|
|
|
|
|
|
by signal11
1776 days ago
|
|
|
Everything’s a trade off, but this one is worth trying imho. There are lots of things could be done to even the playing field. Eg require all browsers to come “out of the box” with with zero sites trusted. This would incentivise regular sites to not use heavy JS, if they knew they won’t be JITed by default. And by all means, if you use say Salesforce, by all means trust the site. But that tiny bit of friction is a good thing imho, analogous to running ‘chmod +x’ on Unix. In general, I think it’s time to say that browsers should have a more refined security model, and letting every darn site on the internet access to run code on your computer is maybe not a great idea. |
|
|