Hacker News new | past | comments | ask | show | jobs | submit login

With that security model, how do you trust any extension at all?

At least with this one, you can audit the source code and build it for yourself[0]

0: https://github.com/OktaSecurityLabs/passprotect-chrome




I once made a webpage where HNers drag-dropped their entire iphone backups. It got me thinking. http://markolson.github.io/js-sqlite-map-thing/


Whenever there are tools like this I usually just visit the site then unplug my ethernet/disconnect from WiFi. If it's actually client side JS it will work.

I'm pretty sure this is safe, but if there's a way to defer sending an HTTP request to after the page being closed...


If you do it from a private browsing window, maybe that would be fine. Maybe. (Otherwise the page could exfiltrate information via localstorage or something.)


You'd just motivate me to use client-side storage if the upload failed. Don't dare come back to the page when online! :)


It decrypts their backup locally? The link to code in the footer just refreshes the page.


It parses an unencrypted sqlite db in their backups in client-side javascript. The whole thing is client-side javascript.

But... if we'd wanted to be nasty we could have sent everything to servers we controlled.

The src link stopped working when gitlab.io arrived I think https://github.com/markolson/js-sqlite-map-thing/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: