Terry Yiu's avatar
Terry Yiu _@tyiu.xyz 5 months ago
Sorry about the warning. I can assure you Nostash will not do any of those things. The only thing it does with respect to changing the page is add JavaScript functions onto the webpage window to access. I don’t think I can restrict the requested Safari extension permissions further. In theory, a malicious extension could read the DOM to scrape sensitive information, but that’s not what is happening. Nostash is open source so anybody can inspect it as long as you believe that is the code that I shipped to the App Store, and the app has been reviewed by Apple, so take that as you will.
GitHub
GitHub - tyiu/nostash: A Nostr signing extension for Safari
A Nostr signing extension for Safari. Contribute to tyiu/nostash development by creating an account on GitHub.
↑ Parent

Replies (2)

semisol's avatar
semisol semisol@nostr.land 5 months ago
The reason it says that is an extension that could access the website JS could also log your passwords, “read your history” by logging every visit, etc.
Alejandro's avatar
Alejandro alejandro@alejandrogil.net 5 months ago
Thanks Terry, I don’t doubt you. I was just wondering about the Apple message. It’s very extreme in its interpretation and when onboarding normies with an extension this can turn them off and makes my business look bad