as an engineer, not happy about the growing assumption that opening a URL is in itself dangerous.
-
@lritter well, the proliferation of new js apis isn't making browsers more secure...
@redmp what do you mean specifically?
-
@lritter opening urls has become more dangerous as the attack surface of browsers has grown
-
@lritter opening urls has become more dangerous as the attack surface of browsers has grown
@lritter the "growing assumption" that you pushed against seems rational to me
-
as an engineer, not happy about the growing assumption that opening a URL is in itself dangerous. this is one of the hidden pillars of web browsing: that you can open any URL and no harm will come to your computer. psychological harm, sure, why not, but your computer should be ok.
if opening a URL were no longer safe on principle, it would destroy the internet, or the web at least. you could as well start downloading and running executables again.
@lritter personally i feel like just opening a link has always been pretty dangerous. the sophistication of attacks is certainly growing, but historical zero click or one click attacks were not exactly uncommon.
-
@lritter personally i feel like just opening a link has always been pretty dangerous. the sophistication of attacks is certainly growing, but historical zero click or one click attacks were not exactly uncommon.
-
@lritter the "growing assumption" that you pushed against seems rational to me
@redmp then that's the end of it i would say. the web is already dead. it just doesn't know it yet.
-
@redmp then that's the end of it i would say. the web is already dead. it just doesn't know it yet.
@lritter well, I might be more paranoid than the average user, so don't conclude on my account.. but if it's dead, then it was killed by google pushing new standards at w3c for years, making it difficult for other browser vendors to keep up...
-
@lritter well, I might be more paranoid than the average user, so don't conclude on my account.. but if it's dead, then it was killed by google pushing new standards at w3c for years, making it difficult for other browser vendors to keep up...
@lritter I think maybe if there were more competition among browser vendors it would help establish a new de facto standard set of extensions (a subset of the current standards); it's a push and pull between what websites use and browsers can support, but the current standards are too many and too complex (and, I assert, that leads to security issues, but I could be wrong)
-
as an engineer, not happy about the growing assumption that opening a URL is in itself dangerous. this is one of the hidden pillars of web browsing: that you can open any URL and no harm will come to your computer. psychological harm, sure, why not, but your computer should be ok.
if opening a URL were no longer safe on principle, it would destroy the internet, or the web at least. you could as well start downloading and running executables again.
@lritter what happened? did some large scale attack took place?
-
@lritter what happened? did some large scale attack took place?
@bitinn just picking up vibes in the past month, and people make unsubstantiated insinuations in posts that suggest there is a problem with it.
-
@lritter well, I might be more paranoid than the average user, so don't conclude on my account.. but if it's dead, then it was killed by google pushing new standards at w3c for years, making it difficult for other browser vendors to keep up...
-
@lritter yeah but that hasn't changed. i don't think it's something you need to be broadly worried about, unless of course you're at risk of being targeted by a state.
-
W Ryan Wild shared this topic
