Even then, I would recommend anyone to install (small to mid) browser extensions by cloning and inspecting the source and just then loading it yourself - if you don't know: any browser extension can read input/password fields across all site(s) you gave it access to (yeah, it's crazy but unfortunately true).
I vibe-converted it to a userscript[1], but it doesn't work for me in qutebrowser because it depends on profile data fetched from `https://hn-trustspark.com/alltrust.json`, which seems to be periodically updated by the author, and qutebrowser has limited userscript support. :(
It could probably be worked around by fetching the data externally, but I don't want to depend on hn-trustspark.com. It would be great if the profile updating tool could be published as well.
Anyway, hope it helps someone else :)
FWIW, after a quick review of the script, it looks safe to me. As long as you trust that the served profile data is correct, and don't mind leaking your IP to it.
Great idea and kudos to the author! We need more tools like this to help us deal with spam, and not just on HN, but everywhere.
[1]: https://gist.github.com/imiric/a5d1cd187e91eb0b725c4661250e5...
It's centralized for a few reasons though, first being that client-side API requests would be discourteous to the APIs (flood/ddos), and a whole new level of error handling would be required. Shared IPs, like those in a tech company building, would easily and quickly reach the API limits. So that's the reasoning, if you're curious.
One issue: New accounts with Zero submissions get a full green stack for "Submission Trust" (0 submissions in 0 days).
That comes across as three flat red lines and a singl tall green stack - not sure if that's the right message.
Submissions is an odd one ... those people that submit a story seen on the tech blogs once a day get bucketed together with habitual spammers of poor quality posts.
First is that I didn't want to make a plugin in the first place, I wanted to make a bookmarklet, but HN's CSP policy was too strict. So that was a bummer.
Second is that I have very mixed feelings about open source these days, and so open-sourcing feels less and less like the sensible default state. One of the sibling comments here discovered the alltrust.json and vibecoded around it, which is really a case in point about why open sourcing feels like I'd be leaving myself "open" to be domineered (not just by users, but by bots and companies as well).
Third is that the system/plugin is partly LLM-assisted itself (even though the code is minuscule), and I'm self conscious of being a slop-slinger. Or at least, pushing up repos with LLM code just feels, idk... lazy and asymmetrical (despite this plugin having clear utility, which I think it does).
But it's completely fair to say "oh look, a plugin about trust that's closed source, how hypocritical." I get that. If there's enough interest I'll open source it, sure.
Apologies for working around it and putting the code out there against your wishes. If you check my post history, you can see how opposed I am to these new tools, and "vibe coding" specifically. In my defense, I really didn't want to spend a lot of time on this, and LLMs do a decent job at this type of mechanical conversion. And I really don't judge anyone for using them mindfully, as you've clearly done in this case. The code didn't read like slop to me, if it's any consolation. :)
Besides, this "closed source" criticism is really a non-issue in this case considering it's a browser extension with clear JS, which anyone can inspect if they were really interested.
Cheers!
EDIT: I've deleted the gist. :)
I suppose that my point is more that creating a GitHub repo has some strings attached to it nowadays, is all.
I can figure out how to shasum/sig the extension for heightened trust.
Some more thoughts:
1. The website needs a description of what this project even is.
2. Open-source the code, especially since it's just for the community, I'd be vary of installing "some random" extension from the store.
3. The modal element in the iFrame on the website is cutoff on mobile widths using Firefox.
But it would be useful to know if I had up/down voted them significantly in the past.
I think friend/foe and trust signals should come from a user's voting. So I think it should operate transparently to the user and there should be a default shade-out option of bad actors, but with the option to view. So it's set-and-forget. On the backend - could you make it so if you've never visited HN before, and you install the plugin, the experience changes accordingly?
I had the idea to setup a forum somewhere else - this sort of functionality would come in handy as part of normal operation.
Is there a way to do this from a bookmarklet?
(I'm not being facetious or accusatory, I'm genuinely interested learning how some of these high submission rates operate, since a lot look automated).
> what are you submission habits? Do you just submit links you find interesting often?
Pretty much. I will often email myself links I think might be interesting, then batch up submissions. I also like to highlight friends' posts.
> And does the karma rewards factor into your routine submissions?
It's always fun to get karma, but I like the fact I can call attention to someone or something that deserves it more.
I also wrote and talked about my thoughts on HN and how to be a good community member a bit more:
- in this blog post: https://www.mooreds.com/wordpress/archives/3530
- in this podcast: https://www.youtube.com/watch?v=VrObxK-J_3I
Found one: https://web.archive.org/web/20260328080015/https://hn-trusts...
You have an overall 7 out of 8.
