磁链管家 — 隐私与权限说明
核心承诺:本扩展不收集你的浏览历史、不读取除 115.com 外的任何域名 cookie、不向任何第三方分析服务上报数据。 所有磁链处理都在你的浏览器本地完成;115 离线 / aria2 推送等操作直接从你的浏览器发出,不经过我们的服务器中转。
1. 收集的数据
| 数据 | 用途 | 存储位置 | 是否上传 |
|---|---|---|---|
| 购买邮箱 | license 投递、退款联系 | 我们的 license 服务器(Cloudflare Worker + D1,部署在 api.magnet.gaoyatang.com) | 购买时主动提供 |
| 设备 ID(浏览器随机 UUID) | license 设备绑定(5 台上限) | 本地 chrome.storage.local,仅在 license 校验时上传 | 上传到我们的 license 服务器 |
| License key | 付费用户标识 | 本地 chrome.storage.local | license 校验时上传 |
| aria2 端点 / token / 保存目录 | RPC 推送配置 | 本地 chrome.storage.local | 从不上传 |
| 115 离线目录 cid | 磁链推送目标 | 本地 chrome.storage.local | 从不上传 |
| 最近 50 条完整任务日志 | 完整日志页展示、问题诊断、复制 magnet / aria2 GID | 本地 chrome.storage.local | 从不上传 |
任务日志可能包含完整 magnet URL、入口来源(popup / 页面按钮 / 右键菜单)、 每步状态、错误信息、aria2 GID、SmartResult JSON;仅保存在本机浏览器, 可在"完整日志"页(popup → "📋 完整日志")一键清空。
2. 不收集的内容
- 不收集浏览历史或访问网站列表
- 不收集除 115.com 外的任何域名 cookie
- 不收集网页表单内容、密码、个人信息
- 不向 Google Analytics / 微软 Clarity / 任何第三方分析服务上报
- 不读取你的本地文件、剪贴板(除非你主动粘贴磁链到 popup)
3. 权限逐条说明
API 权限
| 权限 | 用途 | 调用位置 |
|---|---|---|
storage | 持久化 license / 配置 / 任务历史 | chrome.storage.local 在 background / popup / options |
cookies | 仅读取 115.com 域 cookie,用于调用 115 离线下载 API。"115 → aria2 接力"功能开启时,会额外读 115 CDN 鉴权 cookie acw_tc 并以 HTTP header 形式传给你自己配置的 aria2 endpoint(让 aria2 能从 115 CDN 拉文件);不会发送给本产品服务器 | chrome.cookies.get({ url: 'https://115.com', ... }) 在 background |
notifications | 磁链推送任务完成 / 失败时提醒 | chrome.notifications.create 在 background |
contextMenus | 页面右键菜单加 "发送到磁链管家" 项 | chrome.contextMenus.create 在 background |
alarms | 每天后台同步一次 license 状态 / 服务器时间 | chrome.alarms.create 在 background,每日间隔 |
scripting | 右键菜单 / 用户主动触发时按需注入小段脚本(仅当前 tab) | chrome.scripting.executeScript,仅 user gesture 后 |
tabs | 识别当前 tab 用于推送上下文 / 跳转 115 登录 | chrome.tabs.query / create 在 popup / background |
Host 权限(安装时立即获得)
| 域名 | 用途 |
|---|---|
https://115.com/* + https://*.115.com/* | 调用 115 离线下载 API。115 把 cookie 绑定到颁发时的 IP,所以请求必须从你的浏览器上下文发起,扩展直接调,不经过我们服务器。 |
https://api.magnet.gaoyatang.com/* | 调用本产品 license 校验 / 订单 / 退款服务。所有付款数据 HTTPS + HMAC 签名传输。 |
http(s)://localhost/* + http(s)://127.0.0.1/* | 本机 aria2 RPC(默认场景)。 |
Optional Host 权限(按需申请,浏览器弹窗一键允许)
如果你配置的 aria2 不在本机(NAS、Tailscale、反向代理等),扩展会在你点保存时自动弹窗申请该主机访问权。你可以随时在 chrome://extensions/ → "网站访问权限" 撤销。
Content Script <all_urls>
内容脚本注入到所有页面,仅做纯本地的磁链识别(regex 扫页面 magnet 链接),不发送任何数据到任何服务器。 识别到的磁链旁会出现 "→ 离线" 按钮,用户点击后才会将磁链发送给 background 处理。 内容脚本本身没有任何外发请求或敏感操作。
4. 第三方服务
| 服务 | 用途 | 数据范围 |
|---|---|---|
| 115 网盘 (115.com) | 离线下载 / 文件管理 | 仅磁链 URL 和 115 cookie,扩展直接调用,不经过我们服务器 |
| 本产品 license API (api.magnet.gaoyatang.com) | license 校验、订单、退款 | 购买邮箱、license key、设备 ID |
| 支付宝(仅落地页跳转) | 购买付款 | 仅订单金额和编号,不经过本扩展 |
| 用户配置的 aria2 RPC endpoint | 下载任务推送 | 常规模式("仅 aria2" 按钮 / 智能推送 fallback):磁链 URL + 保存路径。 "115 → aria2 接力"模式(用户在设置里勾选):115 文件 HTTPS 直链 + 文件名 / 子目录路径 + User-Agent + Referer: https://115.com + 115 CDN 鉴权 cookie header Cookie: acw_tc=...(aria2 不带 acw_tc 拉不到 115 CDN)。目标地址完全由你配置;请只对你信任的 aria2 endpoint 开启接力。 |
5. 数据保留与删除
- 本地数据(
chrome.storage.local):卸载扩展后自动清除 - license 服务器数据:可邮件 [email protected] 申请删除
- 退款后 license 立即失效,相关订单数据保留作账务凭证(按法律要求)
6. 联系方式
隐私问题、数据请求、bug 反馈:
邮箱 [email protected]
产品主页 magnet.gaoyatang.com
最后更新:2026-04-30
Magnet Manager — Privacy & Permissions
Core promise: This extension does not collect your browsing history, does not read any cookies except for 115.com, and does not report data to any third-party analytics service. All magnet processing happens locally in your browser; 115 offline / aria2 push operations are sent directly from your browser, never proxied through our servers.
