Google, Mozilla Working on Letting Web Apps Edit Files

Discussion in 'HardForum Tech News' started by Megalith, Nov 24, 2018.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
    Despite the potential for "major" security and privacy risks, Google and Mozilla are working on a new API that would “allow web sites and apps to read, edit, save, auto-save, create and delete local files on a user's device, as well as to read meta-data about files.” Developers suggest it’s a necessary evil, as the current method for editing a local file in a web app, which involves downloading and replacing files, is rather impractical.

    "There are both major privacy risks (websites getting access to private data they weren't supposed to have access to) as well as security risks (websites modifying executables, installing viruses, encrypting the user’s data and demanding ransoms, etc.). So great care will have to be taken to limit how much damage a website can do, and make sure a user understands what they are giving a website access to."
     
  2. gxp500

    gxp500 Gawd

    Messages:
    865
    Joined:
    Mar 4, 2015
    What could go wrong...
     
    mynamehere, Armenius, scojer and 22 others like this.
  3. darckhart

    darckhart Limp Gawd

    Messages:
    237
    Joined:
    Jun 15, 2013
    "make sure a user understands what they are giving a website access to" LMAO if users knew this, we wouldn't be in the privacy mess we're in now.

    and AFAIK some apps already do this "local" malarkey. as part of installation agreement you give, chrome, dropbox, etc, update themselves "behind the scenes"
     
    mynamehere and Armenius like this.
  4. blkt

    blkt Gawd

    Messages:
    666
    Joined:
    Oct 9, 2009
  5. halo000008

    halo000008 Limp Gawd

    Messages:
    220
    Joined:
    May 23, 2010
    looks like they learned nothing from the Microsoft debacle.
     
  6. Bobert

    Bobert Limp Gawd

    Messages:
    199
    Joined:
    May 22, 2011
    Hey guys I was using the latest Firefox and it deleted my System32 folder. How did that happen?
     
  7. BSmith

    BSmith [H]ard|Gawd

    Messages:
    1,323
    Joined:
    Nov 9, 2017
    Oh goody. Google is about to take control of it all while we sit and watch it happen. Awesome!
     
    Armenius, Red Falcon and Jza like this.
  8. cyberguyz

    cyberguyz Gawd

    Messages:
    694
    Joined:
    Aug 28, 2014
    I truly hope this is someone's idea of a practical joke. Nothing good can come from this.
     
  9. M76

    M76 [H]ardForum Junkie

    Messages:
    9,450
    Joined:
    Jun 12, 2012
    But why? What would be the practical use of this? Apart from the obvious: gathering more data to sell than ever before.
     
    mynamehere, Armenius and Jza like this.
  10. seanreisk

    seanreisk Gawd

    Messages:
    946
    Joined:
    Aug 29, 2011
    Google has always wanted to consolidate their applications under a web format. A single rendering engine, a single method for network addressing, and then allowing things like Google Docs to read and write locally and to virtual drives with the same permissions. They want to unify their Android and Chromebook applications and the applications store.
     
  11. SecretStash

    SecretStash Limp Gawd

    Messages:
    493
    Joined:
    May 27, 2017
    "Please accept permissions prompt before proceeding with using this site."

    Or

    "Not all functionality is enabled for this site, please offer your first born in order to have a tolerable experience."
     
    Armenius, almalino, Shadowed and 2 others like this.
  12. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,676
    Joined:
    Dec 15, 2003
    Chrome and Dropbox are local installs which place commands into the task scheduler and helper programs on the local system (authorized by the user on install of the program) that allow them to do these updates.

    This is talking about websites having the ability to edit files on the file system without a local install helper object. It'd all be handled through the browser with likely just a user prompt asking for file-system permission.



    At the absolute minimum, this permission should be something the user has to jump through hoops to enable for a specific site. If Google Docs wants more file system access, they can provide the support materials instructing their users on how to enable it. It should not be as simple as a prompt for permission like the camera API, mic API, and notification API's.
     
    travisty likes this.
  13. dgz

    dgz [H]ardness Supreme

    Messages:
    5,311
    Joined:
    Feb 15, 2010
    This, coupled with WebAssembly, is key to destroying the web we once knew and loved
     
    Armenius and clockdogg like this.
  14. wootius

    wootius [H]Lite

    Messages:
    105
    Joined:
    Mar 6, 2017
  15. Hallucinator

    Hallucinator Gawd

    Messages:
    558
    Joined:
    Nov 1, 2006
    They are really shooting their foot by playing fire with users' privacy!
     
