[danShumway]

> Every time some sort of device hardware is exposed to web applications, it needs to be rolled back in some way or the other because someone's found a way to use for fingerprinting.

This is odd to me. Do you think it's harder for a native app to fingerprint you? At least on the web I can block specific domains or scripting in general.

A native app will always be a net loss for privacy and sandboxing.

[saagarjha]

No, of course it's a lot easier for a native app can fingerprint you. The difference is that with native apps, I can trust that someone has already looked at this app to ensure that it's not doing anything malicious. Plus, I, myself, have to install the app, which shows that I put my trust in it.

[danShumway]

I used to have this perspective, but recently I've started to find it problematic.

Curation, while effective, is always a monkey patch on top of security. Ideally, I want to sandbox code. I don't want to have to trust it. I think it's unnecessarily limiting to assume that users should only ever run code that they trust.

In fact even native apps already try to do some sandboxing through a permission model. It's just that their permission model is less effective than the web, gives users less control, and leaks more information.

I'm also not sure that this matches my real world experience. I might use Facebook messenger or Twitter on my phone's browser. Installing something like Matrix makes me feel even better about that. I would never install their native app.

In theory I trust apps more than websites, but in practice I find that I usually view the app store with just as much suspicion as I do a random website.