Not sure if reddit supports it, but this is how we did our extension at an old startup I worked for.
We allowed users to share post-it note style comments on web sites with their friends; for example, I could leave you a little note on the hackernews front page, and the next time you go to the site you would see the not sitting on top of it.
In order to do this, we had to check every page you visited to see if there was a slide for you on it. We cared about privacy, so we took a hash of each URL and sent it instead of the URL itself. While we would know what site you are on if we happened to get a hit (i.e. you had a note on the page), we wouldn't know what site you were on if there was no note.
Of course, this was all based on the users trusting us to not change our code. There was nothing preventing us from changing how we sent the URLs. The level of access extensions get is SCARY. I don't think users realize what exactly they are allowing when they install them.
Hey, that's awesome! Your design reminds me of "hoodwink'd", which was "underground" in the sense that you had to edit your DNS settings for "hoodwink'd" to work. http://ecmanaut.blogspot.com/2006/01/hoodwinkd.html
Your site URL hashing system is also pretty close how Goggles works, only instead of notes, you get to draw MS paint-like scribbles. http://goggles.sneakygcr.net
Each website is uniquely keyed by a hash of the URL, so Goggles doesn't know the website's URL even if there is a hit. (It does send the page title to the server though because popular sites go on a leaderboard; i'm not so sure about that decision though since it can leak some privacy...)
Browsers are doing a much better job at protecting/restricting bookmarklets than extensions and I wish more of these kinds of notetaking apps/tricks use bookmarklets instead. For example, I just now discovered that Chrome will prevent Goggles from working on certain HTTPS sites like hacker news because it loads javascript from an http:// URL, which is a great design decision from the Chrome team.
We allowed users to share post-it note style comments on web sites with their friends; for example, I could leave you a little note on the hackernews front page, and the next time you go to the site you would see the not sitting on top of it.
In order to do this, we had to check every page you visited to see if there was a slide for you on it. We cared about privacy, so we took a hash of each URL and sent it instead of the URL itself. While we would know what site you are on if we happened to get a hit (i.e. you had a note on the page), we wouldn't know what site you were on if there was no note.
Of course, this was all based on the users trusting us to not change our code. There was nothing preventing us from changing how we sent the URLs. The level of access extensions get is SCARY. I don't think users realize what exactly they are allowing when they install them.