Hacker News new | ask | show | jobs
by goblin89 652 days ago
Untrusted by default is a feature. No user would be able to protect themselves, unless perhaps they are a highly trained security expert always on alert, which is not a thing.

This is not the exciting early days of the interwebz where script kiddies run amok and it’s mostly for the geeks anymore, it’s where government-affiliated gangs are launching ransomware attacks on critical infrastructure in order to finance nuclear programs. Accessing arbitrary resources on your local machine is how that happens.

Web apps, given a modern browser, naturally have stricter sandboxing, but native apps are treated as untrusted on any modern OS, too. If I launch anything new, the dialog will have me confirm before it accesses anything other than its isolated app data directory.
1 comments
aumerle 652 days ago
I dont run a single native application across five operating systems that requires a popup nag to access the clipboard or that is unable to put any data other than text, html and PNG on the clipboard.
link
goblin89 652 days ago
Every mobile OS from Apple would show a popup if an app tried to access clipboard without your explicit pasting. Obviously, if you tapped “paste” then popup would be unnecessary since you would be approving your own action, not app’s action.

It is somewhat crazy that macOS doesn’t do that yet.

But the comment I replied to was talking in general terms. Yes, for some APIs native apps are for now more trusted than Web apps, depending on the OS, but the trend is that they are becoming less and less trusted.

link
aumerle 652 days ago
If you mean mobile OSes sure, I can agree with you they are becoming worse with time. OSes for real computers, not so much.
link
goblin89 651 days ago
I mean all consumer operating systems, and they are becoming better unless you stick to old and vulnerable versions.
link
aumerle 643 days ago
Again, no non mobile OS prevents native applications from using the clipboard as it should be used. And none of them show any signs of changing that.
link
goblin89 643 days ago
Are you saying native apps are less well sandboxed than web apps? Because that is exactly what I said. But they are getting there, and that is good.
link