Comment by instagraham

Comment by instagraham a year ago

14 replies

View on Hacker News

>privacy concerns >while researching, i saw some data being sent over to the server, like this query everytime you visit a site:

> firebase .collection("boosts") .where("creatorID", "==", "UvMIUnuxJ2h0E47fmZPpHLisHn12") .where("hostPattern", "==", "www.google.com");

> the hostPattern being the site you visit, this is against arc's privacy policy which clearly states arc does not know which sites you visit.

wredue a year ago

Maybe I am just stupid, but this *super* smells of arc being able to inject whatever they want in to literally any of your websites and this dude just figured out that he could also do that.

This does not seem like a browser capability I want.

Reply View 1 reply
soared a year ago

What sort of data does Arc track? Our plain-english Privacy Policy summarizes it well:

We don’t know which websites you visit

Reply View 8 replies
  • nfm a year ago

    From the quoted snippet, every page load is leaking both the domain and authed user’s ID to Firebase.

    Reply View 6 replies
    • Cthulhu_ a year ago

      Yeah but if they super promise to not look at incoming Firebase queries they're not tracking you, right?

      Reply View 5 replies
      • bschmidt1 a year ago

        The super promise died with crypto, now you have to add no backsies. My site uses No Backsies Proofs (NBPs) which are encrypted to prove that all my super promises are backed by a no backsie which is stored in the no backsie vault in Antarctica.

        Reply View 4 replies
  • [removed] a year ago
    [deleted]
    Reply View 0 replies
__turbobrew__ a year ago

Yea if everything else is not enough of a red flag here, the fact that they are sending every single website you visit to Firebase — against stated privacy policies — is the mother of all red flags.

People say they like arc for the UI and there are all alternatives, but do you really want to risk someone stealing your bank creds and stealing all your money for some fancy UI?

Reply View 0 replies