You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Web apps try to keep feature parity with native apps and that’s a good thing. Local file access, USB device access, network access, and control over camera and microphone are great features, but they can also be abused by rogue site. If there’s a big enough breach of public trust, it could undermine the whole web ecosystem.
If a web app wants sensitive privileges, there should be a means by which some authority, perhaps the browsers, review and vet that code, similar to how it happens in app stores for other software. Additionally, it would be useful to have some means of validating whether the code accessing these sensitive APIs has changed and may no longer be trustworthy.
I recognize this is challenging as the content exists on the web as opposed to in a package or binary, but this is an area worth exploring for the privacy and security of our users.
This discussion was converted from issue #172 on December 04, 2020 22:39.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Web apps try to keep feature parity with native apps and that’s a good thing. Local file access, USB device access, network access, and control over camera and microphone are great features, but they can also be abused by rogue site. If there’s a big enough breach of public trust, it could undermine the whole web ecosystem.
If a web app wants sensitive privileges, there should be a means by which some authority, perhaps the browsers, review and vet that code, similar to how it happens in app stores for other software. Additionally, it would be useful to have some means of validating whether the code accessing these sensitive APIs has changed and may no longer be trustworthy.
I recognize this is challenging as the content exists on the web as opposed to in a package or binary, but this is an area worth exploring for the privacy and security of our users.
https://webwewant.fyi/wants/89/
Beta Was this translation helpful? Give feedback.
All reactions