Use hash fragments, which are more private #21
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hey there! 👋 Thanks so much for creating this app! 😄 It's a great little tool for organizing my friends' Secret Santa exchange, and way better than forking over personal data to all of the wacky sites you'll find on Google.
This tool is almost perfect in my eyes, but in the name of bolstering user privacy even more, I'm submitting this PR -- the reason being, hash fragments are more secure than search parameters for transmitting data to another user when said data doesn't require processing on the server (because hash fragments are never transmitted to the server in the first place).
This means that the key and encrypted data never leaves the user's browser. Now, do I think GitHub is digging through GitHub Pages request logs to look through this information? No, but they could -- and so could the users' ISPs, or Internet cafes, or malicious users at said Internet cafes (because the site does not require HTTPS; please enable that, it's just one click!).
It's a small change, and it functions identically to the current version, but it doesn't result in sending users' sensitive data over the internet 😊 (this matters less for IRL Secret Santas, but I'm using this with some online friends, and want to be sensitive with their addresses, which will be included as part of the "extra info" in the app).
Thanks so much for your time!