I will try to expand the project to include reddit, twitter and linkedin. This will take some time, but I've also added LinkedIn to my to-do list. Thanks for your comment.
As a cybersecurity nerd, I have to say it. Your and my projects aren't exactly privacy friendly. They can be developer and user friendly. However, no library that works with embed, iframe or api call can claim to be privacy friendly. This is because they force users to connect to an external resource. Algolia API can track visitors by collecting ip addresses and http referer headers. It may also place cookies on their browsers. If you're determined to make such an assertion, you'll need to write a proxy to isolate users from the external api. However, this will create a server dependency, and static pages do not have such a possibility.
CDN Servers sometimes trigger my paranoia. They can inject malicious javascript commands into any server at any time. They can track visitors. They also provide users with short loading times. We seem to place too much emphasis on fast consumption or ignore privacy. Our relationship with the Internet is based on mutual trust. We live on the assumption that others will not do anything harmful. I must say that this is far from wise. Do we know if some CDN servers are injecting malicious javascript commands into sites based on random requests?
Maybe it's just paranoia, but if they do something and we don't know it, can we call it paranoia? It's possible, so it's not paranoia, and I'm not a freak.
I'm writing this as a reply to you and it's not my intention to disrespect you or sound knowledgeable. In Turkish, in such cases, we say "my word is out of the parliament" ('Sözüm meclisten dışarı'). I just wanted to share information and post my thoughts and feelings in context.
> I'm writing this as a reply to you and it's not my intention to disrespect you or sound knowledgeable.
Totally understand, no offence taken.
> As a cybersecurity nerd, I have to say it. Your and my projects aren't exactly privacy friendly.
I see you're looking at my claim that there's "no tracking" in the YComments project. Well, there's actually no way to make it more private, and having a proxy server is just another risk of malicious code creeping in.
You can verify that my code doesn't do anything nefarious without trusting me, and you can verify that the algolia API doesn't do anything nefarious from their reputation.
Conversely, if I were to create a privacy focused back-end API (proxy or whatever), you would need to trust that my server is not serving malicious code or tracking requests. It's much more risky to trust individuals with no reputation (like me or you), rather than a large company that has built a reputation with a large community.
Like you said "Our relationship with the Internet is based on mutual trust".
> It's possible, so it's not paranoia
Well, I don't follow this logic, a lot of things are "possible", that doesn't mean they're practical or sensible. It's possible that nuclear war will break out at any moment, but I'm not going to live in a bunker my whole life.
Anyway, not intended to disrespect you, these are a just stream of my thoughts just like yours. Take care.
Thank for GraphQL api. i write a javascript library for view HN comments in static web pages. Official HN Api create really big problem for me. i written my library with recursive request logic but i'll update it now.
i think you need provide use case examples like in Offical HN Api Repository.
