Security and privacy are trade-off is seemingly common sense around identity space as book i read.
KYC to enhance receiver's security lowers sender's privacy. Protecting visitor's privacy lowers security of Guest House.
Let's analogying that concept for webextension!
postMessage has security modernized, but, between tab app and webextension, lowers user privacy, because other webextension can also witness the activity.
High security, low privacy.
I've found using the traditional methods, exportFunction/cloneInto/etc. , of so-called "addons" times, but used broadly inside firefox, can enhance privacy. Because those can be the method to directly communication without postMessage, not being seen by other webextension.
However, this has security risk as per the trade-off between security and privacy. High privileged webextension code can be changed by low privileged tab app code. Very nervous. Perhaps that is why it remains implementation of ES5 times and stops evolution. no async, no class can pass it (promise has a restricted bypass way).
Low security, high privacy.
It's OK if the object is persisted and non-configurable 🆎
teatwo
npub1xk…75few
2025-01-27 13:44:57
Author Public Key
npub1xkym0yaewlz0qfghtt7hjtnu28fxaa5rk3wtcek9d3x3ft2ns3lq775fewPublished at
2025-01-27 13:44:57Event JSON
{
"id": "768150b93cc08af603b26c7d5c03ecff1885cd327acd12bacaf20d80d8c24844",
"pubkey": "3589b793b977c4f025175afd792e7c51d26ef683b45cbc66c56c4d14ad53847e",
"created_at": 1737985497,
"kind": 1,
"tags": [],
"content": "Security and privacy are trade-off is seemingly common sense around identity space as book i read.\n\nKYC to enhance receiver's security lowers sender's privacy. Protecting visitor's privacy lowers security of Guest House.\n\nLet's analogying that concept for webextension!\npostMessage has security modernized, but, between tab app and webextension, lowers user privacy, because other webextension can also witness the activity. \n\nHigh security, low privacy.\n\nI've found using the traditional methods, exportFunction/cloneInto/etc. , of so-called \"addons\" times, but used broadly inside firefox, can enhance privacy. Because those can be the method to directly communication without postMessage, not being seen by other webextension.\n\nHowever, this has security risk as per the trade-off between security and privacy. High privileged webextension code can be changed by low privileged tab app code. Very nervous. Perhaps that is why it remains implementation of ES5 times and stops evolution. no async, no class can pass it (promise has a restricted bypass way).\n\nLow security, high privacy.\n\nIt's OK if the object is persisted and non-configurable 🆎 ",
"sig": "db2ddfaa62cd9d8bcf38c27c505d84a73adbaae361aa9f22be53a16ef647591e504cb15e362adf0c2e15f8f6aff9553d8b3259d748d40281b438bfd11c32f739"
}