Google, Mozilla Working on Letting Web Apps Edit Files

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,003
Despite the potential for "major" security and privacy risks, Google and Mozilla are working on a new API that would “allow web sites and apps to read, edit, save, auto-save, create and delete local files on a user's device, as well as to read meta-data about files.” Developers suggest it’s a necessary evil, as the current method for editing a local file in a web app, which involves downloading and replacing files, is rather impractical.

"There are both major privacy risks (websites getting access to private data they weren't supposed to have access to) as well as security risks (websites modifying executables, installing viruses, encrypting the user’s data and demanding ransoms, etc.). So great care will have to be taken to limit how much damage a website can do, and make sure a user understands what they are giving a website access to."
 

darckhart

Limp Gawd
Joined
Jun 15, 2013
Messages
238
"make sure a user understands what they are giving a website access to" LMAO if users knew this, we wouldn't be in the privacy mess we're in now.

and AFAIK some apps already do this "local" malarkey. as part of installation agreement you give, chrome, dropbox, etc, update themselves "behind the scenes"
 

blkt

Gawd
Joined
Oct 9, 2009
Messages
666
tumblr_o26x39wEmA1u81ir6o2_250.gif
 

seanreisk

[H]ard|Gawd
Joined
Aug 29, 2011
Messages
1,715
But why? What would be the practical use of this? Apart from the obvious: gathering more data to sell than ever before.

Google has always wanted to consolidate their applications under a web format. A single rendering engine, a single method for network addressing, and then allowing things like Google Docs to read and write locally and to virtual drives with the same permissions. They want to unify their Android and Chromebook applications and the applications store.
 

Spidey329

[H]F Junkie
Joined
Dec 15, 2003
Messages
8,683
"make sure a user understands what they are giving a website access to" LMAO if users knew this, we wouldn't be in the privacy mess we're in now.

and AFAIK some apps already do this "local" malarkey. as part of installation agreement you give, chrome, dropbox, etc, update themselves "behind the scenes"

Chrome and Dropbox are local installs which place commands into the task scheduler and helper programs on the local system (authorized by the user on install of the program) that allow them to do these updates.

This is talking about websites having the ability to edit files on the file system without a local install helper object. It'd all be handled through the browser with likely just a user prompt asking for file-system permission.



At the absolute minimum, this permission should be something the user has to jump through hoops to enable for a specific site. If Google Docs wants more file system access, they can provide the support materials instructing their users on how to enable it. It should not be as simple as a prompt for permission like the camera API, mic API, and notification API's.
 

M76

[H]F Junkie
Joined
Jun 12, 2012
Messages
11,939
Google has always wanted to consolidate their applications under a web format. A single rendering engine, a single method for network addressing, and then allowing things like Google Docs to read and write locally and to virtual drives with the same permissions. They want to unify their Android and Chromebook applications and the applications store.
There is absolutely no need for that. You can save files locally with the browser's download feature, and open files by uploading them to the site. There is absolutely no excuse for a web.based app to get direct access to your local files.
 

deton8

Limp Gawd
Joined
Sep 27, 2007
Messages
439
You having your files on their servers isn't enough? Now they have to be on your system in your files?
 

dyzophoria

Gawd
Joined
Jan 17, 2006
Messages
946
If they are planning something on this, then they should invite every browser to the consortium (invite apple and MS for their browsers respectively), that is a major change that not only two browser dev groups should be working on (personally given the current state of security, I'm not sure I am keen on the idea for now).
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,895
This is getting out of hand.

We seriously need to ban everything except good old fashioned static HTML.

If it required a script, either on the server or client side, ban it.

Rewind the web to 1995.
 

Jahx

Weaksauce
Joined
Mar 29, 2005
Messages
121
Considering that the value of end users who are educated enough to understand and make this decision is a value unable to be expressed as a whole percentage, perhaps we ought to call this a miss.
 

Galvin

2[H]4U
Joined
Jan 22, 2002
Messages
2,697
This is what skynet will use to spread. And other stupid things that get made
 

benedict

n00b
Joined
Nov 13, 2018
Messages
37
It's about time they did that. Both Adobe with Flash and Microsoft with Silverlight tried it and failed. Being able to run programs in your browser as if they were executables will change the world of computers as we know it. If done successfully it will make Windows obsolete since you'll be able to do everything through your browser.
 

WhoMe

Gawd
Joined
Jan 3, 2018
Messages
827
Ok, I screwed up and lost my cheap internet connection so I said to hell with it and left the internet for six months. Then my dad dies on Thanksgiving (great timing) and being a cheap SOB I take home his mifi to poke around the internet a bit using up the data he'd paid for...and this is one of the first stories I read! I was thinking of signing up with T-Mobile now they are in my area, but damn, you know I just may go dark again. I almost long for the days of my 300 baud modem and dialing into BBS's :).

gxp500 said, "what can go wrong?" Add the saying, "If it can go wrong, it will," too that.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,895
It's about time they did that. Both Adobe with Flash and Microsoft with Silverlight tried it and failed. Being able to run programs in your browser as if they were executables will change the world of computers as we know it. If done successfully it will make Windows obsolete since you'll be able to do everything through your browser.

The melding of the cloud with the local machine is the absolutely most terrifying thing of all in this modern stupid age.

When I know the borders to my network and my local machine, I have at least a modicum of sense of security.