  16. naib

    naib [H]ard|Gawd

    Messages:
    1,266
    Joined:
    Jul 26, 2013
    execute it in a sandbox.
     
  17. M76

    M76 [H]ardForum Junkie

    Messages:
    9,450
    Joined:
    Jun 12, 2012
    There is absolutely no need for that. You can save files locally with the browser's download feature, and open files by uploading them to the site. There is absolutely no excuse for a web.based app to get direct access to your local files.
     
  18. EODetroit

    EODetroit [H]ard|Gawd

    Messages:
    1,485
    Joined:
    Oct 20, 2004
    The version before it might be the last version I ever upgrade to.
     
  19. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    9,357
    Joined:
    Apr 9, 2012
    firefox in a vm i guess.
     
  20. deton8

    deton8 Limp Gawd

    Messages:
    407
    Joined:
    Sep 27, 2007
    You having your files on their servers isn't enough? Now they have to be on your system in your files?
     
  21. dyzophoria

    dyzophoria Gawd

    Messages:
    946
    Joined:
    Jan 17, 2006
    If they are planning something on this, then they should invite every browser to the consortium (invite apple and MS for their browsers respectively), that is a major change that not only two browser dev groups should be working on (personally given the current state of security, I'm not sure I am keen on the idea for now).
     
  22. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,409
    Joined:
    Oct 29, 2000
    Why should a website ever have access to local storage?

    This is insanity

    Neither the current method or this new API should be allowed.
     
    Armenius and GNUse_the_force like this.
  23. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,409
    Joined:
    Oct 29, 2000
    This is getting out of hand.

    We seriously need to ban everything except good old fashioned static HTML.

    If it required a script, either on the server or client side, ban it.

    Rewind the web to 1995.
     
    Armenius and clockdogg like this.
  24. SecretStash

    SecretStash Limp Gawd

    Messages:
    493
    Joined:
    May 27, 2017
    "security for the end user isn't that important, carry on."
     
  25. Jahx

    Jahx [H]Lite

    Messages:
    121
    Joined:
    Mar 29, 2005
    Considering that the value of end users who are educated enough to understand and make this decision is a value unable to be expressed as a whole percentage, perhaps we ought to call this a miss.
     
  26. Galvin

    Galvin 2[H]4U

    Messages:
    2,695
    Joined:
    Jan 22, 2002
    This is what skynet will use to spread. And other stupid things that get made
     
  27. benedict

    benedict n00b

    Messages:
    37
    Joined:
    Nov 13, 2018
    It's about time they did that. Both Adobe with Flash and Microsoft with Silverlight tried it and failed. Being able to run programs in your browser as if they were executables will change the world of computers as we know it. If done successfully it will make Windows obsolete since you'll be able to do everything through your browser.
     
  28. Arcygenical

    Arcygenical Will Watercool for Crack

    Messages:
    24,741
    Joined:
    Jun 10, 2005
    I hope they revive flash too.
     
    Armenius likes this.
  29. WhoMe

    WhoMe Gawd

    Messages:
    827
    Joined:
    Jan 3, 2018
    Ok, I screwed up and lost my cheap internet connection so I said to hell with it and left the internet for six months. Then my dad dies on Thanksgiving (great timing) and being a cheap SOB I take home his mifi to poke around the internet a bit using up the data he'd paid for...and this is one of the first stories I read! I was thinking of signing up with T-Mobile now they are in my area, but damn, you know I just may go dark again. I almost long for the days of my 300 baud modem and dialing into BBS's :).

    gxp500 said, "what can go wrong?" Add the saying, "If it can go wrong, it will," too that.
     
  30. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,409
    Joined:
    Oct 29, 2000
    The melding of the cloud with the local machine is the absolutely most terrifying thing of all in this modern stupid age.

    When I know the borders to my network and my local machine, I have at least a modicum of sense of security.

