Hacker News new | past | comments | ask | show | jobs | submit login

> I don't know who invented that "As a user" thing, but I find it completely stupid. In my view it is just used as a justification for anything one wants when they don't have a better argument.

> "As a user", I want to own the product I pay for.

Ironically, you're the one who lacks a concrete argument, which is why you're attacking the wording of my statement, rather than the substance of it. You're honing in on the first three words of my sentence, because you can't debate the argument on its merits. You then use the exact same wording in your final sentence, but encase it in quotes as if that somehow absolves you of your hypocrisy. Given that this website is frequented by software developers, I think there's a useful distinction to be made between thinking about problems in terms of their development, versus thinking about them in terms of their utility to end users.

> Not at all, I was just giving a real-world example of sandboxing of apps at scale.

It would be charitable of me to call it a "real-word example". You simply said "Android does that sandboxing by default", without a single supporting statement or example, despite your so-called extensive knowledge of sandboxing.

> If your baseline is sending a full web browser with every app you make, on desktop you could run each app in a VM and it would obviously be better.

No one is "sending a full web browser with every app you make". Browsers come preinstalled on every popular operating system.

> An app can't make a request unless it has the internet permission, what's your point?

What in the world is "the internet permission"? I've never had an operating system ask me if I'd like to grant an app "the internet permission". Have you operated a computer before?

> Do you know anything about sandboxing, or are you throwing that there for the sake of the argument?

> Oh right, I guess you don't really know about sandboxing then. So it won't be a super constructive debate given that your position is apparently fundamentally based on your intuition about sandboxing.

As someone who's written both web apps and desktop apps, I do in fact know a considerable amount about sandboxing. Do you know anything about sandboxing? You're questioning my knowledge to deflect from your lack of a coherent rebuttal. What exactly have you written during this conversation to demonstrate your comprehensive knowledge of sandboxing? You're concluding that I lack knowledge on sandboxing because I admitted to not having single-handedly written an operating system or web browser? Really? Are you writing an OS in your free time when you're not writing about the mysterious "internet permission"?

> My point is that webapps move everything into the browser, going towards a world where something like ChromeOS is the only valid way to use a computer. I want to choose my OS, I don't want to rent an OS provided by BigTech

You've got it backwards. If I want to add support for users running a free open-source operating system like Linux, as a web app developer I don't have to do anything special. Linux can run web browsers, and therefore it can run web apps. Case in point is Photoshop. Neither Photoshop nor the rest of the Adobe Creative Suite runs on Linux, but the Photoshop web app does, because web apps are universal. There's a reason why Apple took years to finally add push notification support to iOS web apps, because web apps threaten the mobile operating system duopoly.




> Ironically, [...] You then use the exact same wording in your final sentence

Thanks for explaining to me what I did ;-).

> You simply said "Android does that sandboxing by default", without a single supporting statement or example

Are you questioning the fact that Android apps are sandboxed? If yes, you may need to do some reading on your own. I am not here to teach you how Android works.

> No one is "sending a full web browser with every app you make".

All the webapps that try to look like Desktop apps have to ship a browser with them. You mentioned VScode, right?

> What in the world is "the internet permission"? I've never had an operating system ask me if I'd like to grant an app "the internet permission". Have you operated a computer before?

Oh come on... you just don't have the slightest idea how native apps work, do you? It's literally called "android.permission.INTERNET". Have you ever tried something not web?

> Are you writing an OS in your free time when you're not writing about the mysterious "internet permission"?

As a matter of fact, not an OS but embedded distributions. That... wait for it... use sandboxing. Do I need to get back on the "mysterious" internet permission? Wait, here's a link to help you: https://developer.android.com/develop/connectivity/network-o....

> as a web app developer I don't have to do anything special.

Not even Google "Internet permission" before dismissing someone's point. I love that kind of webapp developers.

> because web apps threaten the mobile operating system duopoly.

