- From: Aaron Gustafson <notifications@github.com>
- Date: Fri, 10 Feb 2023 06:40:56 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/issues/1025/1425901179@github.com>
> @xkol Late reply but this **_could_** be malicious, let's say you're an not acquainted to technology, so you see an install button on the safety of the web (You might be inclined to the think that the internet is a safe place) and you decide to click on it, low and behold you have install malware! The malware takes use of wasm and starts mining x whenever you open the site, and they have just decided to create a context menu named "Delete", "Copy", "Paste", "Share", and "Help", all of them lead to your malicious program > > So **_yes_** this does have malicious intent, but if you were to have a checklist whenever they install an app to make sure they want the certain context menus, Ex: > > ⚠️ Warning ⚠️ Apps may pretend to be trustworthy applications in order to ... > > * [x] Add "**delete**" context menu to your os? > * [x] Add "**copy**" context menu to your os? > * [ ] Remove All > > [Confirm?] > > But this can easily be done with a malicious .exe (So, there would still be risks, but the risks are already presented if you have context menu items in your os by default) The proposal, as I understand it at least, would be to augment the menus only in the context of the app, not globally. So those menu items would only appear when the app is active and in the foreground, when the user is actively engaged with it. They would not be finally available within the OS. Your other concerns are general critiques of PWAs and apply equally to the Web writ large (as well as extensions). Addressing them is more the purview of malicious website scanners/mitigation (e.g., SiteScanner, etc.) within the browser and/or OS. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/1025#issuecomment-1425901179 You are receiving this because you are subscribed to this thread. Message ID: <w3c/manifest/issues/1025/1425901179@github.com>
Received on Friday, 10 February 2023 14:41:08 UTC