← Back to context

Comment by evgen

5 years ago

I am less likely to accidentally give you permission over my computer to do shady shit if I am forced to install an app vs happen to click the wrong link on my browser.

The difference is intent. By installing Chrome I do not intend on giving up every last bit of privacy and control over my computer, they just want to trick me into doing so by stuffing functionality into web APIs that should never have been web APIs in the first place.

10 comments

evgen

Reply
MaxBarraclough  5 years ago

I don't follow this line of thinking at all.

If you're questioning whether they're trustworthy, you should be going out of your way to avoid installing their native app, preferring a web-based solution instead.

> By installing Chrome I do not intend on giving up every last bit of privacy and control over my computer, they just want to trick me into doing so by stuffing functionality into web APIs that should never have been web APIs in the first place.

Is Chrome really so bad about accidentally granting privileges (webcam, say) to websites?

Perhaps there's a more privacy-oriented browser that lacks such functionality entirely? Sounds like a good idea, come to think of it.

  • evgen  5 years ago

    That is just the point. I can avoid installing their native app, but it is much more difficult to opt out of these insidious and unnecessary web APIs. This is especially the case when the leading browser happens to be created by a data collection company.

    Yes, Chrome is bad at managing privileges and leaking data back to Google and any other web site that is smart enough to know how to ask for it. Avoiding browsers that implement this and shaming sites that use the APIs is apparently the approach that will be necessary going forward.

    • MaxBarraclough  5 years ago

      > it is much more difficult to opt out of these insidious and unnecessary web APIs

      I don't know what you mean by this. A native app has far more access to your machine than a website has. If you've installed untrusted native code, it's game over.

      Are you thinking of web-trackers like the infamous Facebook 'Like' button tracking you around the web? We have a solution to that, and it doesn't involve trusting native apps. Firefox Containers sound like just the ticket. [0]

      > This is especially the case when the leading browser happens to be created by a data collection company.

      > Avoiding browsers that implement this and shaming sites that use the APIs is apparently the approach that will be necessary going forward.

      As far as I know Chrome doesn't leak browsing data back to Google any more than any other browser, not counting features like auto-complete. If you want a Google-free browser, though, you can either go with Firefox, or a Firefox derivative, or go with an alternative like 'ungoogled-chromium' [1]

      As for shaming, I have very little confidence that this could work. The 'cookie law' gave websites the choice between not using tracking cookies, or showing a popup announcing to the user that the website uses tracking cookies. In response, virtually the entire web now shows a popup announcing their use of tracking cookies. Many of us thought the law would have a sort of shaming effect, but it didn't.

      edit I'm ignoring the option to click the 'Deny' button that the popups are required to give. I wonder how many people click to deny. I don't think I've ever seen hard numbers.

      [0] https://news.ycombinator.com/item?id=18053079

      2 replies →

azangru  5 years ago

> The difference is intent. By installing Chrome I do not intend on giving up every last bit of privacy and control over my computer

You make it sound as if Chrome will expose your private data and the control over your computer to everyone who cares to use it.

Aren't you in control over what you allow to access on the per-site basis?

  • evgen  5 years ago

    > Aren't you in control over what you allow to access on the per-site basis?

    You mean the same way you are in control over what data tracking you allow and what cookies can be set on a per-site basis? In theory perhaps, in practice no.

    • azangru  5 years ago

      > You mean the same way you are in control over what data tracking you allow

      I am still confused. How is it different from the native app situation? How can you be sure which of your data is being tracked by the Facebook app, or Twitter app, or Instagram app, or whatever the cool kids use these days?

      1 reply →

bagacrap  5 years ago

A native app, once installed, basically owns you. With a web app you have to explicitly grant permission for each and every API (of the kinds listed in TFA at least). Are you in the habit of accidentally clicking "accept" in a series of permission prompts? Even if the answer is yes, it's ok, as it's very easy to revoke the permissions in your browser.

There's no way you can argue that a single "grant all permissions" step is more privacy friendly than fine grained permissions.