qsobad revised this gist 1 month ago. Go to revision
1 file changed, 108 insertions
PRIVACY.md(file created)
| @@ -0,0 +1,108 @@ | |||
| 1 | + | # Privacy Policy — Feidu AUTOPILOT | |
| 2 | + | ||
| 3 | + | **Last updated**: 2026-05-28 | |
| 4 | + | ||
| 5 | + | This document describes how the *Feidu AUTOPILOT* Chrome extension | |
| 6 | + | ("the extension") handles user data. The extension is the browser-side | |
| 7 | + | companion to *feidu-daemon*, a local macOS proxy controller distributed | |
| 8 | + | separately. This policy covers the extension only; the daemon is open | |
| 9 | + | source and its data handling is documented in its README. | |
| 10 | + | ||
| 11 | + | ## TL;DR | |
| 12 | + | ||
| 13 | + | The extension does not collect, transmit, or store any personal data on | |
| 14 | + | remote servers. All data the extension touches stays on the user's own | |
| 15 | + | machine: in the browser's local storage, or on the loopback interface | |
| 16 | + | between the extension and the local feidu-daemon at `127.0.0.1`. | |
| 17 | + | ||
| 18 | + | There is no analytics, no telemetry, no advertising, no third-party SDK, | |
| 19 | + | no remote logging, and no remote configuration. There are no remote | |
| 20 | + | network destinations contacted by the extension other than `127.0.0.1`. | |
| 21 | + | ||
| 22 | + | ## What the extension can observe | |
| 23 | + | ||
| 24 | + | To do its job, Chrome grants the extension visibility into the following | |
| 25 | + | categories of data. Each is processed locally and never leaves the | |
| 26 | + | machine. | |
| 27 | + | ||
| 28 | + | | Data | How observed | What we do with it | | |
| 29 | + | |----------------------------|-----------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------| | |
| 30 | + | | URLs of pages you visit | `chrome.tabs`, `chrome.webNavigation` | Pass the top-frame hostname to the local daemon so it can choose a proxy tunnel for that tab. Held in service-worker memory; not persisted. | | |
| 31 | + | | URLs of subresource requests | `chrome.webRequest` (read-only) | Detect requests that fail or stall, so the popup can offer a "Test this host" button. Held in per-tab in-memory index; cleared when the tab closes. | | |
| 32 | + | | Active tab hostname | `chrome.tabs.query` during popup interaction | Render the popup ("you're on `example.com` — pin it?") and target user-initiated actions ("test this host"). Not persisted beyond the popup session. | | |
| 33 | + | | Pin list (domain → region) | Synced from the local daemon via SSE | Cached in `chrome.storage.local["pinned-cache"]` so the popup can render when the daemon is briefly offline. Authoritative copy lives in the daemon, not Chrome. | | |
| 34 | + | | Per-tab session ID (SID) | Generated locally as `feidu-<tabId>-<nonce>` | Sent to the local daemon over loopback so it can attribute each connection to the right tab. Released when the tab closes (`chrome.tabs.onRemoved`). | | |
| 35 | + | ||
| 36 | + | ## What the extension never does | |
| 37 | + | ||
| 38 | + | - It does not inject content scripts into web pages. | |
| 39 | + | - It does not read or modify the DOM of any page. | |
| 40 | + | - It does not block, redirect, modify, or rewrite any HTTP request or | |
| 41 | + | response (`webRequest` is used in read-only listener mode only). | |
| 42 | + | - It does not contact any remote server. The only network destination | |
| 43 | + | it dials is `127.0.0.1` (the local feidu-daemon). | |
| 44 | + | - It does not include analytics SDKs, error reporters, or any | |
| 45 | + | third-party JavaScript. | |
| 46 | + | - It does not transmit, sell, rent, or share user data with any third | |
| 47 | + | party. | |
| 48 | + | - It does not use user data for advertising, profiling, or | |
| 49 | + | creditworthiness assessment. | |
| 50 | + | ||
| 51 | + | ## What the local daemon does with data the extension sends it | |
| 52 | + | ||
| 53 | + | When you use the extension, the following data crosses the loopback | |
| 54 | + | boundary to the local `feidu-daemon` process running on the same machine: | |
| 55 | + | ||
| 56 | + | - The hostname of the page in each active tab, so the daemon can choose | |
| 57 | + | a proxy tunnel for that tab. | |
| 58 | + | - Domain pins you create or remove from the popup. | |
| 59 | + | - Routing-suggestion and test requests you initiate from the popup | |
| 60 | + | buttons. | |
| 61 | + | - The proxied HTTP/SOCKS traffic itself (the daemon is your proxy). | |
| 62 | + | ||
| 63 | + | The daemon stores this on the local filesystem under | |
| 64 | + | `$HOME/.feidu/` and `/usr/local/var/lib/feidu-daemon/`. The daemon does not | |
| 65 | + | upload this data anywhere. See the feidu-daemon README for details. | |
| 66 | + | ||
| 67 | + | ## Permissions used by the extension | |
| 68 | + | ||
| 69 | + | A per-permission technical justification is in `PERMISSIONS.md`. The | |
| 70 | + | permissions are: `proxy`, `tabs`, `storage`, `activeTab`, `webRequest`, | |
| 71 | + | `webRequestAuthProvider`, `webNavigation`, `alarms`, and host access to | |
| 72 | + | `<all_urls>`. Each is required for the per-tab routing and | |
| 73 | + | failed-resources detection features described above. | |
| 74 | + | ||
| 75 | + | ## Data retention | |
| 76 | + | ||
| 77 | + | - In-memory per-tab failure index: cleared when the tab closes or when | |
| 78 | + | the service worker is suspended (whichever comes first). | |
| 79 | + | - `chrome.storage.local["pinned-cache"]`: persists across browser | |
| 80 | + | sessions; the user can clear it by uninstalling the extension or by | |
| 81 | + | clearing extension storage in `chrome://extensions`. | |
| 82 | + | - `chrome.storage.session` (per-tab SID map): cleared when the browser | |
| 83 | + | closes. | |
| 84 | + | - Daemon-side data on the local filesystem: governed by the daemon's | |
| 85 | + | own retention rules, see the feidu-daemon README. | |
| 86 | + | ||
| 87 | + | ## Children's privacy | |
| 88 | + | ||
| 89 | + | This extension is not directed at children under 13. We do not knowingly | |
| 90 | + | process data from children. | |
| 91 | + | ||
| 92 | + | ## Open source and audit | |
| 93 | + | ||
| 94 | + | The extension's source code is public. Reviewers, security researchers, | |
| 95 | + | and end users are encouraged to inspect `service_worker.js`, `popup.js`, | |
| 96 | + | and `routes.js` to verify the claims above. | |
| 97 | + | ||
| 98 | + | ## Changes to this policy | |
| 99 | + | ||
| 100 | + | Material changes will be noted at the top of this document with an | |
| 101 | + | updated date, and where possible announced in the extension's release | |
| 102 | + | notes on the Chrome Web Store. | |
| 103 | + | ||
| 104 | + | ## Contact | |
| 105 | + | ||
| 106 | + | Questions about this policy or about the extension's data handling can | |
| 107 | + | be sent to the support email listed on the extension's Chrome Web Store | |
| 108 | + | listing. | |
Newer
Older