Privacy & source code questions

[myrison]

Hi there - thanks for creating this software. Just to make sure I'm not missing something, is it intentional that the source code files contain only the readme? I'm trying to understand what information your servers receive when using the local proxy (or the remote proxy). From a privacy perspective, not being able to see anything about how the software works when you're installing a new root certificate to make it work, and you have to disable Mac's protections on downloaded files for the local proxy, it's not ideal.

Can you clarify if the source code file is supposed to contain more information, and if not, can you explain how the service works both with and without the local proxy?

[alikemalcivelek]

Hi @myrison, thanks for raising this — let me clarify how it works:

This repository only publishes release builds of the desktop companion app. The project is not open source, so the repo doesn’t contain the full source code.

In Local Proxy mode, no data flows through our servers. The path is strictly:
Browser → Desktop App (local proxy) → Internet.
The desktop app only applies the session isolation rules locally and never forwards your traffic to us. Because the traffic is intercepted and modified on your machine, the app generates a root certificate unique to that machine and marks it as trusted.

In Remote Proxy mode, the same work is done on our proxy servers, so the desktop app isn’t needed. The flow is:
Browser → Our Proxy Servers → Internet.
In this case, since traffic is also being manipulated, you need to install and trust the root certificate from our proxy servers.

We’d prefer the extension to work fully standalone, but Manifest V3 limitations make that impossible today — hence the need for either a local or remote proxy.

Finally, the warnings you see during installation are expected: the desktop app hasn’t yet been code-signed or distributed via an app store. Once we complete code signing, those security prompts will no longer appear.

Hope this gives you a clearer picture. Happy to dive deeper into any specific privacy or security questions you may have.

[rbreaves]

Is there any way for me to use the local proxy app while not interfering with other proxy based plugins such as SwitchyOmega? I really need the ability to be able to use this proxy along with others at the same time. It really messes with my ability to work as seamlessly as I would like as disabling and re-enabling extensions when switching btwn the 2 extensions breaks their respective sites that I use these tools on.

@alikemalcivelek

[alikemalcivelek]

Hi @rbreaves, I have implemented an update that will allow the extension to work without relying on a local/remote proxy service. Once this change is released, the issue you are experiencing with other proxy-based extensions will be resolved.