They threaten every platform by making everything a ChromeOS system (no, not literally ChromeOS, but something based more and more around Chromium, which is owned by Google).


> Thanks for explaining to me what I did ;-).

You're welcome.

> Are you questioning the fact that Android apps are sandboxed? If yes, you may need to do some reading on your own. I am not here to teach you how Android works.

I'm not questioning whether or not Android apps are sandboxed. I'm questioning how well they're sandboxed relative to web apps, which is why I gave you several examples of capabilities that a native app has that a web app does not. You're losing the thread of the conversation.

> All the webapps that try to look like Desktop apps have to ship a browser with them. You mentioned VScode, right?

> Not even Google "Internet permission" before dismissing someone's point. I love that kind of webapp developers.

I never said anything about VSCode. You can't even remember what we've talked about. I love that kind of commenter. We're not talking about desktop apps that use web technologies vs desktop apps that don't. We're talking about desktop (and now apparently mobile) apps vs web apps that run in the browser. Allow me to quote your original comment that I replied to as a memory refresher: "I, for one, don't want them rendered in my browser. I have an OS that can run apps, and I want my browser to be an app that renders simple HTML pages." This is what we are debating. You want to shift this conversation into a flamewar about desktop apps built with Electron, because you know your actual argument has less merit. This whole conversation has consisted of you shifting goal posts, and retreating to a lesser version of your original argument. I'm still waiting for you to compare the security of desktop apps to web apps, which was my entire original point.

> Oh come on... you just don't have the slightest idea how native apps work, do you? It's literally called "android.permission.INTERNET". Have you ever tried something not web?

I'm talking about permissions that a user has to intentionally grant via an explicit prompt, not a list of bullet points that appear to a user if they happen to view an app's detail page [1]. Your own link explains it best: "Note: Both the INTERNET and ACCESS_NETWORK_STATE permissions are normal permissions, which means they're granted at install time and don't need to be requested at runtime."[2]

But you were actually responding to my comment about CORS when you brought up "the internet permission", which unlike the coarse grained permissions that most operating systems offer allows any website to prevent any other website from accessing its resources. Which means I can't use a web app to form a botnet that attacks some innocent server, unless that server explicitly allows it via a CORS header (and also ignores the incoming origin header). A desktop app can connect to any domain it wants, and can even directly connect to the server's ip and impersonate a legitimate client by forging the origin and user-agent headers.

> They threaten every platform by making everything a ChromeOS system (no, not literally ChromeOS, but something based more and more around Chromium, which is owned by Google).

No...they don't. Have you forgotten that Firefox and Safari exist, or should I send you a link to their home pages? But even if we put that aside, during this entire discussion you've been championing Android which is...wait for it... developed by Google. Please tell me you're being intentionally obtuse?

[1] https://developer.android.com/guide/topics/permissions/overv....

[2] https://developer.android.com/develop/connectivity/network-o...


> But even if we put that aside, during this entire discussion you've been championing Android which is...wait for it... developed by Google.

I am not AT ALL saying that we should push for Android everywhere. I am just saying that Android (and iOS, but I don't know the details of how iOS works) are sandboxing apps. I don't think security is an argument for PWA. The argument for PWAs is "I know webtech and it would be cheaper if everything ran in Chromium".

Be assured that if the discussion was about using Android everywhere (web, mobile, desktop), I would be against it as well. I don't want a one-size-fits-all solution, because it usually doesn't fit that well, and it kills diversity.


> but I don't know the details of how iOS works

Oh right, I guess you don't really know about iOS sandboxing then. So it won't be a super constructive debate given that your position is apparently fundamentally based on your intuition about iOS sandboxing. Remember that line [0]?

> I don't think security is an argument for PWA. The argument for PWAs is "I know webtech and it would be cheaper if everything ran in Chromium".

Security is MY argument for distributing software in the browser vs as a desktop or mobile application. If you refuse to engage me about the point I'm making, then you're arguing against a straw man, which ultimately indicates that you just don't have a strong rebuttal, which is what I've been saying since the very beginning [1].

