WhoFundsWho performs all privacy sensitive operations locally, on the user’s local machine. Upon installation the extension downloads from two Google Sheets two lists of keywords (one for organization names and one for people names) together with the URLs of the Airtable records they are associated with. It uses these to locally build a Bloom filter data structure which in turn it uses to perform keyword searches of the text of webpages the user visits. This works as follows:

After a webpage’s text content has fully loaded, the content script captures all visible text and sends it to a local service worker that performs a Bloom filter keyword search on it and returns an array with the keywords it found. The content script then highlights and hyperlinks these keywords on the webpage.

Up to this point all these processes are automatic and take place only on the user’s local machine. No data about the websites the user visits or the text on those websites is ever transmitted to servers in this process.

It is only when the user clicks on or hovers over a highlighted name to open a popup with funding data for that organization or person, that a record retrieval request is sent to a server. The request sent to the server consists only of the (encrypted) url and two backup urls where the Airtable records associated with the name are located. The only information sent to the server is a request to see a specific record of an organization or person. No user data (e.g. IP address) is collected or logged.

For all this to work, WhoFundsWho requires three permissions:

Host Permission
By default WhoFundsWho runs on all webpages and it runs automatically, without requiring the user to manually start the keyword search of a webpage’s text. The user can change these settings in the user menu by choosing the ‘off’ rather than ‘on’ setting and then manually re-activating the search on each webpage it wants the extension to run on.

The user can also specify a list of websites that the extension should or should not run on. But the default is that the extension runs automatically and on all websites.

For this to work, the extension requires the <all_urls> host permission, a powerful permission that could potentially be misused. That is why all privacy sensitive actions are only performed locally, as explained above.

Storage
Because the extension downloads the keywords data from the two Google Sheets in order to locally build the database that it uses for the keyword searches, it needs storage permission. This permission is also needed to store the selections the user makes in the user menu so that these selections can persist between different sessions.

Unlimited Storage
Because the number of keywords in the database that it needs to store locally is very large (75,000+) the extension requires more than 5MB storage space, which means it requires the Unlimited Storage permission.

---

Error Logging

The extension uses the Sentry error logging service. The only information sent to Sentry service is the error message itself and the operating system and browser type and version the error occurred in. No IP addresses or other information that can associate the error with an individual device are logged.