gab-dissenter-extension
gab-dissenter-extension copied to clipboard
gab-ai-inc
To be clear, does this extension send every URL you visit to Dissenter immediately on page load when enabled?
When it's enabled, I immediately noticed that its icon would display a comment counter for every page visited. This would suggest that the URL is immediately being sent to Dissenter without any interaction with the button. I, for one, am not comfortable with having my entire browsing history sent out to anybody.
I think it would be much more privacy-friendly if the URL were only sent to Dissenter after you choose to use the button to open up the comments. (Or, at the very least, it should be an option, to preserve the immediate comment count viewing feature for those who want it.)
its icon would display a comment counter for every page visited
Interesting because that goes against what their FAQ states:
..... Does the browser extension track every URL I visit across the web?
No, the browser extension does not track you across the web. We respect your privacy and value your trust. The Dissenter browser extension is open source, meaning any developer can confirm that it is not tracking you across the web. When not in use, the extension is idle. When you click the extension, it calls to the Dissenter servers to check if there are any comments on that URL. When you leave a comment, that comment is sent to our servers and recorded on the URL. .....
When you click the extension, it calls to the Dissenter servers to check if there are any comments on that URL.
So which is it? Personally I disabled the ext. when it demanded broad access the other week. This has been queried serveral times on reddit, without any official reply, that I've seen. So I'm not touching this ext. for now. I rather paste a url directly into dissenter.com
In Dissenter/Gab's defence they are no doubt fighting many fires, so updating FAQs might not be a priority. That said, this ext. needs to be 'on-demand' when I want it, and not following my every move online.
For now, I think an easy work around is to enable the This can read and change site data > When you click the extension. You can right-click the extension icon in your bar and change this option.
I can confirm that the FAQ is now outdated and that Dissenter can now be used to track every URL you visit across the web in its default configuration.
You can read the source code yourself. Around 7 days ago, a new section was added to fetch the comments count on every page load by sending your page URL to https://dissenter.com/notification/comment-count?url= thereby enabling Gab/Dissenter to track your every move.
I believe you can disable this default behavior, getting the comment count on every page load and the potentially tracking feature, by unticking the Comment Badge Enabled checkbox in the Dissenter Extension - Options.
@remyroy Cheers for input.
Personally I'm not going to rely/trust unticking a checkbox, and having to read through future code. So I've created an Alfred App search query. I just paste any URL. It'll do for now :)
It would be nice if they tried to partially anonymize what was being sent by sending a hash instead of the actual URL of the site you're visiting and using that to cross-reference, but it would need a change to both the extension and the site hosting the discussion itself.
The real questions for the moment are.. What is the default setting out of the box and how is the data used serverside and can it be trusted.
The last two are seconday to the first though. Due to the nature of the world today the obvious answer to the question of default out of the box should be on demand when you click the button.
Else the second and third answers loose credibility no matter what they are.
It would be in everyone's best intrests if the out of the box default does not appere to be automatic tracking of every site you visit even IF the server doesn't actually store or use anything about the request except the query parameter.
The next point is, is the server using or storing anything else except the query parameter? Because if it is, this will continue to overshadow any good this webextension, the service, and the people behind it are doing.
Lastly, can users trust the answer to the last question regardless of what it is?
These questions need answered and the default behavior needs to be considered carefully and I hope I have given you all something to consider so that blaintant misconceptions can be avoided.
Hi @propolisor, @ohmotive, @remyroy, @nobuyukinyuu, @mattatobin - with the latest release of r11 (https://github.com/gab-ai-inc/gab-dissenter-extension/releases/tag/r11) and in commit: 29287e80c109aa579614f68f64bb5cd9dabf256f the extension has has a default setting of false for requesting the comment count on URLs.
...icon would display a comment counter for every page visited...
Now, this is only true if a person were to manually check it on
...is the server using or storing anything else...?
By the FAQ: "When you leave a comment, that comment is sent to our servers and recorded on the URL.".
As for the comment badge when it is toggled on - that is a single service used only for a GET request. Meaning, it does not store any information and does not track/keep/hold anything. It only uses that given url to perform a GET request to our servers to retrieve the number of comments. In the backend, it's using that given url as to search for the index in the database to return a numerical value of comments. No other information is sent in that request. No information is stored.
To answer the main issue here: To be clear, does this extension send every URL you visit to Dissenter immediately on page load when enabled?
When the comment badge option is now manually enabled within the preferences page by a user, every URL you browse to is sent as a GET request (coded here: https://github.com/gab-ai-inc/gab-dissenter-extension/blob/master/src/scripts/background/runtime.js#L160) to Dissenter.com in order to retrieve the number of comments on that URL. However, by default, URLs are not sent to Dissenter.com on page load. URLs are used within an iframe within the popup or sidebar (Firefox) to display the comment section when clicked opened.
Fantastic. Props for continuing to work on this issue like this. It makes me feel a lot more positive to know!
Have you considered a XUL extension version for Unified XUL Platform browsers like Pale Moon, Basilisk, and the yet to be released Borealis.
As long as the new defaults are the same as the above now, you can be assured of approval on our Add-ons Site system.
as @nobuyukinyuu said all URLs should be hashed, there is no need for the dissenter server to know more than this to retrieve the proper comments.
Otherwise this is just as privacy invasive as Facebook's "like" button tracking.
I agree they should be hashed but at least the default pref was changed. That is a decision that takes little time to implement but makes all the difference. So let us not be ungrateful.
Hashing takes more time to research and implement server and extension side as well as migration of existing data.. Not to mention on the fly conversion paths to maintain backwards compatibility as to not bust people during a changeover. So I say give them some time to work it out properly.
Simple sha256 hashing of urls should be fine and produce matching output for continuity between extension and server.
Can we get an update on this?
Is it hashed yet, or is the extension still sending the full URL to Dissenter servers when Comment Badge is enabled?
