github-custom-notifier icon indicating copy to clipboard operation
github-custom-notifier copied to clipboard
verified publisher icon qiweiii

Minimizing Browser Permissions

Open ChanceHarrison opened this issue 1 year ago • 4 comments

Hi there. I see that github-custom-notifier requires the "Access browser tabs" permission on Firefox. This seems like an unnecessarily broad permission to require, especially given that it's unclear to the end-user why such permission is necessary. This naturally raises concerns among users regarding the privacy of their browsing data.

From a more technically nuanced perspective:

Looking at src/lib/services-ext/tabs.ts, the openTab function will check for the tabs permission and will create a new tab at the specified URL if that permission is granted.

However, my understanding is that this is unnecessary.

You can use most of this API without any special permission (source)

Aside from that, there is an unused queryTab function.

Based on this, I would suggest modifying the extension such that the tabs permission is not requested.

What do you think? Thanks for your time.

ChanceHarrison avatar May 05 '24 09:05 ChanceHarrison

Yes, you are right, maybe we don't need that permission, need to remove it from manifest and check if it works on chrome and edge as well.

qiweiii avatar May 05 '24 10:05 qiweiii

@qiweiii Any update on this?

gschlager avatar Jul 11 '24 11:07 gschlager

will try to make a release soon

qiweiii avatar Jul 11 '24 11:07 qiweiii

pending review on chrome and firefox stores, should be auto published and updated in user browsers in a few days

qiweiii avatar Jul 11 '24 12:07 qiweiii

good first issue

Johndoe109 avatar Oct 14 '24 09:10 Johndoe109