- From: Ian Hickson <ian@hixie.ch>
- Date: Sat, 17 Nov 2012 00:04:00 +0000 (UTC)
- To: David Barrett-Kahn <dbk@google.com>
- Cc: whatwg@lists.whatwg.org
On Fri, 16 Nov 2012, David Barrett-Kahn wrote: > > Thanks Ian. So here's what confuses me, why is the bar so much higher > for traditional webapps than it is for browser extensions, chrome apps, > native apps, mobile apps or nearly anything else? Browser extensions, chrome apps, native apps, and mobile apps aren't anywhere near as secure as Web apps. The bar shouldn't be any lower for them than for the Web, but that it is is one of the Web's biggest strengths. You can, by and large, follow any random link, and be assured that you're not going to get scammed (modulo security bugs). If you just install any random native program you come across, your machine is going to become a nest of malware. > Extensions, chrome apps, and mobile apps have a consent experience, but > it's hard to argue that users are making an informed decision there and > that the consent experience really protects them. Native apps have no > consent experience at all. Right. Compare the average amount of malware on a Windows machine to that on a Chrome OS machine. :-) > I guess I'm hoping you can point me to some guidelines you've developed > or which you agree with on where the limits of the web sandbox should > be. I'd rather not force you to re-have a discussion I'm sure you've > had far too many times :-) I don't think there's anything formally written down. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Saturday, 17 November 2012 00:08:07 UTC