| > built-in network request disabling option It is nice, but if I am not getting a comment indicator anyways I would rather just not trust your extension at all. > Chrome's option to disable unless clicked? This is pretty good. But I would still prefer a 1-line auditable bookmarklet rather than a large extension. > I also think the badge could be dropped, but in initial stages when traffic is low I think it would really help with engagement. Yeah, I can see that. It would be interesting if you could get it just with URL access. You could still check for comments and open the discussion page but you wouldn't need full site access permission. Due to how the permission model works this would probably need to be a separate extension but it would be interesting to have a "Netvyne Lite" version with much less permissions. ...that being said logging every visited site is still a lot of access. But I can see how the comment count is a valuable feature for some users even if it isn't worth the cost for me. Also for comment count checks are you protecting the URL in any way? For example checking for `sha3("netvyne-" + url)` instead of the raw URL. This way you aren't sending the URL of my URL-accessible Google Docs (for example) to your server. |
We did try to reduce the permissions as much as possible, but I believe at this time every permission is required by some feature. I get your point though, and I'll try to see what else we can do in this regard.
As mentioned elsewhere in this thread, just to be clear we don't log every visited site (or log browsing in general); the only time data is added to the database is when the user actively adds a comment/creates content.
Currently we send the URL as is; its only stored though if you are writing a comment or sharing the site with friends. I do like the hashing idea but ultimately when someone does leave a comment or share it, we do store it without hashing so later users can filer it and so on. Please let me know if I misunderstood your question!