this post was submitted on 31 Dec 2024
392 points (98.0% liked)
Technology
60330 readers
3573 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
that's not a feature of the ROM. that's a tool provided by ROM maintainers. that being said, it almost certainly supports it, as in in someone makes a website that does that, it will be possible.
now, don't get me started on how bad of an idea it is to use webusb
I will get you started. Please explain.
there is no way to verify the downloaded package before installation.
also I generally deem both webusb, and chrome's broader filesystem access apis dangerous, partly because a vulnerability in the website permission checking code with this permission is much worse than with e.g. the camera.
but the more realirealistic problem is that its just too easy to grant a random website so deep permissions to your device, either by accident, by habit or because the user does not understand what is happening. just a click or two and you have just granted a ransom website full access to your drive. with webusb, they can even write a bootable anything to your pendrive.
my concern here is not that you cannot make sure that the graphene website will only do what it needs to, but that the feature exists at all, because of all the other websites. I sincerely bless mozilla for not implementing these.