[denton-scratch]

> The browser is essentially the operating system

That's a fashionable observation; I think it's a kind of illness. The idea that you can take over anyone's computer, and make it do things the user doesn't want done, and doesn't know are being done, makes some web-developer's heads swim; they can turn the whole internet into a sort of distributed supercomputer for their own private use. WHATWG bears a lot of responsibility for this.

A real operating system doesn't download and execute code from unverified remote locations. Nearly every website nowadays tries to load and execute in the browser code from any number of remote locations, without the user's approval or even knowledge. By default, I only allow 1st-party JS, which I consider to be an extremely liberal policy.

[nolist_policy]

> A real operating system doesn't download and execute code from unverified remote locations.

Sorry, but that is pretty much the standard way to install apps on windows.

That the browsers execute untrusted code all the time and still are secure is an advantage of web technology.

[skydhash]

> Sorry, but that is pretty much the standard way to install apps on windows.

Maybe now, but when I was on XP and, later, Windows 7, you only had a handful of software you would use (I have all of them on a CD, and later on an HDD). Things like VLC, Notepad++, Codeblocks, Office, and others. It requires trust, but these programs did not phone home, AFAIK, every second. That's what we lost, trust in our computer and the software programs running on it. And now, it is a hostile relation between customers and software developers. I wasn't concerned about VLC tracking the file I opened with it, or Office scanning my documents.

[denton-scratch]

> That the browsers execute untrusted code all the time and still are secure

But they aren't secure. Most of that untrusted code is doing stuff that's of no value to the user, and is positively against the express interests of many users.