[Feature Request] Web Clipper for Text Content #234
Comments
KosmoEskudo
changed the title
johnozbay
changed the title
|
Hi there, We've never cited concerns related to scraping websites. We've cited concerns related to how clipping content from the web opens the doors to tons of new vectors for security vulnerabilities. I can assure you that ALL companies (incl multi-million dollar ones like Evernote, or trillion dollar ones like Microsoft) who shipped webclippers have shipped it with very little security considerations about what can happen. e.g. from Microsoft [1] [2] < Does this look like someone put thought into protecting your privacy? More on Evernote below. For example, what happens if the site you clipped has malicious javascript code embedded in the content? It will get carried over to your Cryptee account, and can try to steal your information. So when any content is clipped, Cryptee's clipper extension would need to try its best to strip malicious javascript from it too. And this needs to be built in a way that it doesn't strip the actual content away, otherwise you'd be frustrated. Which, turns out, is very very difficult, given the way internet is built. Each and every website has a different structure / layout / design etc, and it's challenging enough to build a good clipper, a whole different challenge to make sure it strips malicious content from the clipped stuff before it's passed onto Cryptee. i.e. Evernote (a multi-million dollar company that has been around for years) doesn't do this. So if you clip (or even paste stuff) from the web to Evernote, it actually pastes the content as-is. So if you've copy pasted a paragraph with an image in it, Evernote pastes the So for Cryptee, we can't allow any of these. In fact we have a built in tracker prevention system that stops all types of carried-over malicious activity like these from copy pasted content as best as it can. You can read all about this here : https://blog.crypt.ee/say-hello-to-a-new-cryptee/#copypaste-tracker-warnings We can do this easier with copy/pasted content, because your operating system or browser actually does a lot of the heavy lifting when it comes to stripping malicious content when copy/pasting stuff. (whereas if we built a clipper, it's the clipper's responsibility to figure out what's content, what's malicious stuff etc... unlike copy pasting text yourself, where you highlighted what you want to copy/paste, and that's the only portion of the page that will be carried over) Which means when you clip something (say an image), the clipping extension needs to serialize / convert the image in your browser at the time of clipping, then encrypt it, then push it to your Cryptee account, and this means, malicious content needs to be stripped in-browser, in-extension, before it gets encrypted and pushed to your Cryptee account. (whereas Evernote can do this on their servers for example, and still haven't been able to fix the security issues) etc. etc. And this is the reason why we haven't shipped a web-clipper yet, and this is for a good reason, given the state of the internet nowadays. The last thing we want is an ad tracking pixel getting clipped into your cryptee account or worse some malicious JS stealing information etc. We can't promise a clear timeline for when we will ship this, but I can confidently say that it's not going to be anytime soon until we find the best solution to do so. |
Is your feature request related to a problem? Please describe.
Cryptee lacks a web clipper, with the team citing security concerns about scraping websites. This leaves users unable to save web content directly into Cryptee.
Describe the solution you'd like
Develop a web clipper for text-only content to address security concerns while still providing this much-needed functionality.
Additional context
Even a basic text clipper would meet the needs of many users.
The text was updated successfully, but these errors were encountered: