[draugadrotten]

This extension is a privacy nightmare. "By default, when you begin selecting text, it sends a secure HTTPS request containing the URL of the specific image... The server responds with a list of existing translations and OCR languages that have been done."

That is some pretty sensitive data to keep around. There seems to be some rudimentary thinking around privacy: "no user tokens, no website information, no cookies or analytics" Yet keeping an index of all the image requests from any IP would not pass muster by any GDPR lawyer I have met.

http://my-support-group/advice-for-disease.jpg http://my-political-group/campaign-ideas.jpg http://my-therapy-group/suicide-prevention.jpg

https://ec.europa.eu/info/law/law-topic/data-protection/refo...

[nprateem]

There are probably some hacking angles too, e.g. I wonder if the API will helpfully tell me the contents of https://mybank.com/user/latest-statement.jpg or whatever