- From: David Barrett-Kahn <dbk@google.com>
- Date: Tue, 20 Nov 2012 10:34:14 -0600
- To: Ian Hickson <ian@hixie.ch>
- Cc: whatwg@lists.whatwg.org
I'm not sensing a lot of enthusiasm about this proposal, and am guessing it would be an uphill slog with all the privacy/security issues involved. I'm therefore thinking I won't take it any further. If you feel something important is being lost here and that you could help me move this forward do let me know though. Thanks, -Dave On Fri, Nov 16, 2012 at 6:04 PM, Ian Hickson <ian@hixie.ch> wrote: > On Fri, 16 Nov 2012, David Barrett-Kahn wrote: > > > > Thanks Ian. So here's what confuses me, why is the bar so much higher > > for traditional webapps than it is for browser extensions, chrome apps, > > native apps, mobile apps or nearly anything else? > > Browser extensions, chrome apps, native apps, and mobile apps aren't > anywhere near as secure as Web apps. > > The bar shouldn't be any lower for them than for the Web, but that it is > is one of the Web's biggest strengths. You can, by and large, follow any > random link, and be assured that you're not going to get scammed (modulo > security bugs). If you just install any random native program you come > across, your machine is going to become a nest of malware. > > > > Extensions, chrome apps, and mobile apps have a consent experience, but > > it's hard to argue that users are making an informed decision there and > > that the consent experience really protects them. Native apps have no > > consent experience at all. > > Right. Compare the average amount of malware on a Windows machine to that > on a Chrome OS machine. :-) > > > > I guess I'm hoping you can point me to some guidelines you've developed > > or which you agree with on where the limits of the web sandbox should > > be. I'd rather not force you to re-have a discussion I'm sure you've > > had far too many times :-) > > I don't think there's anything formally written down. > > -- > Ian Hickson U+1047E )\._.,--....,'``. fL > http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. > Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.' > -- -Dave
Received on Tuesday, 20 November 2012 19:33:18 UTC