[MajesticHobo]

Aren't those already sandboxed browser-local filesystems?

[keeperofdakeys]

The browser can still access your disk though, so any vulnerability in your browser means arbitrary access. An example from last year https://blog.mozilla.org/security/2015/08/06/firefox-exploit.... That's the reason that I decided to use firejail myself.

[MajesticHobo]

Okay. So it's a protection against browser exploits, not overreaching web APIs.

[koolba]

Good security has layers. That way if one falls through, hopefully the next layer will catch it.

[cm3]

It's more a boundary for the browser not to pass because it has no business. I've seen an alternative approach which used a separate user account for Firefox and then SSH forwarding of X.

[cm3]

WebTorrent is something I'm afraid to try due to the laws in the place I live and nobody answered me when I asked if WebRTC p2p connections first show a permission popup like Microphone or Speaker access. I don't know how the file access APIs work in JavaScript, but it's scary to think a random website could have a random JS snippet that uploads a file from $HOME.

[orf]

There will of course be a permission pompt.

[cm3]

Come to think of it, why doesn't a WebRTC connection on something like appear.in prompt for Network permission?

[cm3]

Good to know, I might try it the next time I'm in another country.