1. Data we collect
| Data | Purpose | Storage | Uploaded? |
|---|---|---|---|
| Purchase email | License delivery, refund contact | Our license server (Cloudflare Worker + D1, deployed at api.magnet.gaoyatang.com) | You provide it at purchase |
| Device ID (browser-generated UUID) | License device binding (5-device cap) | Local chrome.storage.local, only sent during license check | Sent to our license server |
| License key | Paid user identifier | Local chrome.storage.local | Sent during license check |
| aria2 endpoint / token / save dir | RPC push config | Local chrome.storage.local | Never uploaded |
| 115 offline directory cid | Magnet push target | Local chrome.storage.local | Never uploaded |
| Last 50 full task logs | Detailed log view, troubleshooting, copying magnet / aria2 GIDs | Local chrome.storage.local | Never uploaded |
Task logs may include the full magnet URL, entry source (popup / page button / context menu), per-step status, error messages, aria2 GIDs, and SmartResult JSON; stored only in your local browser. Clear all entries via the "Full log" page (popup → "📋 Full log").
2. What we do NOT collect
- No browsing history or visited site list
- No cookies from any domain other than 115.com
- No web form contents, passwords, or personal information
- No reporting to Google Analytics / Microsoft Clarity / any third-party analytics
- No reading of your local files or clipboard (unless you actively paste a magnet into the popup)
3. Per-permission justifications
API permissions
| Permission | Purpose | Where called |
|---|---|---|
storage | Persist license / config / task history | chrome.storage.local in background / popup / options |
cookies | Only reads 115.com domain cookies, used to call 115 offline-download APIs. When the "115 → aria2 relay" feature is enabled, also reads the 115 CDN auth cookie acw_tc and forwards it as an HTTP header to your own configured aria2 endpoint (required for aria2 to fetch files from 115's CDN); never sent to our servers | chrome.cookies.get({ url: 'https://115.com', ... }) in background |
notifications | Notify on magnet task completion / failure | chrome.notifications.create in background |
contextMenus | Add "Send to Magnet Manager" right-click menu item | chrome.contextMenus.create in background |
alarms | Daily background sync of license state / server time | chrome.alarms.create in background, daily interval |
scripting | Inject small scripts on demand (current tab only) when triggered by user gesture | chrome.scripting.executeScript, only after user gesture |
tabs | Identify current tab for push context / open 115 login page | chrome.tabs.query / create in popup / background |
Host permissions (granted at install)
| Origin | Purpose |
|---|---|
https://115.com/* + https://*.115.com/* | Call 115 offline-download APIs. 115 binds session cookie to issuing IP, so requests must originate from your browser context; the extension calls directly, never through our servers. |
https://api.magnet.gaoyatang.com/* | Call our license validation / order / refund services. All payment data transmitted over HTTPS + HMAC-signed. |
http(s)://localhost/* + http(s)://127.0.0.1/* | Local aria2 RPC (default scenario). |
Optional host permissions (granted on demand, with browser prompt)
If your aria2 is not on localhost (NAS, Tailscale, reverse proxy, etc.), the extension will prompt the browser permission dialog automatically when you save the endpoint. You can revoke at any time via chrome://extensions/ → "Site access".
Content Script <all_urls>
Content script is injected into all pages, but only does local-only magnet detection (regex scan of page magnet links). It does not send any data to any server. Detected magnet links get a "→ Offline" button injected next to them; the magnet is only sent to background after you click the button. The content script itself makes no outbound network requests or sensitive operations.
4. Third-party services
| Service | Purpose | Data scope |
|---|---|---|
| 115 Cloud Storage (115.com) | Offline downloads / file management | Magnet URL and 115 cookie only, called directly by the extension, never through our servers |
| Our license API (api.magnet.gaoyatang.com) | License validation, orders, refunds | Purchase email, license key, device ID |
| Alipay (landing page redirect only) | Purchase payment | Order amount and ID only, never via this extension |
| Your configured aria2 RPC endpoint | Download task push | Default mode ("aria2 only" button / smart-push fallback): magnet URL + save path. "115 → aria2 relay" mode (opt-in via Settings): 115 HTTPS download URL + filename/subdirectory path + User-Agent + Referer: https://115.com + 115 CDN auth cookie header Cookie: acw_tc=... (without it aria2 cannot pull from 115's CDN).Target address fully under your control; only enable relay for aria2 endpoints you trust. |
5. Data retention and deletion
- Local data (
chrome.storage.local): cleared automatically when you uninstall the extension - License server data: email [email protected] to request deletion
- After refund, the license is invalidated immediately; related order data is retained as accounting records (per legal requirements)
6. Contact
Privacy questions, data requests, bug reports:
Email [email protected]
Product home magnet.gaoyatang.com
Last updated: 2026-04-30