Given enough users, you'll have interesting statistics and metrics forming. What are you going to do with this? Might visitor IPs (viewers of Emoji inlined on GH, that is) be processed/retained?
Does this work for others not running the browser extension (or outside of your Slack organisation)? Also, Emoji has been part of Unicode for more than a decade...
> All you need is to have the Single Emoji browser extension, which connects to your Slack workspace and enables you to use your favorite Emoji on your favorite tools, by making the smallest patches possible to how these tools work. Nothing too fancy, nothing too suspicious.
all you need is to connect random javascript to a major channel for social engineering and then run it inside major channel for software supply chain risk
Back during the Yahoo and MSN chat days (remember Windows executables?), there were also "Download custom smiley packs" ads all over the Internet. I never tried them because they were probably malware. I have the same skepticism for this extension, or how easy extensions auto-updates can turn it into one.
I mean, you’re not wrong, but I’d bet the Venn diagram of…
- people who use both a Web Extensions-supporting browser and Slack
- people who install extensions with permissions to run arbitrary JS on every page
- people who install or use Slack bots/etc with excessive access to Slack data
… is likely very nearly a circle. The emoji use case isn’t one for which I’d personally take that combination of risks. But I can imagine a wide variety of more appealing/risk worthy and likely even higher risk “use [CLOUD_SERVICE_FOO_RESOURCES] seamlessly in GitHub” use cases where I’d pause to at least consider it.
3np|3 years ago
andrenotgiant|3 years ago
vallanceroad|3 years ago
schniz|3 years ago
codetrotter|3 years ago
It’ll be like BetterTTV but for HN :catjam: :meow_party:
unknown|3 years ago
[deleted]
Kikobeats|3 years ago
steventey|3 years ago
keybored|3 years ago
awinter-py|3 years ago
all you need is to connect random javascript to a major channel for social engineering and then run it inside major channel for software supply chain risk
netsharc|3 years ago
Are the other responses in here non-ironic?
layer8|3 years ago
eyelidlessness|3 years ago
- people who use both a Web Extensions-supporting browser and Slack
- people who install extensions with permissions to run arbitrary JS on every page
- people who install or use Slack bots/etc with excessive access to Slack data
… is likely very nearly a circle. The emoji use case isn’t one for which I’d personally take that combination of risks. But I can imagine a wide variety of more appealing/risk worthy and likely even higher risk “use [CLOUD_SERVICE_FOO_RESOURCES] seamlessly in GitHub” use cases where I’d pause to at least consider it.
bakugo|3 years ago
unknown|3 years ago
[deleted]
javivelasco|3 years ago