alt Hacker NewsBrowsers have an absolute insane level of relatively unchecked permissions to do whatever they want on a client.
There's a lot of effort by browser developers to scope creep the browser into essentially being an OS-agnostic tech stack (one where, conveniently, code can be shipped across the network "as necessary", removing a lot of user agency for the software being ran); Chrome being the biggest driver of this, while Firefox has an extremely weak spine in trying to limit it.
It's fairly dire and I wouldn't be surprised if there's a lot more of these side channel attacks in a lot of web APIs.
Replies
It's also the technology that will allow software to run without a continuous connection to the server. If you want to break out of a world where companies own your data it's the tech that is needed.
Flash ended up getting blocked/banned by all browsers because it turned into a giant gaping security hole.
> By January 2021, all major browsers were blocking all Flash content unconditionally.
It looks like we-the-users need to be blocking any and every one of these parasites.
The uncomfortable part is that each step is usually justified by a real use case
Now that we have AI, can we go back to real apps and native tech stacks? And revert the browser to a text-display interface?