Comment by instagraham

Comment by instagraham 10 months ago

>privacy concerns >while researching, i saw some data being sent over to the server, like this query everytime you visit a site:

> firebase .collection("boosts") .where("creatorID", "==", "UvMIUnuxJ2h0E47fmZPpHLisHn12") .where("hostPattern", "==", "www.google.com");

> the hostPattern being the site you visit, this is against arc's privacy policy which clearly states arc does not know which sites you visit.

wredue 10 months ago

Maybe I am just stupid, but this *super* smells of arc being able to inject whatever they want in to literally any of your websites and this dude just figured out that he could also do that.

This does not seem like a browser capability I want.

Reply View 1 reply

timeon 10 months ago

seems like it is the case: https://news.ycombinator.com/item?id=41601332

Reply View | 0 replies

soared 10 months ago

What sort of data does Arc track? Our plain-english Privacy Policy summarizes it well:

We don’t know which websites you visit

Reply View 8 replies

nfm 10 months ago

From the quoted snippet, every page load is leaking both the domain and authed user’s ID to Firebase.

Reply View | 6 replies
- Cthulhu_ 10 months ago
  
  Yeah but if they super promise to not look at incoming Firebase queries they're not tracking you, right?
  
  Reply View | 5 replies
  
  bschmidt1 10 months ago
  
  The super promise died with crypto, now you have to add no backsies. My site uses No Backsies Proofs (NBPs) which are encrypted to prove that all my super promises are backed by a no backsie which is stored in the no backsie vault in Antarctica.
  
  Reply View | 4 replies
[removed] 10 months ago

[deleted]

Reply View | 0 replies

__turbobrew__ 10 months ago

Yea if everything else is not enough of a red flag here, the fact that they are sending every single website you visit to Firebase — against stated privacy policies — is the mother of all red flags.

People say they like arc for the UI and there are all alternatives, but do you really want to risk someone stealing your bank creds and stealing all your money for some fancy UI?