-
Notifications
You must be signed in to change notification settings - Fork 0
Privacy Architecture
The core privacy commitment in PRIVACY.md is that no conversation content leaves the user's browser. This page describes how that commitment is structurally enforced, not merely documented.
A privacy policy that says "we don't transmit your data" is only as good as the code path that would have transmitted it. Privacy claims that depend on runtime policy checks ("don't call fetch") are fragile — a future contributor adds a fetch, the policy is silently broken.
Clio's strict-local property comes from the manifest's permission model, not from a runtime promise. Specifically:
- The
host_permissionsfield lists three exact origins. The browser will not allow content scripts to attach to any other site, regardless of what the code attempts. - There is no
<all_urls>pattern. There is no broader catch-all. - No
tabs, nowebRequest, noscriptingoutside the declared content scripts. The code paths the manifest permits do not include any that could exfiltrate data to an attacker-controlled origin. - All dependencies are vendored at build time. Manifest V3 prohibits remotely-hosted code; Clio honors this strictly (JSZip is bundled).
This is intentional. Clio's privacy guarantee inherits from Manifest V3's permission model and content-script isolation. Clio adds nothing to that — it just uses the minimum slice of permissions, so that even a hostile modification of Clio's code would have a small blast radius.
This is the defense-in-depth posture: not all your trust in one layer.
| Layer | Behavior |
|---|---|
| Read | Clio reads the DOM of the active tab on the three declared origins, only when invoked |
| Process | All processing (HTML walking, ZIP assembly, image encoding) happens in the extension's isolated world |
| Write | Output goes to disk via chrome.downloads — Chrome shows the user the destination |
| Network | No outbound network call to any non-declared origin exists in the code; the manifest does not permit one |
If any of these layers were to be weakened, the manifest is the first thing to change. PR review for manifest changes is therefore the leverage point for privacy: a manifest diff is unusually meaningful in this project.
- Threat Model — what attacks this defends against
- Defense in Depth — concrete manifest-level walkthrough
- PRIVACY.md — the user-facing version
Three Pillars (CIA)
- Privacy Architecture — Confidentiality
- Provenance and Auditability — Integrity
- Availability and Denial of Access — Availability
Topics
Source docs