- From: Maciej Stachowiak <mjs@apple.com>
- Date: Wed, 29 Jul 2009 16:09:47 -0700
On Jul 29, 2009, at 3:05 PM, Robert O'Callahan wrote: > What happened to my idea for browsers to have a special window > containing tabs for "background apps", which save screen real estate > by just showing an icon and title (and a URL or domain?) and no > actual tab content? You might modify the UI so that quitting the > normal browser leaves this window open, possibly as a separate OS > app. Seems to me that this would provide almost exactly the desired > functionality but without introducing new security concerns and > without requiring a trust decision. I haven't thought through this option in sufficient detail, but I'm not sure that it resolves all of the risks I mentioned or the risks of content outliving the page or the browser in general. Here's some questions that come immediately to mind: 1) What exactly does the window look like? Just a normal tabbed browser window with a window in each tab? I think users would find that confusing. 2) What happens if users close the magic window (which likely they will, if it's not obvious what it's for and just seems to be wasting real estate)? Are all the background tasks killed or do they secretly keep running? Either seems like a bad option. 3) In what way are users alerted to a new item being opened in the magic window - is there a UI for this that can avoid being either too distracting or too subtle? 4) Is it really ok for web content to survive browser quit and possibly even reboot just because there is a visible indicator on screen, without some explicit heavyweight form of user opt-in (like Prism)? I'm not sure it is. Especially if the magic window has tabs, if a number of popular web apps start using it, then users will start to blank it out and be vulnerable to the same kinds of risks I described (use for a botnet, waiting for exploits to be found, etc). Given the risks I cited for the original form of the feature, I think we need to keep in mind that a lot of the security risks are subtle and insidious, and we need to be really cautious with any feature of this type. Regards, Maciej
Received on Wednesday, 29 July 2009 16:09:47 UTC