- From: Jonas Sicking via GitHub <sysbot+gh@w3.org>
- Date: Thu, 20 Aug 2015 07:28:48 +0000
- To: public-web-nfc@w3.org
> In the end, we challenge even the idea of having web-specific tags. Including an extra special record in NDEF messages (or indicating in any other way that the content is web-specific) does not solve any security problems, but it may add new ones because of false sense of security. Everything is forgeable/changeable using native clients, so a web site cannot be sure that a web tag really has the origin it claims to have. There are two basic assumptions in play here: 1. Users do not install native applications that they don't trust. 2. Users do visit websites that they don't trust. Note that browsers are native apps, so based on 1 above, users only install browser implementations that they trust. So while it is entirely possible for a native app to pretend to be any website, the assumption here is that they user trust that app. I.e. the app will still act in the users best interest. When apps are created that trick users about their intentions and don't act in the users interest, we call these apps malware and remove them from app stores. The web security model is based on the assumption that websites will try to do evil things. We deal with this by limiting the harm that websites can do when you go to them. If we think no harm can come to allowing any and all websites get read/write access to any and all NFC tags/peers that the user tags then I agree that we don't need a way to expose NFC tags/peers as "web compatible". I.e. if we think that all writable NFC tags out there can be arbitrarily overwritten with arbitrary data without any loss of significant information to anyone, and we think that all NFC P2P software won't take any irreversable actions without first asking the user through other means, then I think that we wouldn't need any "web compatible" flag. But it seems like a tall order to me. This has not been true for internet connected servers for example. Lots of servers protect themselves by being behind a firewall. They rely on that even though the user might be browsing harmful websites while inside the firewall, that the web security model protect these website from causing harm to the servers behind the firewall. I would imagine that NFC tags make the same assumption. That they assume that users that can physically get to the NFC tag will only run trusted apps. If these tags can be written to by untrusted websites that the user visit when tagging the tag then that breaks that assumption. -- GitHub Notif of comment by sicking See https://github.com/w3c/web-nfc/issues/3#issuecomment-132917395
Received on Thursday, 20 August 2015 07:28:50 UTC