> Be assured that if the discussion was about using Android everywhere (web, mobile, desktop), I would be against it as well. I don't want a one-size-fits-all solution, because it usually doesn't fit that well, and it kills diversity.

So you're an Android developer who's mortally afraid of Google hegemony? That's some next level cognitive dissonance. If you're afraid of Google dominance, I'm sorry to tell you this, but Android is their best tool for accomplishing that goal. The EU fined them 5 billion in 2018 over this, and told them to stop "forcing manufacturers to preinstall Chrome and Google search in order to offer the Google Play Store on handsets. Google will also need to stop preventing phone makers from using forked versions of Android" [2]. You're afraid of the influence of Chrome, and want people to develop directly for Android, but Google is using their Play Store and all of its Android apps as leverage to force manufacturers to preinstall Chrome (and Google search). Android apps give Google the leverage to force Chrome down everyone's throats.

You're afraid of a Google browser monoculture, and don't think Firefox and Safari present enough competition, and your solution is for people to develop apps directly for Android and iOS, where there's even less competition? And by the way, the only competition Android has is a closed source operating system (iOS) that doesn't even allowing sideloading apps or competing app stores. If web apps were more popular we wouldn't have a mobile duopoly (iOS and Android), or a desktop duopoly (Windows and macOS), because the web is an open platform and there are web browsers on every operating system (including desktop Linux, the various BSD variants, Ubuntu Touch, et cetera). This is why I told you a long time ago that you've got it all backwards [3].

[0] https://news.ycombinator.com/item?id=38913989

[1] https://en.wikipedia.org/wiki/Straw_man

[2] https://www.theverge.com/2018/7/18/17580694/google-android-e...

[3] https://news.ycombinator.com/item?id=38917623#:~:text=You%27....


Alright, let's take a step back. First, I am not a mobile developer. I was mentioning Android as an example of sandboxing outside the browser (mobile developers don't have anything to do with that sandboxing). Other examples include whatever iOS does (which I don't know), containers (docker and the likes), VMs, and everything in-between (like what snap or flatpak use). My point there was that running code in a browser is not - and by far - the only way to do sandboxing.

Sandboxes usually have to give permissions, with some granularity. The more permissions you give, the larger the attack surface. There is nothing that makes browsers inherently safer than other sandboxes: a browser is just a process running in user space. If anything, modern browsers are so complex (and getting worse with time) that the attack surface is big, which is why they require a ton of resources in terms of security.

Moreover, Web UIs bring their own class of issues that don't really apply to native apps. You insisted on CORS, which is one mitigation for some of those issues. But CORS is really a browser thing, I don't think it really makes sense to compare it to anything outside the "webview world".

If security is your concern (and you seem to insist that it is), then webapps are really not better than the alternatives. Actually, the Apple Store and the Play Store (to give an example in the mobile world) allow Apple and Google to somehow monitor the apps that users install, which is most certainly more secure than a model where anyone can load any webapp from any website.

I see many reasons to want PWAs (which I may or may not share), but security is not one.


> Alright, let's take a step back. First, I am not a mobile developer.

I think you're whichever kind of developer your current position requires. You've been talking about Android non-stop throughout this conversation, and conversations you've had with others on this website [1]. When you were lambasting me about my perceived knowledge of mobile development you were touting your Android knowledge, and taunting me about whether or not I've done anything outside the web. Now that I've proven Android is actually one of the primary tools Google uses to promote Chrome (and you admitted you don't know much about iOS) you want to distance yourself from mobile development altogether.

> Other examples include whatever iOS does (which I don't know), containers (docker and the likes), VMs, and everything in-between (like what snap or flatpak use).

