Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

And more than that, I honestly wonder about the motives of an advertising driven company these days.

It feels like 5 years later this will come to bite us in the ass as another way of exploiting access to our computer and data.

What if websites start requiring specific files to exist before allowing access?



> What if websites start requiring specific files to exist before allowing access?

This is certainly going to be immediately abused for encrypted storage of persistent cookies and tracking identifiers.

- If my site generates cat pics, I'll put identifiers in the metadata fields of the image format.

- If my site generates markdown, I'll put identifiers in an alternate data stream (Windows) or encoded in the whitespace.

Since the files exist outside of the sandbox, they'll be outside of the scope of privacy features like clearing the cache or cookies, and outside of the reach of adblocker extensions.


Nobody said the sites would have unfettered access to these files like they do with their cookies. Putting an ID on a photo is useless if you then have to ask the user to read it again the next time.

Also, why would they be outside the reach of adblockers? WebExtensions can already intercept and manipulate the use of certain APIs by sites, the same can easily apply here.


I suspect it will start with persistent login based on a file and grow from there.


> What if websites start requiring specific files to exist before allowing access?

This isn't just unrestricted filesystem access. The site would need to request file system permission first, _and_ get the user to select the file in a file picker.

In short, that's not a serious concern.


Not parent, but I think you are missing the point parent is making.

Suppose an app which does not really needs file permission to work, like Facebook, but asks anyhow. If you opt out, you cannot access the app.

That pattern does not need to exist.


I mean, they could already do that with say, the webcam permission.


> And more than that, I honestly wonder about the motives of an advertising driven company these days.

I wonder about ulterior motives too.

But in a world where even local apps increasingly try to make me store files in the cloud, I can only consider this as a move in the right direction.

All web apps can offer today is either (1) re-download the file (as the article mentions) or (2) save to GDrive/iCloud /OneDrive.

Working with local files is a win for user freedom.


> What if websites start requiring specific files to exist before allowing access?

Like session cookies, or SSL certificates?


You mean user name and password?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: