jinglescode
Please address privacy concerns
In order to get relevant events, the extension has to query those and the query has to contain the URL. URLs are a privacy and sometimes a security issue. Please add in the description how the user's browsing history is handled. This might require a disclaimer or warning that all URLs of all tabs will get leaked to all configured relays or something.
i can do up a "how it works".
regarding your concern, there are no reading of user browsing history (dont have permission).
Well, the full history gets leaked to the relays if you check with every tab all the time if there is any conversation on nostr.
Pulling events wont write data to relays. Only posting will attached the active tab's URL to the event's JSON.
The relay still gets the query which tells it the url. It doesn't broadcast it but the relay has to be trusted here.
As I said in the issue description I would tell the users.
Sadly there is probably no elegant way around the privacy issue. Hashing would fix the security issue though.
So imagine you are browsing a domain that puts a secret into the URL - early browser bitcoin wallets did that. Your current implementation might currently query the relays for the full https://domain/path?query#anchor. The anchor is generally supposed to always remain local but path and query are also a privacy concern. Also the query and anchor might contain random stuff that you would not want in your request anyway. So you would need first a normalization where you get rid of session cookies and other such stuff but then you could hash the /path?query part assuming the anchor part was dropped anyway. This way, even if /path?query does contain a secret, you won't leak it unless somebody actually comments on that page.