@This2ShallPass@themachinestops As an extension developper on Mozilla's store, yes it's definitely possible. There's some automatic review process but what you state in your implicit data consent disclosure (that's how they call it) is up to the developer.
However, the extension can't access all websites unless you specifically allow it while installing. There's an "All websites" permission, so if it's that or if it includes some kind of sketchy site then it's a bad sign.
Finally, just like any web page, you can always inspect an extension and check the network requests to see if it's doing malicious stuff. If so, then you can report it.
But since mozilla accounts are free and only require a verified email, they could just create another one. It's an endless game of whack-a-mole!
@herseycokguzelolacak Just like how clicking any web links (be it from the shitty widgets menu or from windows search) that open the browser, open as edge:// links which force opening on Microsoft Edge even if it's not your default browser. This sucks but at least I can uninstall Edge easily from the settings (maybe because I am in the EU)
@First_Thunder More like "Chromium takes ~2x longer to process folder uploads (before I can even read the files)", and "Chromium drops all files without the subfolders when you drop a folder on a page (it's just like if you uploaded all the files from inside all the folders), although it still works fine when you use the upload button for some reason"
So yeah, firefox optimized because Firefox implements the features better haha
@MonkderVierte The thing is, since the code is running inside a browser extension there's no way to interact with third party tools that aren't part of the standard JavaScript api.
@prex Wait that's a thing?Well, this host basically the same value as a "Sent from my iPad" signature haha, how can you encrypt a post that's publicly available to everyone?
@ShellMonkey Be careful, obfuscation isn't encryption!And no, there doesn't need to be a publicly shared token! Take a look at how simplexchat does it!https://simplex.chat/
@ShellMonkey That's true, but these should also be encrypted, don't you think?Sure the messages could still be encrypted but from the metadata you can most of the time infer the content.
@MrFloppy I agree! I sometimes received notifications on Mastodon from comments by Lemmy accounts on this post but far from with all comments (~10%) and sometimes my replies on Mastodon didn't carry over to Lemmy (I don't even know if this one will!) so there's still work to be done to get things working just right!
After that, the people in charge will check if there are duplicate signatures (twice from the same person or from someone who does not exist) so keep on signing just to be safe!
@First_Thunder Is there any way to disable that?