Google, Mozilla Working on Letting Web Apps Edit Files

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Despite the potential for "major" security and privacy risks, Google and Mozilla are working on a new API that would “allow web sites and apps to read, edit, save, auto-save, create and delete local files on a user's device, as well as to read meta-data about files.” Developers suggest it’s a necessary evil, as the current method for editing a local file in a web app, which involves downloading and replacing files, is rather impractical.

"There are both major privacy risks (websites getting access to private data they weren't supposed to have access to) as well as security risks (websites modifying executables, installing viruses, encrypting the user’s data and demanding ransoms, etc.). So great care will have to be taken to limit how much damage a website can do, and make sure a user understands what they are giving a website access to."
 
"make sure a user understands what they are giving a website access to" LMAO if users knew this, we wouldn't be in the privacy mess we're in now.

and AFAIK some apps already do this "local" malarkey. as part of installation agreement you give, chrome, dropbox, etc, update themselves "behind the scenes"
 
tumblr_o26x39wEmA1u81ir6o2_250.gif
 
But why? What would be the practical use of this? Apart from the obvious: gathering more data to sell than ever before.

Google has always wanted to consolidate their applications under a web format. A single rendering engine, a single method for network addressing, and then allowing things like Google Docs to read and write locally and to virtual drives with the same permissions. They want to unify their Android and Chromebook applications and the applications store.
 
"make sure a user understands what they are giving a website access to" LMAO if users knew this, we wouldn't be in the privacy mess we're in now.

and AFAIK some apps already do this "local" malarkey. as part of installation agreement you give, chrome, dropbox, etc, update themselves "behind the scenes"

Chrome and Dropbox are local installs which place commands into the task scheduler and helper programs on the local system (authorized by the user on install of the program) that allow them to do these updates.

This is talking about websites having the ability to edit files on the file system without a local install helper object. It'd all be handled through the browser with likely just a user prompt asking for file-system permission.



At the absolute minimum, this permission should be something the user has to jump through hoops to enable for a specific site. If Google Docs wants more file system access, they can provide the support materials instructing their users on how to enable it. It should not be as simple as a prompt for permission like the camera API, mic API, and notification API's.
 
Google has always wanted to consolidate their applications under a web format. A single rendering engine, a single method for network addressing, and then allowing things like Google Docs to read and write locally and to virtual drives with the same permissions. They want to unify their Android and Chromebook applications and the applications store.
There is absolutely no need for that. You can save files locally with the browser's download feature, and open files by uploading them to the site. There is absolutely no excuse for a web.based app to get direct access to your local files.
 
You having your files on their servers isn't enough? Now they have to be on your system in your files?
 
If they are planning something on this, then they should invite every browser to the consortium (invite apple and MS for their browsers respectively), that is a major change that not only two browser dev groups should be working on (personally given the current state of security, I'm not sure I am keen on the idea for now).
 
This is getting out of hand.

We seriously need to ban everything except good old fashioned static HTML.

If it required a script, either on the server or client side, ban it.

Rewind the web to 1995.
 
Considering that the value of end users who are educated enough to understand and make this decision is a value unable to be expressed as a whole percentage, perhaps we ought to call this a miss.
 
This is what skynet will use to spread. And other stupid things that get made
 
It's about time they did that. Both Adobe with Flash and Microsoft with Silverlight tried it and failed. Being able to run programs in your browser as if they were executables will change the world of computers as we know it. If done successfully it will make Windows obsolete since you'll be able to do everything through your browser.
 
Ok, I screwed up and lost my cheap internet connection so I said to hell with it and left the internet for six months. Then my dad dies on Thanksgiving (great timing) and being a cheap SOB I take home his mifi to poke around the internet a bit using up the data he'd paid for...and this is one of the first stories I read! I was thinking of signing up with T-Mobile now they are in my area, but damn, you know I just may go dark again. I almost long for the days of my 300 baud modem and dialing into BBS's :).

gxp500 said, "what can go wrong?" Add the saying, "If it can go wrong, it will," too that.
 
It's about time they did that. Both Adobe with Flash and Microsoft with Silverlight tried it and failed. Being able to run programs in your browser as if they were executables will change the world of computers as we know it. If done successfully it will make Windows obsolete since you'll be able to do everything through your browser.

The melding of the cloud with the local machine is the absolutely most terrifying thing of all in this modern stupid age.

When I know the borders to my network and my local machine, I have at least a modicum of sense of security.

I want a local machine, running software I have purposely installed that NEVER contacts the outside world unless I explicitly tell it to.

This is fucking dangerous, and must be stopped at any cost

And I mean any cost.
 