I want a local machine, running software I have purposely installed that NEVER contacts the outside world unless I explicitly tell it to.

This is fucking dangerous, and must be stopped at any cost

And I mean any cost.
 

Laowai

Gawd
Joined
Aug 9, 2018
Messages
534
This is fucking dangerous, and must be stopped at any cost

And I mean any cost.
What can you do besides making posts on a tech forum about how outraged you are?

You can't stop technology from going forward even if it's not in the direction you want. If these guys don't do this, somebody else will.
Think you're gonna somehow block research and experimentation? I sure as hell hope not. That would be far scarier than anything this API could ever do, and I'll certainly grant you that the potential for abuse of that API or one like it would be massive.

What cost are you willing and able to pay to stop this somehow? Anything other than strong words written in italics?

If you want what you stated, I see nothing preventing that from happening now and no plans to prevent it in the foreseeable future.
I want a local machine, running software I have purposely installed that NEVER contacts the outside world unless I explicitly tell it to.
I'm not really a fan of this either, it adds another attack vector when most users/companies fail to properly mitigate against the existing ones.
I'll do whatever is necessary to never use that API and block it on my machines no matter what Google and the others say about how safe it is.
What else can you do? That's a serious question.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,895
What can you do besides making posts on a tech forum about how outraged you are?

You can't stop technology from going forward even if it's not in the direction you want. If these guys don't do this, somebody else will.
Think you're gonna somehow block research and experimentation? I sure as hell hope not. That would be far scarier than anything this API could ever do, and I'll certainly grant you that the potential for abuse of that API or one like it would be massive.

What cost are you willing and able to pay to stop this somehow? Anything other than strong words written in italics?

If you want what you stated, I see nothing preventing that from happening now and no plans to prevent it in the foreseeable future.

I'm not really a fan of this either, it adds another attack vector when most users/companies fail to properly mitigate against the existing ones.
I'll do whatever is necessary to never use that API and block it on my machines no matter what Google and the others say about how safe it is.
What else can you do? That's a serious question.


Organize, vote, get politicians to vote for strong draconian regulation that bans these behaviors.

It's the lazy uncaring lowest common denominator masses that let them get away with this bullshit.
 

Laowai

Gawd
Joined
Aug 9, 2018
Messages
534
Organize, vote, get politicians to vote for strong draconian regulation that bans these behaviors.

It's the lazy uncaring lowest common denominator masses that let them get away with this bullshit.
What behavior needs to be punished according to you?
Developing a new API?

Maybe you have stopped thinking while in outrage mode.
Let's say that development on this API is halted in the US due to whatever reasons. What would prevent these companies or any others from continuing elsewhere?
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,895
What behavior needs to be punished according to you?
Developing a new API?

Maybe you have stopped thinking while in outrage mode.
Let's say that development on this API is halted in the US due to whatever reasons. What would prevent these companies or any others from continuing elsewhere?

Simple. If there is a law against melding the remote and the local though tools like this, it doesn't matter if anyone develops it. They can't use it, or they face time in a federal pound me up the ass prison.

Through laws, we can expel just about any behavior we don't want in our society, punishing those who would violate them harshly.

That's kind of what laws are for...
 

Laowai

Gawd
Joined
Aug 9, 2018
Messages
534
Simple. If there is a law against melding the remote and the local though tools like this, it doesn't matter if anyone develops it. They can't use it, or they face time in a federal pound me up the ass prison.

Through laws, we can expel just about any behavior we don't want in our society, punishing those who would violate them harshly.

That's kind of what laws are for...
Wow.
We have laws against murder, theft, and more things than you can shake a fucking stick at yet oddly enough they still happen.
I honestly am surprised we're having this discussion. I had thought you were smarter than this.
Even if this somehow gets banned in the States...and by this, I'm not referring to what is actually happening which is simply the creation of a new API, but all the bad shit we think may happen after....there are other countries with their own laws. Unless you are also pushing for the US to wall off its internet like N.Korea or China....how would any law in the States matter a hill of beans?
Is it even technically possible for a country to ban an API in any way that could be enforced?
...a law against melding the remote and the local.....
I could not even imagine what that would look like, but I'm not a lawyer.
 

clockdogg

[H]ard|Gawd
Joined
Dec 12, 2007
Messages
1,127
It's about time that poor, neglected Google has the tools to keep up with Win10. Invasion of privacy via the local file system shouldn't be exclusive to Microsoft. Can't imagine what wonderful things FB can achieve with this persistent writeable local data access as well. And other less 'scrupulous' developers, might write some great trojan apps too. So much win for lazy developers everywhere!

On the even brighter side, if this API is expanded and supported, the OS becomes even less important - it's Microsoft's Netscape nightmare finally coming true - a couple decades late, but still.

/s
 
Joined
May 16, 2007
Messages
624
yes we need google to have the ability to corrupt or encrypt any of your local files anytime you use their software, makes perfect sense. im sure no shady companies will persuade google to let them have access to your files.
 

Laowai

Gawd
Joined
Aug 9, 2018
Messages
534
yes we need google to have the ability to corrupt or encrypt any of your local files anytime you use their software, makes perfect sense. im sure no shady companies will persuade google to let them have access to your files.
I doubt they'd require much persuading if there is money in it for them.
 
Top