On Fri, Mar 10, 2017 at 06:25:04PM +0100, Massimo La Morgia wrote:
On Fri, Mar 10, 2017 at 5:39 PM, David Fifield david@bamsoftware.com wrote:
Your extension reports not only the onion domains that it finds, but also the URL of the page you were browsing at the time: var onionsJson = JSON.stringify({onions:onions, website: window.location.href}); You need to at least inform your research subjects/users what of their private data you are storing and what you are doing with it.
As you can see from the source code we are not storing any sensitive data like ip or users information. do you think that only URL page can damage user privacy?
Yes, web applications encode sensitive information in URLs all the time. Usernames, passwords, personal preferences, you name it. Even just the page's domain name reveals a lot about you -- think about somebody visiting google.it versus google.dk.