If that is the case (I'm not saying it's not, just that I don't know)... why did the extension even need to exist? Presumably "certain sites" are partner sites participating in the promotion. If they are participating and (I assume) they control their own content, why didn't they just invert those words or whatever else they wanted to do with the content when they served it?
I'm very confused about why this needed to roll out as a browser extension at all.
Are the consequences significantly different than having private repos on Github to begin with?
I realize this is one more Github service with access to metadata about your code, so the attack surface is technically larger, but is the probability of leak that much greater from this service than it already is by having your code on their servers (which, I assume, are protected by the same security team)?
Maybe it's an oversimplification but my expectation is that any project with such sensitivity wouldn't be hosted on an external service at all.
If that is the case (I'm not saying it's not, just that I don't know)... why did the extension even need to exist? Presumably "certain sites" are partner sites participating in the promotion. If they are participating and (I assume) they control their own content, why didn't they just invert those words or whatever else they wanted to do with the content when they served it?
I'm very confused about why this needed to roll out as a browser extension at all.