NiM Chrome Extension is collecting user's email address

[eyedean]

NiM Chrome Extension is an option suggested by the Node team in https://nodejs.org/en/docs/guides/debugging-getting-started/

Per the following line of code in the source code of that extension, it collects user's email address and sends that (encrypted with the author's public key to his analytics server.
https://github.com/june07/NiM/blob/master/background.js#L151

Not only does it look suspicious, but probably a great portion of the users are not aware of that. In fact, it's for any debugging or general-tracking purpose of the developer, it could be a randomly generated UUID that gets sent, not the user's email address.

I wouldn't trust this extension and I think Node community should at least mention this in the official docs. (e.g. BTW, this extension is going to collect your email address and send that to the extension publisher.)

[joyeecheung]

Please open an issue in https://github.com/nodejs/nodejs.org/issues as the source code lives in that repo, or open a pull request with the note added in that section (you can follow the Edit on GitHub link on the top-right of https://nodejs.org/en/docs/guides/debugging-getting-started/).

On a side note the author of NiM claimed that the email collection had been removed before the PR by them was merged: nodejs/nodejs.org#1923 (comment)

[eyedean]

Thank you @joyeecheung. For now I commented on nodejs/nodejs.org#1908 and nodejs/nodejs.org#1923 (comment) asking the old issues (with more historical context) to be reopened. Let's hope that works!

Since I am new to the community and the topic is a bit personal from what I am seeing, I rather wait a few days before opening a PR to Edit the Docs.

[june07]

These changes were the ones made back when the issue came up. I added encryption as that was what was required to be GDPR compliant. I also removed emails being sent to Google analytics. I took every step I deemed necessary, per the feedback I was getting directly from those involved in the threads, and in fact went through a huge process/time length getting NiM re-instated.

Again I want to emphasize that the code base has not been changed in any way since then surrounding these particular issues and if there is still some outstanding issue, I am happy to make a change but understand that it's nothing new and was "checked off" by others then.

[eyedean]

Let's centralize our conversation in nodejs/nodejs.org#1908. Thanks.