|
|
|
|
|
|
by ashelmire
2525 days ago
|
|
|
Which do you think is more potentially damaging? 1) Using a website which has had its server code compromised (slack). 2) Installing and using an application which has had its code compromised (maybe also slack). The installed application is going to have more access and potential to damage your system and to compromise your data. There's not really anything more to it. One's in a browser sandbox and limited by browser capability, the other can do literally anything it wants. |
|
|
you're talking about dodgy (potentially compromised) software: better run in the browser sandbox (albeit imperfect) than natively.
I was thinking of sensitive software (eg secret chats) I want to protect from attack: better run natively than in the (imperfect) browser sandbox.
In the context of this discussion (Slack), your threat model probably makes more sense.