We're not discussing theoretical means with which you could sandbox an application, we're talking about how apps are actually used in reality. If you need to fire up a virtual machine every time you use your favorite desktop apps, then you're only proving my point that they're not inherently very secure. Not to mention, the average user probably has no idea what Docker or a virtual machine even is. Like I said in my original response, lots of things are possible in theory, but in practice web browsers are much better at sandboxing apps than desktop operating systems (and even better than mobile operating systems). And by the way, you can run a browser inside of a vm too, so if anything the technologies you're advocating for bolster the security of web apps rather than compete with them.

> If anything, modern browsers are so complex (and getting worse with time) that the attack surface is big

Ironically, a lot of that complexity arises from the web's insistence on security. V8 is complex because it has so many safeguards in place to sandbox JavaScript, and that sandboxing is taken very seriously. There's a reward anywhere from 10,000 to 150,000 USD if you can escape the sandbox [2][3]. Browsers are inherently more secure than desktop apps because they limit access to the underlying platform. Someone developing malware as a web app has to first escape the browser sandbox, just to gain the privileges that a desktop app has natively. If it helps, you can think of every desktop app as a webapp which has already escaped the browser.

> Moreover, Web UIs bring their own class of issues that don't really apply to native apps.

No, web developers have just spent so much time thinking about security, that native app developers haven't even realized these security issues are relevant yet. It took years for Apple and Google to come to the brilliant conclusion that they should notify users when an app is reading from the clipboard, something which at the time was considered just a browser "class of issue". Maybe in 2034 they'll figure this out for desktop apps.

> But CORS is really a browser thing, I don't think it really makes sense to compare it to anything outside the "webview world".

It makes sense to compare it to things outside of the browser because it protects users and servers. You seem to want to disqualify any point I make that you can't disprove. If you don't think web technology is comparable to anything outside the browser, then what are we even arguing about? This whole discussion has been about comparing the security of web apps to non-web apps.

> If security is your concern (and you seem to insist that it is), then webapps are really not better than the alternatives. Actually, the Apple Store and the Play Store (to give an example in the mobile world) allow Apple and Google to somehow monitor the apps that users install, which is most certainly more secure than a model where anyone can load any webapp from any website.

Security is not some new thing I'm insisting on, it's been my whole point from the very beginning. You're just finally deciding to engage with me about it, instead of derailing the conversation constantly. Apple and Google have to monitor which apps make it to their app stores, BECAUSE apps are so much more prone to security problems. You once again have it completely backwards. No one has to gatekeep websites because browsers are so much better at sandboxing applications. And allow me to remind you that you admitted you have no idea how iOS sandboxing works, so you can't really be confident about this stance even if it did make sense.

And now you're arguing in favor of the app store duopoly which contradicts your point about software diversity. You can't have it both ways. You're trying to hold on to two contradictory points at the same time: you don't like the supposed lack of browser diversity (which is why you seem to detest Chromium), but you like the supposed security guarantees of the mobile app store duopoly, which is even less diverse.

[1] https://news.ycombinator.com/item?id=38919389

[2] https://github.com/google/security-research/blob/master/v8ct...

[3] https://bughunters.google.com/about/rules/5745167867576320/c...


> You can't have it both ways. You're trying to hold on to two contradictory points at the same time: you don't like the supposed lack of browser diversity (which is why you seem to detest Chromium), but you like the supposed security guarantees of the mobile app store duopoly, which is even less diverse.

Ok I get it.

Let me rephrase it just to make it clear: It is true that I don't like the lack of diversity (that would come from everything being webtech on top of Chromium), and it is also true that I like the security that comes from a managed app store. I do! I can have it both ways! Isn't that marvelous?

If you can't understand how this is possible, I think we can stop here. We won't get anywhere if you can't understand what I write.


You've completely abandoned any attempt to argue the point about the security of web apps vs non-web apps, which was the original point of this discussion, so now let me address all the tangents you like going on to deflect. You're an expert at cherry picking which arguments you'd like to reply to, to avoid tackling the main issue at hand.

> It is true that I don't like the lack of diversity (that would come from everything being webtech on top of Chromium), and it is also true that I like the security that comes from a managed app store.

