[numbsafari]

I wish pages like this had a way to specify, in the HEAD tag, that they are to be run in an additional sandbox with zero network access. That way, the user agent could render them in a special way to indicate to the user that it is safe to share data with the app.

Because nothing is stopping this app from updating its code after a few weeks in order to begin shipping data.

Of course, you can download the page and then use it off-line. Sure. But it'd be nice for a page author to communicate "I'm good, this page is self-contained and doesn't need any further access to the network, please let the user know."

Allowing a user to "pin" that status would similarly be great. Oh, and apply that or make it available to browser extensions.

[codedokode]

This would be great. However, maybe it is better to initiate sandbox via JS, after all necessary resources are loaded.

Also, maybe the user should be able to initiate offline mode for a single page.

[MzHN]

This may eventually come to life via Isolated Web Apps https://github.com/WICG/isolated-web-apps/issues/1 or for example via webpackage https://github.com/WICG/webpackage/issues/576

The first step along the way though is making actually secure web apps possible.

Aren't secure web apps already possible? Well, Signal among others thinks otherwise. See the Isolated Web Apps explainer for a full explanation https://github.com/WICG/isolated-web-apps

[Retr0id]

In terms of version-pinning, the next-best idea I can come up with is to deploy your app as an HTML file with a single JS script, using subresource integrity[0] for the script. (The rest of the HTML content would need to be dynamically inserted by said script)

The developer can still change the HTML file, but if they change the script it's easy(ish) to observe that the hash has changed.

GitHub recently introduced[1] an "artifact attestation" system, which is essentially a way to demonstrate that a particular build was built by a particular source tree (although the precise security properties are more subtle than I've summarized here). Combining these two things and writing a static "load the most recent version and verify its integrity" script could be interesting.

[0] https://developer.mozilla.org/en-US/docs/Web/Security/Subres...

[1] https://github.blog/2024-05-02-introducing-artifact-attestat...

[ChadNauseam]

I agree. This mode could even be enabled (but never disabled) via a javascript call. Once done, the browser could relax certain restrictions that are designed to prevent fingerprinting, since without network access I think most fingerprinting-related attacks become impossible