"Read your browsing history" permission

[philcluff]

Hey there,

When this plugin was auto-updated, it added 2 new permissions.

1. To read data on facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
2. To read browsing history

The first makes sense, it's the legitimate Facebook Onion address

The second I'm a little more confused about.

Could you update README.md with information on why browsing history is required?

Thanks.

[mgziminsky]

Oh, this is chrome being somewhat misleading... I'm giving a full technical response below just for the sake of linking here for details from the README entry I'll add.

---

The warning is caused by the webNavigation permission, which was added to handle cleaning FB navigations that use the browser history API instead of doing a normal page navigation. The extension doesn't have access to the actual browser history, only page navigations, and not even those are accessed by the extension. The extension only accesses a specific subset of the api and only on FB domains.

The chrome warning is misleading because the permission doesn't give access to the actual browser history. Technically, this permission gives the ability to see the url of any page opened in the browser, but only in the instant that it's opened, not before, not after. Even with this permission though, it still wouldn't be able to access any history that was synced from another computer, from when the extension wasn't installed/enabled, or from anything else that wasn't a result of directly opening the page in the browser with the extension.