zlacker

[parent] [thread] 1 comments
1. dragon+(OP)[view] [source] 2023-06-01 03:33:10
> Now the only way to access site Y is by a) routing all your data through some third party server, or b) installing a native application which has way more access to your machine than the web app would.

Or installing a browser extension that allows rewriting CORS headers.

> Some days you gotta wonder if anyone on the web committees has any interest in end-users.

Oh, they do. The defaults are much safer for end-users than they used to be. Who they mostly leave out is a narrow slice of power users with use cases where bypassing make sense, and the extension facilities available address some of that.

replies(1): >>jakear+A4
2. jakear+A4[view] [source] 2023-06-01 04:31:47
>>dragon+(OP)
From what I can tell there’s no such extension on iOS. I think it should be part of the standard, not a hole left for extensions to fill in.

The slice is only narrow because it’s practically impossible. If there were an option presented to end users “let X.com read data from Y.com?” there would be a rich ecosystem of alternative UI’s for any website you could think of.

These alt-UI’s would be likely to have better security practices than the original, or at the very least introduce competition to drive privacy/security/accessibility standards up for everyone. Whereas currently if the Origin has the data, they have full ability to impose whatever draconian practices they want on people who desire to access that data.

[go to top]