Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.
posted by martyb on Sunday November 25 2018, @01:59AM   Printer-friendly
from the welcome-to-the-danger-zone dept.

Google and Mozilla are working together on a method to let web apps gain access to users' files.

A group led by Google and Mozilla is working to make it easy to edit files using browser-based web apps but wants advice on how to guard against the "major" security and privacy risks.

The idea is to allow users to save changes they've made using web apps, without the hassle of having to download new files after each edit, as is necessary today.

[...] the W3C Web Incubator Community Group (WICG), which is chaired by representatives from Chrome developer Google and Firefox developer Mozilla, is working on developing the new Writable Files API, which would allow web apps running in the browser to open a file, edit it, and save the changes back to the same file.

However, the group says the biggest challenge will be guarding against malicious sites seeking to abuse persistent access to files on a user's system.

"By far the hardest part for this API is of course going to be the security model to use," warns the WICG's explainer page for the API.

"The API provides a lot of scary power to websites that could be abused in many terrible ways.

What could possibly go wrong?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Apparition on Sunday November 25 2018, @02:50AM (21 children)

    by Apparition (6835) on Sunday November 25 2018, @02:50AM (#766077) Journal

    The problem with wiping Firefox and Google Chrome from your drives is: What's left? The only major web browsers not based on Chromium or Mozilla Firefox are Microsoft Edge and Apple Safari. Opera? Chromium. Brave? Chromium. Vivaldi? Chromium. Falkon? Chromium.

    Now, it may be possible for Opera/Brave/Vivaldi/Falkon developers to disable the Writable Files API, but we'll have to wait and see.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 0) by Anonymous Coward on Sunday November 25 2018, @03:26AM (1 child)

    by Anonymous Coward on Sunday November 25 2018, @03:26AM (#766081)

    What's left?

    Midori and elinks.

  • (Score: 2, Interesting) by tftp on Sunday November 25 2018, @03:27AM (3 children)

    by tftp (806) on Sunday November 25 2018, @03:27AM (#766082) Homepage

    What's left? To run the browser in a good, secure VM (if such a thing exists) - or on a separate computer. Today it is trivial - tablets, R-Pis, old smartphones, TVs ... this will block access to your files reliably, proportional to security of your network (vpn tunneling + blocking direct access at a separate firewall is always a plus.) For home/recreational use this is all that is needed; plus your browsing device is not cluttered with other applications.

    Professional use comes with more expensive precautions. Airgapped LANs are well known in many places. Otherwise establish unidirectional flow of sanitized data from the browsing box into a shared drive that can be read by the more secure computers.

    • (Score: 2) by bzipitidoo on Sunday November 25 2018, @04:27AM (2 children)

      by bzipitidoo (4388) on Sunday November 25 2018, @04:27AM (#766088) Journal

      In summary, if they don't science the shit out of this user file access idea, users will have to sandbox the shit out of the browsers.

      Probably should've been sandboxing browsers all along anyway.

      • (Score: 3, Insightful) by Anonymous Coward on Sunday November 25 2018, @04:31AM (1 child)

        by Anonymous Coward on Sunday November 25 2018, @04:31AM (#766090)
        With recent exploits no sandboxing is safe.
        • (Score: 0) by Anonymous Coward on Monday November 26 2018, @01:55PM

          by Anonymous Coward on Monday November 26 2018, @01:55PM (#766441)

          Or only buy computers capable of running registered memory.

          And that is ignoring the speculative execution and other timing/race leaks in modern processors.

          Very little hardware can be considered secure from either hackers or state level adversaries largely because of the commercial limitations of available consumer electronics.

  • (Score: 4, Interesting) by Pino P on Sunday November 25 2018, @03:53AM

    by Pino P (4721) on Sunday November 25 2018, @03:53AM (#766084) Journal

    The problem with wiping Firefox and Google Chrome from your drives is: What's left?

    Firefox with support for script in content documents removed at compile time. Let documents be documents and applications be applications, the latter preferably distributed in source code form under a free software license.

  • (Score: 1, Informative) by Anonymous Coward on Sunday November 25 2018, @05:58AM (5 children)

    by Anonymous Coward on Sunday November 25 2018, @05:58AM (#766095)

    PaleMoon browser

    • (Score: 2, Disagree) by DrkShadow on Sunday November 25 2018, @06:03AM (4 children)

      by DrkShadow (1404) on Sunday November 25 2018, @06:03AM (#766096)

      Firefox.

      • (Score: 0) by Anonymous Coward on Sunday November 25 2018, @04:24PM (3 children)

        by Anonymous Coward on Sunday November 25 2018, @04:24PM (#766193)

        The original question was: "The problem with wiping Firefox and Google Chrome from your drives is: What's left?" And your answer was "Firefox?"