You've said previously: "My point is that webapps move everything into the browser, going towards a world where something like ChromeOS is the only valid way to use a computer. I want to choose my OS". [1]

So you think the best way to increase OS diversity is to get developers to submit their apps to proprietary app stores that only run on their own respective operating systems, instead of using open web standards that work on every operating system? How does that make sense?

> I do! I can have it both ways! Isn't that marvelous?

No! You can't! Not if you value logical consistency.

> If you can't understand how this is possible, I think we can stop here. We won't get anywhere if you can't understand what I write.

I don't think you comprehend what you're writing, or rather, you're not willing to admit that what you're writing is incomprehensible. Saying "my argument makes sense, you just can't understand it" is just you being petulant. You want to "stop here" because you've argued yourself into an illogical corner.

[1] https://news.ycombinator.com/item?id=38913989


> Saying "my argument makes sense, you just can't understand it" is just you being petulant.

I did not say that. I said that my preferences are consistent. Security and diversity are orthogonal concepts. I can say: "I want as much security as possible AND as much diversity as possible". It is not an argument, it is a preference.

You come and say: "Aha, I got you! You cannot want both security and diversity! You have to want one or the other, not both, because I say so! You just lost the debate, you dumb ass".

Fine, I lost the debate, you're the best.


First of all, I've been saying from the very beginning that your stance implies both less security AND less diversity. But I knew you would grasp onto the security part like a lifeline, because you've run out of ways to derail the conversation, which is why I clarified in my previous comment. You ignored my clarification, and once again decided to argue with a straw man. I've never seen so many bad faith straw man arguments in my life. Forget the security aspect of it since you clearly can't debate that, and just focus on the diversity, and you're STILL wrong.

As you like to say when you're clarifying, "let's take a step back here". I'll just repeat my last comment, and hopefully you won't evade it like you always do:

You've said previously: "My point is that webapps move everything into the browser, going towards a world where something like ChromeOS is the only valid way to use a computer. I want to choose my OS". [1]

So you think the best way to increase OS diversity is to get developers to submit their apps to proprietary app stores that only run on their own respective operating systems, instead of using open web standards that work on every operating system? How does that make sense?

Do you get it yet? You're claiming you want OS diversity, but you're advocating for the solution that results in LESS OS diversity, that's why you're contradicting yourself, and that's why your position is logically inconsistent. You absolutely know this, which is why you're dodging every attempt to actually debate it. And I know you know this, because you purposely omitted the first sentence of my paragraph when you quoted it, which was [2]: "And now you're arguing in favor of the app store duopoly which contradicts your point about software diversity." That part didn't fit your narrative, which is why you omitted it. You're better at evasion, and rhetorical trickery than you are at actually discussing technical topics. If you had said instead: "I admit my position implies less OS diversity, but in this case I'm willing to make that trade off in exchange for better security guarantees", then we could move on to the security question (and you'd lose that debate too).

You can admit that one of those pesky web developers you're so fond of condescending to actually has a good point, it won't hurt.

[1] https://news.ycombinator.com/item?id=38913989#:~:text=what%2...

[2] https://news.ycombinator.com/item?id=38934276#:~:text=did%20...


> So you think the best way to increase OS diversity is to get developers to submit their apps to proprietary app stores that only run on their own respective operating systems.

No, I don't. I think that having different tools, more or less specialized for particular platforms, is better than using webtech everywhere. My reason being that I tend to hate webtech and all it represents to me: I don't like unmanaged language package managers like npm and how they allow devs to have no clue about their dependencies. I don't like Javascript. I don't like having to run a browser to access Discord, or alternatively to have a fake Desktop app that is essentially a hardcoded one-tab browser. I don't like to run complicated webapps in a tab that can freeze my whole browser. I don't like that if my browser crashes, all my webapps stop. I find that pushing for WebAssembly to run everything in the browser is completely overkill given that we already have tons of ways to run stuff on different OSes. I don't like how web people tend to not know anything not web (including native/non-native-but-not-web mobile apps, native/non-native-but-still-not-web Desktop apps, mobile OSes like iOS/Android/Linux-based-but-not-ubuntu, Desktop OSes like Windows/macOS/Linux/-BSD, embedded OSes like OpenWRT/-BSD) but still claim that webtech is better.

