[sayhello]

We made sure that the activation of the API is gated by:

1) User Activation checks 2) When access to the file system is requested, a File Picker is necessary 3) When the API is in use, there are plenty of indication that it's being used

We put a lot of thought in Privacy and Security, as we do for all APIs.

[0xy]

From personal experience in my job, I've seen ad networks abusing the following APIs for privacy invasive fingerprinting:

- AudioContext API (introduced as recently as last year)

- Performance API

- Widevine DRM

- Speech Synthesis API

If you put a lot of thought into privacy and security, we certainly wouldn't be seeing this level of widespread abuse by ad networks.

Let's deep dive on AudioContext for a second.

Chrome's AudioContext API allows ad networks to pilfer latency information about the user's audio hardware (which is used in the wild for fingerprinting today) with zero user interaction, zero indication and zero approval. A web page that never plays audio (!!!) has access to this silently and without approval.

[anaganisk]

I feel dev's at Google, just turn blind eye, once a PM pitches an Idea, literally every API they build is abused by ad networks, and now they want us to believe native file system access is safe, and good enough to be allowed by default. I just want this to blow up and see how the same googlers defending this feature, come and answer again.

[or-gate]

> We put a lot of thought in Privacy and Security, as we do for all APIs.

but somehow, data is heavily harvested thru browsers(chrome), apps(android). Do you even test your APIs with a sample audience, like real tech ignorant people and see how they are blind to all those and just click yes, and don't care?

[inetknght]

> o you even test your APIs with a sample audience, like real tech ignorant people and see how they are blind to all those and just click yes, and don't care?

I am sure that's part of the feature.

[chromedev]

Data is easily harvested in Firefox and Safari too

[anaganisk]

Exactly, the focus must be on trying to mitigate it, not make it more easier.

[chromedev]

Should they block online email providers too because someone might send a phishing email?

[anaganisk]

Yeah so there are few dozens of ways people are getting spammed, why not lets add more ways. Here's an Idea let me write a blog post on how to make windows look cooler and ask my 12YO user to point me to their windows directory and let me use my API to inject my DLLs, none of the defenders of this API are not estimating the level of social engineering, and how dumb users can be, and also the reason why Android failed in terms of privacy.

[chromedev]

You forgot to read the part where they will block certain directories, and your 12 year old could easily install malware or give out his password, and Android did't fail in terms of privacy. Apple has failed by locking you into a closed-source ecosystem. Android is open source and has a lot of options, and a lot of open source apps you can review yourself and pick the best cryptography algorithms for password management, etc.

[imwillofficial]

Is that an argument in good faith?

[sriku]

If I disable the file system API, can an "is file system API available" check be used as a bit to fingerprint my browser?

[rasz]

Sure, currently you can fingerprint checking available free Storage API space for example.