No, the comment indicator would be the missing feature. But personally I would very happily skip that feature for the huge security and privacy advantage.
You could display the comments in-site but then you are bringing back all of the security and privacy concerns. (I guess you could have some middle-ground if the code to add the iframe is trivially simple?)
What are your thoughts on the built-in network request disabling option or Chrome's option to disable unless clicked?
I know you use Firefox, but for me these options seem to be sufficient for Chrome at least (and are already available).
Let me know if I'm mistaken though; I want to make sure that all such concerns are addressed!
I also think the badge could be dropped, but in initial stages when traffic is low I think it would really help with engagement.
It is nice, but if I am not getting a comment indicator anyways I would rather just not trust your extension at all.
> Chrome's option to disable unless clicked?
This is pretty good. But I would still prefer a 1-line auditable bookmarklet rather than a large extension.
> I also think the badge could be dropped, but in initial stages when traffic is low I think it would really help with engagement.
Yeah, I can see that. It would be interesting if you could get it just with URL access. You could still check for comments and open the discussion page but you wouldn't need full site access permission. Due to how the permission model works this would probably need to be a separate extension but it would be interesting to have a "Netvyne Lite" version with much less permissions.
...that being said logging every visited site is still a lot of access. But I can see how the comment count is a valuable feature for some users even if it isn't worth the cost for me.
Also for comment count checks are you protecting the URL in any way? For example checking for `sha3("netvyne-" + url)` instead of the raw URL. This way you aren't sending the URL of my URL-accessible Google Docs (for example) to your server.
We did try to reduce the permissions as much as possible, but I believe at this time every permission is required by some feature. I get your point though, and I'll try to see what else we can do in this regard.
As mentioned elsewhere in this thread, just to be clear we don't log every visited site (or log browsing in general); the only time data is added to the database is when the user actively adds a comment/creates content.
Currently we send the URL as is; its only stored though if you are writing a comment or sharing the site with friends. I do like the hashing idea but ultimately when someone does leave a comment or share it, we do store it without hashing so later users can filer it and so on. Please let me know if I misunderstood your question!
> We did try to reduce the permissions as much as possible, but I believe at this time every permission is required by some feature
I appreciate that. And I guess it is partly the fault of the browser that you can't ask for just permissions that the user wants to use. From my point of view the set of features you chose isn't worth giving you the permissions. However I can see that for other users they do want these features. It seems that there isn't a perfect option with one extension here.
> but ultimately when someone does leave a comment or share it...
Yes, but there is a huge difference from "site I left a comment on" and "every page I visit". For example if I have a secret document that is protected by an unguessable URL I am not going to leave comments on it, so it would be great if it wasn't sent to your service. Of course once I do leave a comment it makes sense to send it to your service so that you can fetch metadata and other features. (Although it would be cool if there was an option to never reveal the URL as well.)
I also think that there is something to be said for being able to see the comments in the site itself, though perhaps that can be done as well.
I'm actually not too familiar with bookmarklets, I'll have to read some more. I appreciate the tips!