Hacker News new | past | comments | ask | show | jobs | submit login

I can't help but think that this was made possible by the complete collapse in common UI standards. 'Apps' have stopped being OS-toolkit apps and moved onto the web, and of course each designer needs to have their own special on-brand widget style. This has leaked onto the few remaining desktop apps: Chrome rejects the standard Mac OS widgets and reimplements everything, from buttons to the print dialog. Spotify does its own thing. And lest we think Apple has much respect for UX, iTunes is a mess. I genuinely can't use it.

The result is that users have been trained not to expect consistent UI paradigms. Every UI is hunt-and-peck. And that paves the way for this kind of exploit.




I don’t see what relation this rant has to the op. Surely the issue here is nothing to do with the ui displayed and more to do with the fact that it is possible to fake the browser ui. Even if chrome were using traditional controls on a desktop, one could imagine an exploit where clicking a malicious link puts the browser in full screen mode (most browsers only accept being put in full screen mode from event handlers for user interactions like clicking), and displays a fake browser ui inside.

This was anticipated and partly avoided by a reasonably large modal which pops up to tell you you’re in full screen mode, and disappears after a few seconds.

Another similar exploit on desktop was to set the cursor of the page to be a very large image which would overlay the browser chrome and put some fake information there.

The issue on mobile could perhaps be reduced by having some amount of ui that doesn’t go away (safari does this in portrait mode). Another help could be to not make the ui disappear (or make it reappear) when this kind of scrolling an iframe situation arises


Um, what? Standardization of UI is what makes this type of thing feasible large-scale, not the collapse of standardization.

Even just in this case - making it look like Chrome mobile results in a different bar than Firefox mobile. If they converge more though it'd take less effort to hit more people.


> 'Apps' have stopped being OS-toolkit apps and moved onto the web, and of course each designer needs to have their own special on-brand widget style.

Which is also why they are so abombinally large. Picking on Skype, but they are by no means the only or worst, the Android app is 71MB. There is no sane reason it needs to be that large except for all of the custom assets and custom widgets.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: