Evaluată cu 3 din 5 stele

I appreciate the work behind oneClipper and wanted to share a constructive security observation from reviewing the source code.

The add-on appears to rely on an external token server for Microsoft OAuth token handling, so users may need to place significant trust in that service. If that server were ever compromised or mismanaged, connected OneNote access could potentially be exposed.

It may be helpful to clarify this external dependency on the add-on page so users can better understand the trust model. I’m sharing this as a constructive suggestion for transparency, not as an accusation.

Namaste,
First, thank you so much for the 3-star review and for taking the time to review the source code! I truly appreciate users who have a strong security mindset, and I take your constructive feedback very seriously.

You are completely correct about the external dependency, and your suggestion about transparency is spot on. I will be updating the add-on description page to clearly clarify this trust model for all future users.

For you and anyone else reading, I want to share the strict measures I take to ensure your data is safe:
Secure Infrastructure: The OAuth server is hosted on highly secure, industry-standard Google Cloud infrastructure. All data transmission happens over encrypted HTTPS.

Strict Privacy Policy: The server logic is designed strictly to append data. As stated in my privacy policy, the server never reads, stores, or analyzes the contents of your personal notes.
Human Review: Thunderbird add-ons undergo strict, manual code reviews by real human moderators at Mozilla. If there were any suspicious activities or mishandling of tokens, the add-on would be immediately suspended.

I completely understand your observation, and I am actively working on rewriting the extension to modernize the architecture and further tighten security.

Thank you again for the honest, polite, and constructive feedback. It helps me make oneClipper better and safer for everyone!
Best regards,
Anil
Developer, oneClipper

Evaluată cu 3 din 5 stele

I appreciate the work behind oneClipper and wanted to share a constructive security observation from reviewing the source code.

The add-on appears to rely on an external token server for Microsoft OAuth token handling, so users may need to place significant trust in that service. If that server were ever compromised or mismanaged, connected OneNote access could potentially be exposed.

It may be helpful to clarify this external dependency on the add-on page so users can better understand the trust model. I’m sharing this as a constructive suggestion for transparency, not as an accusation.