I like C when it makes sense, I find merit to C++ in many situations, I think Rust is interesting (except for the language package management which seems to come straight out of the webtech hell). I like Java/JVM and its evolution in the last years (no, it's not just an interpreter and web applets since the beginning of the century, but too many web people missed the memo), I find that Android has done a lot of interesting stuff with JIT and AOT, I think that GraalVM is really promising. I love Scala and Kotlin, and the new Jetpack Compose way for UIs (coming to Desktop apparently). I wish I could spend more time on Swift and discover SwiftUI, and I had fun learning Flutter and Dart (though it's still has the fundamental issues of cross-platform frameworks IMO). I don't know anything about .NET, but it doesn't seem bad. I like making custom Linux with fun tools (buildroot, Yocto, pmbootstrap) or learning how relatively mainstream distributions work. I like running stuff on -BSD (not in a browser, actually on the system). I like how Linux distributions approach their package management.

I am a big fan of open protocols, which mean that I can run my TUI IRC client (written in C) on my OpenBSD, my favorite email client (written in Go) on my Alpine Linux, and a whole bunch of stuff like git/gpg/ssh/podman/pass in CLI. I can even enjoy tools written in niche languages like Hare!

Those things I like, TO ME, represent diversity, and allow me to choose the tools that are more ergonomic for me, and even to contribute to them. Webtech, TO ME, represents those shitty Slack/Discord/Teams/NameYourCloud proprietary apps (and those are the good ones), written by people who want a one-size-fits-all solution so that they can be more productive by knowing ONE tech and making ONE mediocre app that will run badly on all those systems they never cared to study, governed by rules like "no need to optimize for memory, memory is cheap ahahaha!!!1!". All that forcing me to run full-blown apps (and not websites anymore) in a damn browser, in a world where Safari is Apple's way of refusing webtech for as long as they can, Firefox is a joke (which I use, don't get me wrong) and everything else non-Chrome is about customizing Chromium and pretending that they own their codebase.

PWAs are a promise to move that shitty world out of the browser and into mobile devices (because ElectronJS already succeeded in moving that shitty world out of the browser and into the Desktop... by duplicating a browser I did not choose, and in my back). All of that is transforming my Desktop OS and my mobile OS into basically a big browser that I hate (Chromium) running bad apps written with webtech that I hate.

Native Android and iOS apps are not perfect of course. But they are not webtech. And at this point I'm holding to anything that is not damn webtech (or worse: "AI" bullshit).

Go on, tell me why I should not feel the way I feel or, even better, prove it to me, with cross-references to whatever you find (I still won't click on your links, though, I really don't give a shit).

> then we could move on to the security question (and you'd lose that debate too).

I am not here to win (is there a price for the winner?). I would genuinely be very happy if you taught me something (just a small thing) about why browsers are fundamentally better in terms of security than any other kind of sandbox I can imagine. But something constructive, like why it is that whatever is used to sandbox processes in a browser cannot be used to sandbox processes outside the browser. Or why granular access control works in the browser and fundamentally cannot be used outside of it.

But if it is to tell me that browsers are better because smart people spend a lot of time working on V8, or that web people invented access control last year, please don't lose your time.*


> I don't like how web people tend to not know anything not web

This is the reason why your responses have been so arrogant. This is why you assumed I lacked knowledge about sandboxing before we'd even had a chance to discuss the topic in any sort of depth. You have this preconceived notion that all web developers are myopic and can't see anything outside of the web, and you've projected this stereotype onto me as if you're omniscient. If you truly do enjoy engaging in good faith arguments, and learning from other commenters, then you wouldn't start with the pompous assumption that the person you're talking to is ignorant.

