And that’s controlled by the user, no? (Like that old Bitcoin rewards shopping app - Lolli - I remember I’d get a request on each domain I visited asking for pretty comprehensive permissions).

Wouldn’t an extension that can sign your nostr events also be seeing all the content on your nostr web client?

I’ve steered clear of extensions in general in the past, partly because they seem like they are bad for privacy, and partly because I don’t know enough about how they work to feel like I’m in control of what they get or how they use that information.

Might be time to do-my-own-research. But I appreciate both of your insight, especially in the context of nostr and with privacy-conscious users 🙏