    I want a local machine, running software I have purposely installed that NEVER contacts the outside world unless I explicitly tell it to.

    This is fucking dangerous, and must be stopped at any cost

    And I mean any cost.
     
    Armenius and Gorankar like this.
  31. Laowai

    Laowai Gawd

    Messages:
    534
    Joined:
    Aug 9, 2018
    What can you do besides making posts on a tech forum about how outraged you are?

    You can't stop technology from going forward even if it's not in the direction you want. If these guys don't do this, somebody else will.
    Think you're gonna somehow block research and experimentation? I sure as hell hope not. That would be far scarier than anything this API could ever do, and I'll certainly grant you that the potential for abuse of that API or one like it would be massive.

    What cost are you willing and able to pay to stop this somehow? Anything other than strong words written in italics?

    If you want what you stated, I see nothing preventing that from happening now and no plans to prevent it in the foreseeable future.
    I'm not really a fan of this either, it adds another attack vector when most users/companies fail to properly mitigate against the existing ones.
    I'll do whatever is necessary to never use that API and block it on my machines no matter what Google and the others say about how safe it is.
    What else can you do? That's a serious question.
     
  32. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,409
    Joined:
    Oct 29, 2000

    Organize, vote, get politicians to vote for strong draconian regulation that bans these behaviors.

    It's the lazy uncaring lowest common denominator masses that let them get away with this bullshit.
     
    PantherBlitz likes this.
  33. Laowai

    Laowai Gawd

    Messages:
    534
    Joined:
    Aug 9, 2018
    What behavior needs to be punished according to you?
    Developing a new API?

    Maybe you have stopped thinking while in outrage mode.
    Let's say that development on this API is halted in the US due to whatever reasons. What would prevent these companies or any others from continuing elsewhere?
     
  34. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,409
    Joined:
    Oct 29, 2000
    Simple. If there is a law against melding the remote and the local though tools like this, it doesn't matter if anyone develops it. They can't use it, or they face time in a federal pound me up the ass prison.

    Through laws, we can expel just about any behavior we don't want in our society, punishing those who would violate them harshly.

    That's kind of what laws are for...
     
  35. termite

    termite [H]ardness Supreme

    Messages:
    4,825
    Joined:
    Aug 27, 2004
  36. Laowai

    Laowai Gawd

    Messages:
    534
    Joined:
    Aug 9, 2018
    Wow.
    We have laws against murder, theft, and more things than you can shake a fucking stick at yet oddly enough they still happen.
    I honestly am surprised we're having this discussion. I had thought you were smarter than this.
    Even if this somehow gets banned in the States...and by this, I'm not referring to what is actually happening which is simply the creation of a new API, but all the bad shit we think may happen after....there are other countries with their own laws. Unless you are also pushing for the US to wall off its internet like N.Korea or China....how would any law in the States matter a hill of beans?
    Is it even technically possible for a country to ban an API in any way that could be enforced?
    I could not even imagine what that would look like, but I'm not a lawyer.
     
  37. TheOne&OnlyZeke

    TheOne&OnlyZeke 100% Irish

    Messages:
    10,305
    Joined:
    Jul 21, 2000
  38. clockdogg

    clockdogg Gawd

    Messages:
    910
    Joined:
    Dec 12, 2007
    It's about time that poor, neglected Google has the tools to keep up with Win10. Invasion of privacy via the local file system shouldn't be exclusive to Microsoft. Can't imagine what wonderful things FB can achieve with this persistent writeable local data access as well. And other less 'scrupulous' developers, might write some great trojan apps too. So much win for lazy developers everywhere!

    On the even brighter side, if this API is expanded and supported, the OS becomes even less important - it's Microsoft's Netscape nightmare finally coming true - a couple decades late, but still.

    /s
     
  39. dangerouseddy

    dangerouseddy Gawd

    Messages:
    616
    Joined:
    May 16, 2007
    yes we need google to have the ability to corrupt or encrypt any of your local files anytime you use their software, makes perfect sense. im sure no shady companies will persuade google to let them have access to your files.
     
  40. Laowai

    Laowai Gawd

    Messages:
    534
    Joined:
    Aug 9, 2018
    I doubt they'd require much persuading if there is money in it for them.