This is fucking dangerous, and must be stopped at any cost

And I mean any cost.
What can you do besides making posts on a tech forum about how outraged you are?

You can't stop technology from going forward even if it's not in the direction you want. If these guys don't do this, somebody else will.
Think you're gonna somehow block research and experimentation? I sure as hell hope not. That would be far scarier than anything this API could ever do, and I'll certainly grant you that the potential for abuse of that API or one like it would be massive.

What cost are you willing and able to pay to stop this somehow? Anything other than strong words written in italics?

If you want what you stated, I see nothing preventing that from happening now and no plans to prevent it in the foreseeable future.
I want a local machine, running software I have purposely installed that NEVER contacts the outside world unless I explicitly tell it to.
I'm not really a fan of this either, it adds another attack vector when most users/companies fail to properly mitigate against the existing ones.
I'll do whatever is necessary to never use that API and block it on my machines no matter what Google and the others say about how safe it is.
What else can you do? That's a serious question.
 
What can you do besides making posts on a tech forum about how outraged you are?

You can't stop technology from going forward even if it's not in the direction you want. If these guys don't do this, somebody else will.
Think you're gonna somehow block research and experimentation? I sure as hell hope not. That would be far scarier than anything this API could ever do, and I'll certainly grant you that the potential for abuse of that API or one like it would be massive.

What cost are you willing and able to pay to stop this somehow? Anything other than strong words written in italics?

If you want what you stated, I see nothing preventing that from happening now and no plans to prevent it in the foreseeable future.

I'm not really a fan of this either, it adds another attack vector when most users/companies fail to properly mitigate against the existing ones.
I'll do whatever is necessary to never use that API and block it on my machines no matter what Google and the others say about how safe it is.
What else can you do? That's a serious question.


Organize, vote, get politicians to vote for strong draconian regulation that bans these behaviors.

It's the lazy uncaring lowest common denominator masses that let them get away with this bullshit.
 
Organize, vote, get politicians to vote for strong draconian regulation that bans these behaviors.

It's the lazy uncaring lowest common denominator masses that let them get away with this bullshit.
What behavior needs to be punished according to you?
Developing a new API?

Maybe you have stopped thinking while in outrage mode.
Let's say that development on this API is halted in the US due to whatever reasons. What would prevent these companies or any others from continuing elsewhere?
 
What behavior needs to be punished according to you?
Developing a new API?

Maybe you have stopped thinking while in outrage mode.
Let's say that development on this API is halted in the US due to whatever reasons. What would prevent these companies or any others from continuing elsewhere?

Simple. If there is a law against melding the remote and the local though tools like this, it doesn't matter if anyone develops it. They can't use it, or they face time in a federal pound me up the ass prison.

Through laws, we can expel just about any behavior we don't want in our society, punishing those who would violate them harshly.

That's kind of what laws are for...
 
Simple. If there is a law against melding the remote and the local though tools like this, it doesn't matter if anyone develops it. They can't use it, or they face time in a federal pound me up the ass prison.

Through laws, we can expel just about any behavior we don't want in our society, punishing those who would violate them harshly.

That's kind of what laws are for...
Wow.
We have laws against murder, theft, and more things than you can shake a fucking stick at yet oddly enough they still happen.
I honestly am surprised we're having this discussion. I had thought you were smarter than this.
Even if this somehow gets banned in the States...and by this, I'm not referring to what is actually happening which is simply the creation of a new API, but all the bad shit we think may happen after....there are other countries with their own laws. Unless you are also pushing for the US to wall off its internet like N.Korea or China....how would any law in the States matter a hill of beans?
Is it even technically possible for a country to ban an API in any way that could be enforced?
...a law against melding the remote and the local.....
I could not even imagine what that would look like, but I'm not a lawyer.
 
It's about time that poor, neglected Google has the tools to keep up with Win10. Invasion of privacy via the local file system shouldn't be exclusive to Microsoft. Can't imagine what wonderful things FB can achieve with this persistent writeable local data access as well. And other less 'scrupulous' developers, might write some great trojan apps too. So much win for lazy developers everywhere!

On the even brighter side, if this API is expanded and supported, the OS becomes even less important - it's Microsoft's Netscape nightmare finally coming true - a couple decades late, but still.

/s
 
yes we need google to have the ability to corrupt or encrypt any of your local files anytime you use their software, makes perfect sense. im sure no shady companies will persuade google to let them have access to your files.
 
yes we need google to have the ability to corrupt or encrypt any of your local files anytime you use their software, makes perfect sense. im sure no shady companies will persuade google to let them have access to your files.
I doubt they'd require much persuading if there is money in it for them.
 
Back
Top