Comment by cosmic_cheese
5 days ago
I’d prefer the photo organization behavior you describe, but I don’t want websites to ever be dipping into the local filesystem outside of heavily siloed areas reserved for web apps exclusively. I don’t want the browser to even be capable of it, because regardless of what permissions and security measures are put in place, someone is going to find a way around them.
The only exception I can see making for filesystem access is for PWAs explicitly installed by the user, and even then there should be restrictions in place like limiting access to scripts loaded from the installed PWA’s domain. The open web in a generalized browser like Chrome on the other hand is too untrustworthy.
As for camera bumps, they’re all equally awful and I’d rather they just disappear entirely, even if that means thicker devices.
> I don’t want the browser to even be capable of it, because regardless of what permissions and security measures are put in place, someone is going to find a way around them.
You surely trust the permissions and security measures your phone provides to apps so what makes browsers worse in this area? Especially if you're using iOS where you only have Apple's web browser available to use.
Intent. Apps can only ever be installed by me, barring complicated exploit chains, while browsers can navigate without any input from me whatsoever. That serves as an extremely narrow funnel that vastly reduces surface area.
This is also why I’m more receptive to installed PWAs being more capable. They’re both on the other side of my intent funnel and assuming a good implementation can’t ever navigate to domains that aren’t that PWA.
Besides that, it’s just annoying for apps to be dressed in browser chrome. On macOS ever since Safari added the ability to install sites as PWAs, I’ve been making heavy use of those just to remove extraneous browser toolbar items and such. I don’t know how people can live with all their web apps in regular browser tabs, I’d go nuts.
Sure, browsers can navigate without your input, but what good would that do to bypass permissions? You can't use that to automatically grant your website permissions. And permissions are isolated to specific domains as if they were separate apps, so you can't just use permissions granted on domain A from domain B.
Not everything needs to be a PWA. Yes, they're great alternatives to apps, but why should anyone be forced to install a PWA when they might only need to use the web app very infrequently? Or what if I just wanted to try some functionality out first? Installing is an unnecessary speed bump for these cases.
2 replies →
It's so strange that we don't have cameras which have write-only access to the image spool, galleries that have read-only access to the image spool, and a file manager app that can handle delete requests from other applications with the intent system.