[Feature] For user privacy only allow access of data to user added Nostr client domains or Lightning client domains

[Sakhalinfox]

Feature description

Currently most Nostr signer extensions like Nos2x, Nos2x-fox and Alby require permissions to "access data from all websites" which I feel is a bit excessive with regards to user privacy. Although I trust that the extension may not do anything with the data from other websites, I feel there could be a way for the user to configure a list of domains on the extension properties or options to allow access to data just for those domains.

Describe the solution

Here is how I envision this to work:

1. User installs the extension and the extension allows probably just access to data for a default list of Nostr client domains like astral.ninja, snort.social...etc and clicks to 'Allow' during extension installation phase.
2. The user inputs their private key and saves it on the extension
3. The user is then presented with another options page on the extension to setup list of Nostr web client domains to allow access for data for the extension to sign events as per NIP-07 or NIP-04.
4. The extension sees only data for those list of websites/domains added.

An example of an extension that does this is Sponsorblock which allows only Youtube domains or user configured local or external domains.

Also, I have not fully explored the lightning side of permission requirements from all websites, but I was wondering if the same could apply for that as well.

I will be cross posting this on nos2x and alby extension GitHub repositories as well for a more open discussion.

Describe alternatives

No response

Additional context

No response

Are you working on this?

No

[Sakhalinfox]

I think I may have answered my own question in a way.

On Google Chrome you can do this now by going to extensions > extension details > site access > Allow this extension to read and change all your data on websites you visit > Can choose on click or on specific sites and define a list of sites or perform an 'on click' action to self-authorize reading or changing of data.

On FireFox the option is not readily available in the add-ons page. So, I still need to figure out how to do this.

[bumi]

@Sakhalinfox thanks for raising this option.

As you said on chrome based browsers you can easily do this and configure this on the browser level: https://guides.getalby.com/overall-guide/alby-browser-extension/faqs/how-to-enable-alby-only-on-specific-websites
You only need to enable the addresses that you use for the lightning accounts (e.g. getalby.com or the address to the used umbrel/raspiblitz/etc.)

I would also promote this a bit more that people are aware of this option.

Thanks for pointing to sponsorblock and how they do it.

[Sakhalinfox]

@bu

@Sakhalinfox thanks for raising this option.

As you said on chrome based browsers you can easily do this and configure this on the browser level: https://guides.getalby.com/overall-guide/alby-browser-extension/faqs/how-to-enable-alby-only-on-specific-websites You only need to enable the addresses that you use for the lightning accounts (e.g. getalby.com or the address to the used umbrel/raspiblitz/etc.)

I would also promote this a bit more that people are aware of this option.

Thanks for pointing to sponsorblock and how they do it.

Thank you Bumi! As these options are available in Chrome and I found a work around in Firefox by modifying the permissions of Alby I am closing this.

[bumi]

@Sakhalinfox what's your recommended way in Firefox? I am extending the guides.