openapi-typescript VS fx-private-relay

OpenAPI TypeScript

I'll preface all of this with a couple esoteric design goals that I had in mind:

1. I actually _want_ an SPA. You might not need an SPA, if you don't need one then Vue/React/etc are overkill, etc.

2. I want to power as much of the SPA as I can using the same REST API as my core product, both for dogfooding reasons and for consolidation. Many people might argue that this is a bad idea.

---

With that in mind, some specific packages that I highly recommend:

1. Django-vite (https://github.com/MrBin99/django-vite). This makes it very easy to serve an SPA from the actual django response/request model

2. Some sort of way to get type information (if you're using TypeScript) into the frontend. I use a frankensteined system of the OpenAPI spec that django-ninja generates + openapi-typescript (https://github.com/drwpow/openapi-typescript). This means when I add, say, a new field to a response in Django, I immediately get typechecking for it in Vue — which has been _tremendously_ useful.

3. Django-typescript-routes (a package I extracted and open-sourced!: https://github.com/buttondown-email/django-typescript-routes) which gives your front-end routing information based on the Django router.

Glad to see alternatives but disappointed that Bruno does not support OpenAPI specification.

At my company, we hand-edit OpenAPI specs in YAML and it gets consumed by many tools that generate types[0], static analysis and dynamic checks[1]. The OpenAPI spec itself is linted[2]. And of course, Postman consumes OpenAPI.

Tools that are built on open standards will naturally see greater adoption over those that use proprietary formats.

[0]: https://openapi-ts.pages.dev

Another great library to generate TS types from OpenAPI is https://github.com/drwpow/openapi-typescript . It provides the types as single objects you access via indexing, which is pretty nice. There's a partner library to generate a typed fetch client.

If you're willing to document your API with an OpenAPI schema, then it should be possible to generate TypeScript types based on the OpenAPI schema with something like openapi-typescript. Also, Typebox can generate JSON schemas, maybe it can be used to generate something that the front-end can also use?

REST

In this sample, we'll achive it using openapi-typescript and openapi-typescript-fetch.

Other services like this one: addy.io or relay.firefox.com (no pgp, as I remember)

That isn't alarmist, but almost all privacy features in Brave are already in Firefox as well. Looking at this page:

- Chromium customizations: Not necessary in Firefox

- Client-side encryption for Brave Sync: https://support.mozilla.org/en-US/kb/how-firefox-sync-keeps-...

- DeAMPing: I think AMP has been dead for a few years now

- Limiting network server calls: I think this is a bit tangential to privacy, limiting calls is generally good but it doesn't mean you're transmitting less information. Brave's post comparing different browsers' first startup network calls is from 2019, not sure how Firefox performs today.

- Query parameter filtering: https://firefox-source-docs.mozilla.org/toolkit/components/a...

- Better partitioning for better privacy: https://developer.mozilla.org/en-US/docs/Web/Privacy/State_P...

- Referrer policy improvements: https://blog.mozilla.org/security/2021/03/22/firefox-87-trim...

- Fine grained / temporary permissions API: This is nice, I don't think Firefox has this.

- Social media blocking: https://support.mozilla.org/en-US/kb/enhanced-tracking-prote...

- Bounce tracking protections: https://blog.mozilla.org/security/2020/08/04/firefox-79-incl...

- Limiting the life of Javascript: https://blog.mozilla.org/en/products/firefox/firefox-rolls-o.... Not explicitly mentioned but I believe Firefox does have this 7 day limit as well, in addition to other protections.

- Private windows with Tor: Firefox doesn't have built-in Tor integration, but the actual Tor Browser is built from Firefox.

I think Firefox also has one or two features that Brave does not, like Multi-Account Containers, and some paid services like https://relay.firefox.com/.

> In a sense, it sounds like the advice of the services is less subscribing to them than trying not to have a few e-mails that map to your personal identity.

Firefox Relay is a great way to do that :) https://relay.firefox.com

Integrating that with Monitor is pretty high on at least my personal wish list.

In case you're interested, Firefox Relay uses that stack and is open source: https://github.com/mozilla/fx-private-relay/

> In what ways has mozilla meaningfully dared to try and expand their revenue streams?

I think that Mozilla VPN is pretty nice. It's based on Mullvad VPN, so they seem to know their audience (given that Mullvad has a pretty okay reputation among many tech savvy or privacy conscious folks, a lot of which probably use something like Firefox as well): https://www.mozilla.org/en-US/products/vpn/

I guess there's also Firefox Relay, for those who might benefit from something like that: https://relay.firefox.com/

Not many other products to give them money for come to mind, though.

I've been dragging around a similar concern. My solution might be to use Mozilla's Relay for the email and Privacy.com for the credit card.

https://relay.firefox.com/

https://privacy.com/

That won't stop the data collection but it should mitigate how useful it is. Maybe?

Firefox Relay offers "randomized" phone numbers along with its emails: https://relay.firefox.com