Add mention of Libredirect #1977
Conversation
✅ Deploy Preview for privacyguides ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
|
Is the functionality that this provides worth recommending another extension? |
If you want your browser to redirect to these things, then this is probably the most maintained, customizable thing out there. As far as fingerprinting goes, no concern because it only redirects to the instances you want. |
c49e6a3 to
b7e145b
Compare
b7e145b to
7b1db7c
Compare
7b1db7c to
a446549
Compare
a446549 to
7aba35e
Compare
|
Doesn this mean you have to trust the maker of the extension to not redirect you in cases you don't want? I mean it could redirect you to a fake bank site even if you fill in the right url right? |
Pretty much yeah. |
I'm wondering if we should reformat that page to have one warning at the top, because it applies to all frontends
For example is repeated throughout as is:
Though this would require some restructuring, for example web based frontends and local apps |
|
I am personally not really convinced that the added convience is worth the security risk here, can't folks better not just use bookmarks? |
I do think the risk, is minimal, and it would be very obvious if they did. There are security benefits from frontends when you're not using JavaScript or you are using .onion services, which Libredirect can optionally select. The ability to do something harmful without JavaScript is pretty limited. I still think it should be mentioned with a warning. |
|
If the extension was compromised (happens), couldn't it change the redirects to something malicious? If so, I don't think the little convenience this provides is worth the potential risk, and we shouldn't be teaching Privacy Guides' readers that such extensions are okay, in my opinion. Also, is the default for it to redirect to a random instance? If so, that introduces a whole heck of a lot more trusted parties. What if an instance is compromised, and people are redirected to it? It's really not that hard to open a video (for example) in your frontend of choice. All you have to do is paste the entire YouTube (again, for example) into your frontend of choice, and it'll take you to that video. I for sure know that this works with Piped and FreeTube. Suggesting this feels like a regression. People should be making educated choices about which instances they choose to trust. And while I'm sure that Libredirect allows you to pin specific instances, that should be the default (it might be, not sure), and even then, the potential issues that this can cause just don't make the juice worth the squeeze imo. |
That is the thing I'm concerned about the most.
Which is a fair point, it's not the default. |
|
I was going to reopen this because I think you are wrong @matchboxbananasynergy, the default is to not redirect anything at all, so enabling a redirect requires manual config intervention, and if you enable a redirect it defaults to a single pre-set server and not a random selection out of all the available options. (And switching instances is on the same page you're already on to enable the redirect anyways, so I don't have any UX concerns there with people accidentally choosing an instance they're not familiar with). However, I then saw it requires manual installation in developer mode on Chromium browsers, which I'm not comfortable with recommending :) If they move to Manifest v3 and publish to the Chrome Web Store in the future though, I do want to reopen this discussion at that time. |
Oh, that's not so bad. I couldn't remember if I had set that or not.
We'll revisit it then. I've restored the branch, so we can look at it then. |
|
This pull request has been mentioned on Privacy Guides Community. There might be relevant details there: https://discuss.privacyguides.net/t/libredirect-extension-should-we-use-it-or-not/21983/4 |
No description provided.