Greasy Fork

Some scripts will send a user's login cookie/token for a site to a third party server. In some cases this is required for the script to function, as the third party server performs some actions on the user's behalf. In some other cases, this is just malware.

I'm considering adding a new @antifeature type that would be required if a script is doing this with a requirement that an explanation be provided of what is being collected and for what purpose. For example, Maybe @antifeature token Your farmgame.example token is sent to our server so that we can auto-harvest your carrots..

This wouldn't directly prevent malware, but it would serve as a warning to users about this behaviour as well as a requirement/chance for authors to justify it.

Being a life-learner of data security, I vote 'Yes'.

I vote 'Yes' too.