[qz3]

On a desktop app, you can see what kind of request the program makes and which servers it contacts. With a webapp, you'll never know what the app does.

[alimbada]

You can do the same in your browser by opening the developer tools and in fact it comes built in to the browser whereas on a desktop you'd have to install another app like Wireshark/Fiddler to see those requests.

[stephenr]

That only tells you what your browser sends to their server. It doesn't tell you what connections their server makes.

[crystaln]

Nothing will. The vulnerability of what happens to your data after it is sent to a third party is the same for any app, web or native.

The biggest difference is that it's way easier to see where you're data is being sent in a browser, since it has built in tools. It's very hard to monitor native app traffic that is sent over SSL.

[stephenr]

When the app is native there no requirement for a third party server.

You, Your mail (provider) server.

Vs

You, the server hosting the web app, your mail (provider) server.

[crystaln]

How so? It's quite simple to tell what a web app does in my understanding. Chrome has many good monitoring tools.

[dillondoyle]

The webapp can send your data wherever once it has the data, chrome won't log http requests if they were made server to server etc

[gsich]

A native application can do that too.

[methyl]

Isn't it the case for any app?

[Qwertie]

The logic is a native app can make a direct IMAP connection to the mail server and you can check it is doing so where as a web app has to send the login details to a server which does IMAP for the client and you can not see this last part.

[pritambaral]

> With a webapp, you'll never know what the app does.

Unless you run uMatrix or uBlock Origin (same code in both as far as this feature is concerned), of course.

[progx]

Nonsens. Every traffic can be monitored, web app or native app, that is not important.