Conversation

Running an app in a browser rather than natively means you place most of your trust in the browser vendor's security rather than the OS vendor's security. Do you think this is a reasonable tradeoff? In comments, for which OSes?

Good tradeoff, any OS
29.7%
Good tradeoff, some OSes
38.2%
Bad tradeoff, any OS
22.2%
Bad tradeoff, some OSes
9.9%

910 votesFinal results

Replying to

i have a lot of confidence in app sandboxing on Android, and am probably more concerned about cross-site attacks in the browser

Replying to

and

i would love if there were a way to put different websites into their own app sandboxes

Deirdre •° A Nameless Ghoulette °• Connolly¹

Replying to

and

Worse comes to worse, you run one website at a time in a single browser. This is not why I have multiple browsers installed on my devices, but it helps :P

Replying to

and

Can force enable strict site isolation on mobile Chromium via chrome://flags. It will already largely use site isolation on high memory devices, similar to desktop Chromium. Other browsers don't have a complete implementation so sites aren't really isolated at the sandbox layer.

9:09 PM · Apr 6, 2021Twitter Web App

Replying to

In other browsers, a renderer compromise generally gives all site data, etc. Traditional browser sandbox protects the OS, not other sites and browser data. Browser sandbox security largely comes down to OS security. Much stricter seccomp-bpf filter than the app sandbox though.

Replying to

Sites should set these headers to enforce cross-origin isolation for documents: Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Content-Security-Policy frame-ancestors directive should also be set to 'none' or 'self'. Most sites don't do it.

Show replies