[app4soft]

> Because you'd have to download an app like this and then trust that it won't install malware or spyware or do anything else malicious.

How you would check that web app, which JavaScript/WebAssembly source/binary should be firstly loaded into your browser from 3rd-party website, would not "install malware or spyware or do anything else malicious"?

[phailhaus]

Modern browsers are pretty secure nowadays. By comparison, you have pretty much zero guarantees about an app you install onto your computer. The only concern is that these browser apps are quietly sending your files elsewhere, but this is easily inspectable via the dev tools.

[app4soft]

> Modern browsers are pretty secure nowadays.

Just few examples of "pretty secure modern browsers nowadays".[0,1]

[0] https://bugs.chromium.org/p/chromium/issues/list?can=1&q=lab...

[1] https://techdows.com/2020/05/mozilla-halts-firefox-76-rollou...

[Reelin]

To be fair, modern OSes are quickly catching up in this regard. WASM is also increasingly available for use as a native sandbox. Examples: (https://github.com/WAVM/WAVM) (https://github.com/bytecodealliance/lucet)

[StillBored]

Or you just run the installer in a sandbox/container, as has been possible for at least a decade in all major OSs

Sandboxee was released in 2004, and there have been various bits of registry journaing/snapshot software since the late 1990's which combined with NT ACLs could provide at least as much security as your getting out of a browser sandbox.

Browsers have an absolutely huge sandbox surface and lack even the most basic of fine-grained security controls out of the box. Enabling even basic restrictions to avoid fingerprinting has turned out to be difficult. How you do you know (particularly with firefox) that one tab isn't actively picking out data from another tab open to your banking site. Much less the problem with malicious javascript being injected via the ad frameworks.

Browser security is pretty much a joke.

[phailhaus]

> Or you just run the installer in a sandbox/container, as has been possible for at least a decade in all major OSs

The level of technical know-how necessary to accomplish that is astronomical compared to "here's a link," especially since it's cross-platform out of the box. That's why it's a no-brainer: any sane person is going to prefer that over installing untrusted software. Basically zero users know about the sandboxing solutions available for their system, much less willing put in the effort to Do It Right.

[alex_duf]

That's as trustworthy as your web browser, which is pretty good at sandboxing nowadays.

[app4soft]

Has you ever read changelogs of Firefox & Chrome/Chromium? There are tons of issues documented related to sandboxing & security each new release happen.

[LargoLasskhyfv]

So are the changelogs of native applicatons, and/or the libraries they are embedding.