Comment by kajika91

1 day ago

Yes we should run URL-unaware manager, but nearly no one understand security, especially in browser. Let's see the permission asked for the #1 manager in firefox (Authenticator):

  Input data to the clipboard
  Access your data for sites in the dropboxapi.com domain
  Access your data for www.google.com
  Access your data for www.googleapis.com
  Access your data for accounts.google.com
  Access your data for graph.microsoft.com
  Access your data for login.microsoftonline.com

Yep! And #2 (2FAS Auth):

  Display notifications to you
  Access browser tabs
  Access browser activity during navigation
  Access your data for all websites

Even better, maybe at one point web browser can get their sh* together and build better permission system (and not just disable functions like manifest v3). For now the majority of people trust opaque organization shoving them unknown code their run with way too many permissions on their computers.

Talking about unknown code there is a lot of work to be done on reproducible build as anything touching web has nearly nothing about it.

0 comments

kajika91

No comments yet

Contribute on Hacker News ↗