← Back to context

Comment by noirscape

6 hours ago

Browsers have an absolute insane level of relatively unchecked permissions to do whatever they want on a client.

There's a lot of effort by browser developers to scope creep the browser into essentially being an OS-agnostic tech stack (one where, conveniently, code can be shipped across the network "as necessary", removing a lot of user agency for the software being ran); Chrome being the biggest driver of this, while Firefox has an extremely weak spine in trying to limit it.

It's fairly dire and I wouldn't be surprised if there's a lot more of these side channel attacks in a lot of web APIs.

9 comments

noirscape

Reply
rayiner  3 hours ago

Now that we have AI, can we go back to real apps and native tech stacks? And revert the browser to a text-display interface?

  • VMG  2 hours ago

    Unfortunately, real apps and native tech stacks can not only write data to your SSD, they can usually write data to the user directory however they want and they can read it as well!

    Browsers are at least somewhat sandboxed

    • rayiner  1 hour ago

      But you need relatively few native apps with those capabilities, in contrast to visiting many different websites for content consumption.

    • hollerith  1 hour ago

      This is a Linux-centric take. It does not apply for example to iPadOS or to AluminiumOS (coming soon to a Googlebook near you). It applies less and less over time to MacOS.

      Yes, if one is committed to the standard Linux desktop, then one must hope that any proprietary apps one might need will continue to be available through the browser, but I'm ready to let the standard Linux desktop go (not right now, but eventually).

  • freedomben  2 hours ago

    > can we go back to real apps and native tech stacks

    Please God, no. If you're worried about the invasiveness of browser-based apps, native is out of the frying pan and into the fire

noelwelsh  3 hours ago

It's also the technology that will allow software to run without a continuous connection to the server. If you want to break out of a world where companies own your data it's the tech that is needed.

Tangurena2  3 hours ago

Flash ended up getting blocked/banned by all browsers because it turned into a giant gaping security hole.

> By January 2021, all major browsers were blocking all Flash content unconditionally.

It looks like we-the-users need to be blocking any and every one of these parasites.

https://en.wikipedia.org/wiki/Adobe_Flash

  • Narishma  2 hours ago

    I have a feeling they may have pushed for that more because it was controlled by a third party, and not the browser developers themselves.

veunes  1 hour ago

The uncomfortable part is that each step is usually justified by a real use case