        You're not very bright.

        • (Score: 1, Informative) by Anonymous Coward on Sunday November 25 2018, @06:01PM (2 children)

          by Anonymous Coward on Sunday November 25 2018, @06:01PM (#766222)

          Sadly, you're the one who's not too bright. GGP suggested using Palemoon. GP replied that Palemoon is based on Firefox. Since wiping Firefox and Chrome was the topic, installing something based on Firefox would be counter to the stated goal.

          • (Score: 1, Informative) by Anonymous Coward on Sunday November 25 2018, @11:53PM (1 child)

            by Anonymous Coward on Sunday November 25 2018, @11:53PM (#766313)

            More than that, Palemoon is so dependent on Firefox that I am funny convinced that without it, Palemoon would either collapse under its own development weight or become even more of a haven for security holes.

            • (Score: 0) by Anonymous Coward on Monday November 26 2018, @03:18AM

              by Anonymous Coward on Monday November 26 2018, @03:18AM (#766357)

              I'm funny convinced that you're uninformed.

  • (Score: 1, Informative) by Anonymous Coward on Sunday November 25 2018, @08:58AM

    by Anonymous Coward on Sunday November 25 2018, @08:58AM (#766115)

    Lynx

  • (Score: 0) by Anonymous Coward on Sunday November 25 2018, @09:43AM

    by Anonymous Coward on Sunday November 25 2018, @09:43AM (#766122)

    The problem with wiping Firefox and Google Chrome from your drives is: What's left?

    Konqueror

  • (Score: 0) by Anonymous Coward on Sunday November 25 2018, @11:56AM (3 children)

    by Anonymous Coward on Sunday November 25 2018, @11:56AM (#766139)

    What's left?
    E-mail client and a few good mailing lists. Seriously, I haven't found large amount of practical info (in form of FAQ or documentation) in the Web since 2015. "News" made to manipulate and divide people, trolling fests in forums, all questions answered with "buy more stuff". Turn the TV on for the same content, it'll eat less electricity.

    • (Score: 3, Insightful) by fyngyrz on Sunday November 25 2018, @05:12PM (1 child)

      by fyngyrz (6567) on Sunday November 25 2018, @05:12PM (#766206) Journal

      I haven't found large amount of practical info (in form of FAQ or documentation) in the Web since 2015.

      You're either looking for the wrong things, or in the wrong places, then. The WWW remains well supplied with with great information, much of it unencumbered by advertising, spam, etc. You do need to be able to use search engines well, though — there's no question there's plenty of spam out there.

      • (Score: 0) by Anonymous Coward on Monday November 26 2018, @12:13AM

        by Anonymous Coward on Monday November 26 2018, @12:13AM (#766322)

        "Yes", "I" "still" "use" "Google" "well" -shop -price -sell -site:[snap*!] -site:[snap**!]

        ;)

        * - one of the biggest e-shop putting links to every problem.
        ** - forum aggregator who has stolen search queries database some time ago and is trying to get all people to their ad-infested pages.

        I get useful answers, but most of them are in older parts of the WWW, in form of links (now in Archive) or in disappearing niche forums. And yes, these are in sites in which lone GIF banner is the only ad.
        But since about 2010-2015, I see a significant decline here. And a lot is dependent on the country - I search mostly in English and Russian Internet as I can find answers and suggestions to technical questions there, there are countries in which it's even better (but language is the limit), and there are countries in which it's worse. For my country... this looks like one of these teleshopping TV channels.

    • (Score: 2) by Apparition on Sunday November 25 2018, @09:57PM

      by Apparition (6835) on Sunday November 25 2018, @09:57PM (#766295) Journal

      There aren't trolling fests in mailing lists as well as forums? That would be news to me. I find that they're both equally useful and trolly.

  • (Score: 1, Interesting) by Anonymous Coward on Sunday November 25 2018, @10:55PM (1 child)

    by Anonymous Coward on Sunday November 25 2018, @10:55PM (#766302)

    What's left?

    NetSurf [netsurf-browser.org] & dillo [dillo.org]

    • (Score: 2) by Freeman on Monday November 26 2018, @05:09PM

      by Freeman (732) on Monday November 26 2018, @05:09PM (#766498) Journal

      I've actually heard of Dillo and used it a bit. It's definitely it's own beast. Had issues displaying some things correctly or at all, so never really took it seriously. I thought it was dead, but apparently their releases are just few and far between? Though, looks like latest release was 2015, so maybe it's truly dead now? Or it's just being Dillo?

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"