Comment by cosmic_cheese

Comment by cosmic_cheese 5 days ago

6 replies

View on Hacker News

I’d prefer the photo organization behavior you describe, but I don’t want websites to ever be dipping into the local filesystem outside of heavily siloed areas reserved for web apps exclusively. I don’t want the browser to even be capable of it, because regardless of what permissions and security measures are put in place, someone is going to find a way around them.

The only exception I can see making for filesystem access is for PWAs explicitly installed by the user, and even then there should be restrictions in place like limiting access to scripts loaded from the installed PWA’s domain. The open web in a generalized browser like Chrome on the other hand is too untrustworthy.

As for camera bumps, they’re all equally awful and I’d rather they just disappear entirely, even if that means thicker devices.

Rohansi 5 days ago

> I don’t want the browser to even be capable of it, because regardless of what permissions and security measures are put in place, someone is going to find a way around them.

You surely trust the permissions and security measures your phone provides to apps so what makes browsers worse in this area? Especially if you're using iOS where you only have Apple's web browser available to use.

Reply View 4 replies
  • cosmic_cheese 5 days ago

    Intent. Apps can only ever be installed by me, barring complicated exploit chains, while browsers can navigate without any input from me whatsoever. That serves as an extremely narrow funnel that vastly reduces surface area.

    This is also why I’m more receptive to installed PWAs being more capable. They’re both on the other side of my intent funnel and assuming a good implementation can’t ever navigate to domains that aren’t that PWA.

    Besides that, it’s just annoying for apps to be dressed in browser chrome. On macOS ever since Safari added the ability to install sites as PWAs, I’ve been making heavy use of those just to remove extraneous browser toolbar items and such. I don’t know how people can live with all their web apps in regular browser tabs, I’d go nuts.

    Reply View 3 replies
    • Rohansi 5 days ago

      Sure, browsers can navigate without your input, but what good would that do to bypass permissions? You can't use that to automatically grant your website permissions. And permissions are isolated to specific domains as if they were separate apps, so you can't just use permissions granted on domain A from domain B.

      Not everything needs to be a PWA. Yes, they're great alternatives to apps, but why should anyone be forced to install a PWA when they might only need to use the web app very infrequently? Or what if I just wanted to try some functionality out first? Installing is an unnecessary speed bump for these cases.

      Reply View 2 replies
      • cosmic_cheese 5 days ago

        Like I said, it’s surface area. It’s much larger in the case of the web since there’s any number of scenarios in which a user’s browser can be coaxed into running code that exploits a vulnerability that bypasses permissions and isolation (which is always possible by virtue of the browser being a privileged app, whether there are known exploits or not).

        This sort of thing can happen with installed apps too, but the likelihood overall is far lower, especially if selecting judiciously.

        The overwhelming majority of web apps don’t need filesystem access or similar special functionality, and thus users aren’t forced to install them.

        In my personal experience, if my interest level in an app is so low that I wasn’t willing to install it, I was never going to use it in the first place either because the app wasn’t compelling enough or I didn’t have any actual need for it.

        Reply View 1 reply
        • Rohansi 5 days ago

          You have the same risks with apps though. An operating system has an even larger surface area. Sure, you need to manually install apps, but once installed they will automatically update.

          Personally I would trust browser security far more than an OS simply because it is a much more desirable target to compromise. They're also built specifically to run untrusted code.

          Reply View 0 replies
dsr_ 5 days ago

It's so strange that we don't have cameras which have write-only access to the image spool, galleries that have read-only access to the image spool, and a file manager app that can handle delete requests from other applications with the intent system.

Reply View 0 replies