It's safer for all users for SD to not get price data by default. We cannot avoid the fact that even though we are using TLS, the server name is leaked by SNI during the beginning of the TLS handshake and so a network spy (such as a user ISP) knows that a computer is talking to coingecko.com (but not which page is requested).
Users that want price feed data can enable it explicitly via settings.
It's safer for all users for SD to not get price data by default. We cannot avoid the fact that even though we are using TLS, the server name is leaked by SNI during the beginning of the TLS handshake and so a network spy (such as a user ISP) knows that a computer is talking to coingecko.com (but not which page is requested).
Users that want price feed data can enable it explicitly via settings.
As an additional way to educate users who want to enable this, I want there to be a popup OK/Cancel modal when a user tries to enable the price feed. It should say something like "Enabling the price feed leaks metadata to your ISP and other network spies that your computer is accessing coingecko.com, but not which exact page or which currency you are choosing. Do you still want to enable the price feed?" If they hit OK, we write the price feed option to their config file to be ON, change the value of that variable in memory, and update the GUI. If Cancel, do nothing.
As an additional way to educate users who want to enable this, I want there to be a popup OK/Cancel modal when a user tries to enable the price feed. It should say something like "Enabling the price feed leaks metadata to your ISP and other network spies that your computer is accessing coingecko.com, but not which exact page or which currency you are choosing. Do you still want to enable the price feed?" If they hit OK, we write the price feed option to their config file to be ON, change the value of that variable in memory, and update the GUI. If Cancel, do nothing.
Latest commit on dev does the basics of this, needs to be tested. Currently it only affects this run of SD, it does not write anything to the config file yet. The popup when enabling prices has not been implemented yet. It seems that disabling the price feed never worked correctly.
Latest commit on dev does the basics of this, needs to be tested. Currently it only affects this run of SD, it does not write anything to the config file yet. The popup when enabling prices has not been implemented yet. It seems that disabling the price feed never worked correctly.
For reference and others testing, those config options are stored in ~/.config/Hush/SilentDragon.conf Location will differ on other OSes. Change works correctly for me and defaults to off as long as I delete that config file first. Fresh installs with no history should default to off as intended.
I do see get_price still being called somewhere regularly, but likely for updating UI only. Probably still a good idea to only call it if setting is enabled though. I see this output regularly: Could not find price of "btc" !!!
For reference and others testing, those config options are stored in `~/.config/Hush/SilentDragon.conf` Location will differ on other OSes. Change works correctly for me and defaults to off as long as I delete that config file first. Fresh installs with no history should default to off as intended.
I do see `get_price` still being called somewhere regularly, but likely for updating UI only. Probably still a good idea to only call it if setting is enabled though. I see this output regularly:
`Could not find price of "btc" !!!`
It's safer for all users for SD to not get price data by default. We cannot avoid the fact that even though we are using TLS, the server name is leaked by SNI during the beginning of the TLS handshake and so a network spy (such as a user ISP) knows that a computer is talking to coingecko.com (but not which page is requested).
Users that want price feed data can enable it explicitly via settings.
As an additional way to educate users who want to enable this, I want there to be a popup OK/Cancel modal when a user tries to enable the price feed. It should say something like "Enabling the price feed leaks metadata to your ISP and other network spies that your computer is accessing coingecko.com, but not which exact page or which currency you are choosing. Do you still want to enable the price feed?" If they hit OK, we write the price feed option to their config file to be ON, change the value of that variable in memory, and update the GUI. If Cancel, do nothing.
Latest commit on dev does the basics of this, needs to be tested. Currently it only affects this run of SD, it does not write anything to the config file yet. The popup when enabling prices has not been implemented yet. It seems that disabling the price feed never worked correctly.
@duke I will try testing tonight and can help with the popup if needed.
For reference and others testing, those config options are stored in
~/.config/Hush/SilentDragon.confLocation will differ on other OSes. Change works correctly for me and defaults to off as long as I delete that config file first. Fresh installs with no history should default to off as intended.I do see
get_pricestill being called somewhere regularly, but likely for updating UI only. Probably still a good idea to only call it if setting is enabled though. I see this output regularly:Could not find price of "btc" !!!@fekt I agree, we shouldn't be calling any
get_pricefunctions if price is turned off.