nihilist/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org synced 2024-11-30 06:53:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

add info about drawbacks

Browse Source
This commit is contained in:
fria 2024-11-23 22:37:09 -06:00 committed by GitHub
parent d3142a0012
commit 0c7b3a224e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
blog/posts/pwa-vs-iwa.md
View File

@ -22,6 +22,6 @@ A typical native app is downloaded onto your computer and only updates when the
Isolated Web Apps (IWA) build on the work done on PWAs and [Web Packaging](https://github.com/WICG/webpackage). They are a specification that allows web content to be distributed offline outside of a browser, much like a traditional app. It can be signed just like a regular app too, allowing you to verify that it came from the proper place and hasn't been modified. You could install an IWA from your favorite app store just like any other app and have the same security assurances. This would be incredibly useful in allowing for cross-platform E2EE web apps that don't need to trust a server every time you use them.
There are some [criticisms](https://github.com/w3ctag/design-reviews/issues/842#issuecomment-1989631915) of IWAs, at least in their current form. It'll be a long process of iterating on the design before a version of this idea that's secure and available across browsers.
The [Worldwide Web Consortium](https://www.w3.org) currently has an open issue on their GitHub for IWAs with some interesting discussions that are worth checking out. There are some [criticisms](https://github.com/w3ctag/design-reviews/issues/842#issuecomment-1989631915) of IWAs, at least in their current form. A big point of contention is giving IWAs access to more powerful features like raw TCP and UDP socket access, similar to what a natively installed app might be able to do, which Martin Thomson at Mozilla argues is dangerous even with user consent. It'll be a long process of iterating on the design before a version of this idea that's secure and available across browsers.
Right now, Chrome ships the feature [enabled by default](https://chromestatus.com/feature/5146307550248960) but only on ChromeOS for admin-controlled machines. Safari and Firefox haven't implemented the feature, with [Firefox](https://github.com/mozilla/standards-positions/issues/799#issuecomment-2342084330) taking a stance against it. Perhaps in its trial run the technology will prove its potential, or maybe IWAs aren't the best solution after all and another attempt will come along. I'll be watching with great interest either way.