Browser Extension Privacy - Ability to whitelist/blacklist URLs, protect browsing history
c
christoph.kung
On my PC, I accidentally had Whatsapp in Web open when I clicked Recall Browser Extension, having the AI summarize very private conversations to me. I don't want Recall to have any access to this content.
Also, an attacker who has physical access to my device transiently, can use this to extract private information very quickly.
Solutions:
WHITELISTING:
- have a whitelist of URLs where recall works, such as youtube, spotify etc.
- users can submit and rank their own whitelists, so that as a new user, you can choose the most popular one
- when opening a non-whitelisted URL, there is an option to override the Whitelist once or permanently for this URL. Confirmation can be configured to just be a button, or "heavy" confirmation, e.g. via confirmation code to SMS or EMail, to avoid accidental clicking.
BLACKLISTING:
- same as above but with blacklist.
As a sidenote, I dislike that getrecall has access rights to all my Browsing, as per the Browser extension privileges. I understand that whitelisting/blacklisting can't affect the browser extension privilege settings, because this is not how extensions work. However, I would prefer if there was a clear statement that:
- getrecall can only access pages where I click the extension
- has no access to my browsing history
Both are not needed for delivering the service.
Log In
s
schroell
Not sure if I really understand the request properly, but the Recall extension already has these functionalities today. If you right-click on the Recall extension, there's a menu item (second from the top) where you can set things like having the Recall extension automatically access all websites that are opened. Or for example, only read the website when the Recall extension is clicked.
The blacklist already exists too, which you can also configure through the Recall extension to prevent it from working on specific websites in the future. And in the Chrome extension settings for Recall, you can manage the disabled websites or even manually add domains in advance.
So from my perspective, a lot has already been done in this direction. Maybe you weren't aware of this feature yet.