> I don't like unmanaged language package managers like npm and how they allow devs to have no clue about their dependencies. I don't like Javascript.

Finally, you just came out and said it. You have a deep seated visceral hatred of JavaScript and anything even tangentially related to it. This is why you've been trying to bait me into talking about Electron, to the point of literally fabricating statements (at one point you claimed I was talking about VSCode). This is your pet issue, and your clamoring for a chance to talk about it. I get it, you don't like JS. It's a popular opinion amongst snobbish developers who like to promote this culture of contempt that pervades the software development world [1].

The problem is...we're not talking about the pros and cons of JavaScript as a language, or npm as a package manger. I have feelings about that as well (which I may or may not share), but my primary conjecture has always been that software is safer when run in the browser (especially on desktop operating systems). That's why I originally responded to your comment about Figma and Photoshop, and provided my own anecdote about my experiences using Adobe Photoshop on my desktop computer.

> Those things I like, TO ME, represent diversity, and allow me to choose the tools that are more ergonomic for me, and even to contribute to them.

The preceding paragraphs read like a CV with every technology you've ever interacted with, and many of them are very interesting, but all of that is completely besides the point. I'm going to quote you again here, you said: "My point is that webapps move everything into the browser, going towards a world where something like ChromeOS is the only valid way to use a computer. I want to choose my OS".

We're not talking about the diversity of tools used to build applications, we're talking about the diversity of operating systems used to run graphical user interface apps. You absolutely refuse to stay on topic. Submitting apps to proprietary app stores that only run on their respective operating systems is not the best way to promote operating system diversity. If I build an app for the browser it'll run on every operating system (since they all ship with a web browser), that's just an objective fact.

> is there a price for the winner

You should be a comedian. I'm here to talk about technology.

> I would genuinely be very happy if you taught me something (just a small thing) about why browsers are fundamentally better in terms of security than any other kind of sandbox I can imagine.

We're not talking about what you can fundamentally imagine, we're talking about how software is used in reality.

> why it is that whatever is used to sandbox processes in a browser cannot be used to sandbox processes outside the browser. Or why granular access control works in the browser and fundamentally cannot be used outside of it.

I hate to keep repeating myself but, we're not discussing theoretical means with which you could sandbox an application, we're talking about how apps are actually used in practice. You seem to want to discuss how desktop apps could theoretically be just as safe as web apps, but I'm more interested in reality than theory. I've given you several examples of security features which are present in the browser, and have no proper analog built in to desktop operating systems.

Here's a non-exhaustive list of things that make webapps more secure than desktop apps (many of these points haven already been mentioned, but you keep ignoring them):

- Webapps can't read from the clipboard without user confirmation.

- Webapps can't make themselves truly persistent the way a desktop app can.

- Webapps can't record your keystrokes when their tab isn't active, whereas keyloggers are one of the most pervasive forms of desktop malware. On a Mac for instance, I normally have to use Reikey to mitigate this threat.

- Webapps can't forge the origin and user-agent HTTP headers to impersonate legitimate clients.

- Webapps can't read the response of an HTTP request to a third party origin unless the site allows it via a CORS header.

- Webapps can't read a single file from your filesystem unless you explicitly allow it.

- Webapps can't see which SSIDs your computer is connected to in order to pinpoint your location by matching them against known wifi networks.

Could some of these protections be implemented on the desktop in the future? Sure, and if they do I'd be happy to revisit this discussion in a few years. But my arguments are firmly rooted in reality, not speculation about future enhancements. And please don't bring up onerous security measures like virtual machines. First because that only proves that desktop apps are insecure by default, second because most users are likely unaware that such measures even exist, and third because those measures can be applied to a browser as well, so they only augment the security of webapps if anything.

[1] https://blog.aurynn.com/2015/12/16-contempt-culture




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: