status and everything need to be stored serverside for a browser extension? Where are you putting this information where you're worried about collisions with random internet users, why have it leave the browser at all? You don't need a unique token if you're not storing everything in a centralized location off-device, the browser profile that's using the extension is itself the unique token. Why does anything need to be transmitted anywhere? Let the extension store the read statuses locally on my device, then there's zero chance of them colliding with anybody else's installation. Even if someone turns on push notifications, the push API already sends you a unique, randomized device ID/key. What's the reason why you can't push an RSS-style feed out to the device using that ID? |
|
|
But to answer the question:
> Why does anything need to be transmitted anywhere?
It's because the extension is written by, and "powered by", MagicBell. They are writing it to bring attention to their product concept, where notifications like this are all handled by them.