You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We should prevent leaking the user's browsing history to the lean-in server unless the user actually wants the browsing history recorded (for example because they are using their own lean-in instance and want to be able to see their history across browsers).
Possible solutions:
hash host / path separately with a hashing algorithm that has a not-too-low probability of collisions and use those to request comments (documents would be per-user-per-page and must record the full URL they apply to)
allow the user to whitelist / blacklist domains explicitly, so that lean-in will never try to show comments for your online banking website, for example
only request comments for pages
loaded via http (only show local comments or comments downloaded before for pages loaded with https, disallow fetching remote comments / at least show a warning)
that are the result of a GET
loaded without URL parameters (some CMS use parameters for every page -- do we need to allow overriding this for some sites?)
The text was updated successfully, but these errors were encountered:
We should prevent leaking the user's browsing history to the lean-in server unless the user actually wants the browsing history recorded (for example because they are using their own lean-in instance and want to be able to see their history across browsers).
Possible solutions:
The text was updated successfully, but these errors were encountered: