On Tue, Jan 28, 2014 at 10:43 PM, Omar Rizwan <[email protected]> wrote:
> Haven't spread it widely yet or made it easy to install, I'm looking > for feedback both on how well it works (it needs some more testing and > does have some functionality bugs -- you may be blocked from FB chat > for a few minutes if it goes wrong!), how easy it is to use, and on > the general approach. Disclaimer: I haven't read the source, tried the extension or otherwise gotten to know about this tool other than reading OP. The reason I'm writing anyway is that this is important to know generally. Facebook records the text in text fields even before they're submitted [1]. Therefore, if this tool relies on Facebook's own text fields (or anything within the DOM, really), they can completely circumvent this OTR implementation. The right way to do this would be to spawn something out of the reach of Facebook JS. That means, spawning a separate chat window in the context of the extension, or use window.prompt in either context (the contents of a window.prompt cannot be read before the OK button is pressed). JC [1] http://www.slate.com/articles/technology/future_tense/2013/12/facebook_self_censorship_what_happens_to_the_posts_you_don_t_publish.html
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
