Disable for private repositories by default? #2
Description
Congrats on the idea, it works well and it's pretty cool.
I have one concern though, the extension does work with private repositories. Looking at the code, it sends some of the repository's data to your servers. Would it be possible to disable that by default and add an option to enable it explicitly, with the appropriate warnings?
Also, I am surprised that the API endpoint https://git.indexstorm.com/similar is not listed in the manifest.json's permissions. I thought the browser wouldn't allow making requests without that. I think it would be great to add it regardless, this way users are informed in the web store and extension's page that it sends data to an API.
Overall it would show that the extension cares about privacy and it's more trustworthy. Let me know what you think and perhaps I can submit a PR!