Hacker News new | ask | show | jobs
by dmitriid 1575 days ago
> Many of those harmful reasons are dealt with

Yes, they are being dealt with because Safari and Firefox are persistent. Chrome just releases them.

> where does it differ that much from normal apps

"Hey, we know that native apps are a nightmare for privacy and security, why would you oppose making the web more like native " isn't a good argument
2 comments
danhab99 1575 days ago
Webapps are already protected with the same privacy and security protocols the browser imposes on webpages. What can a native app possibly do that's such an egregious invasion of privacy that a webpage can't do? Filesystems are encapsulated, hardware apis require permission, and cameras now have a nice active indicator. What can anything possibly do anymore that hasn't been fixed in all of web2?
link
dmitriid 1575 days ago
> Webapps are already protected with the same privacy and security protocols the browser imposes on webpages.

Yes. And Bluetooth/USB etc. pierce that sandbox and communicate to devices outside the browser.

And no, you can't "fix it" with a simple "oh hey this page wants to access a device".

Hint: we can't successfully ignore prevent people from phishing sites and scammers, but sure, let's give an untrusted execution environment full access to everything.

> What can a native app possibly do that's such an egregious invasion of privacy that a webpage can't do

Webpage doesn't have full access to file systems (and Chrome wants to give full access to file systems), or to USB/Bluetooth/etc. (and Chrome wants to give full access to that), and...

Once again. "Hey, we know that native apps are a nightmare for privacy and security, why would you oppose making the web more like native " isn't a good argument".

Also, hint: native apps exist beyond mobile.

Also, hint on filesystems: even though they are encapsulated, that encapsulation differs greatly between systems, and having, say, full access to cloud files is just as bad.

link
autoexec 1575 days ago
> Webapps are already protected with the same privacy and security protocols the browser imposes on webpages

You can disable commonly abused/exploited things like service workers and still use most websites just fine, while a webapp might depend on having that functionality enabled reducing your security when using websites and webapps.

> What can a native app possibly do that's such an egregious invasion of privacy that a webpage can't do?

Harvest your contacts? (unless that's changed)

link
drcongo 1575 days ago
I thought I was going mad reading the previous comments. Thanks for bringing the sane.
link