Some ideas on browser security from Paul Frazee, of Beaker Browser:
I know we’ve briefly discussed this in other threads, but I like the idea of somehow having websites versioning more exposed, clear and enforced, and allow the user to either enforce a version of the website and/or be able to clone/take a snapshot of a website onto a private location for the user (the latter may go against the reward mechanism for authors).
I’m wondering if we could have the website version to be part of the
webFetch protocol (i.e. some MD entry in the root container of the website) that the browser could enforce/verify when loading it, and based on user’s choice, either “upgrade” the website when fetching it if a new version is reported available or fallback to the previous/older/trusted version. All this information could be stored by the browser app as part of the user’s browsing state so the user doesn’t need to always connect form the same client device, his/her preferences and trusted versions will be all stored in his/her SAFE account.
With the new additions to our client signing API, perhaps it could be built into safeNfs uploads to sign files beforehand and then
webFetch can verify the signed file?
Of course that would only ensure that the file hadn’t been changed or tampered with since the file upload event, which wouldn’t handle a malicious developer signing and uploading.
Just now I was a bit shocked reading about how to manually invoke a click event on a hidden anchor link.
The potential of this is worrisome and is just one small example of many that I’m not aware.
This may bring us back to @happybeing’s exploration of SOLID and use of the WebID standard which relies on X.509 certificates. It wouldn’t prevent malicious code but it could be our trust system.
So much more to research.
You’re the best Mark, I’m thankful that you thought to post this issue.
For instance when I tell my firewall the rules for an application, it takes note of its signature and if that changes (incl updates) the firewall alerts me and asks for permission to apply the set of rules or set new ones. I find this of great importance since any changes could be because of malware or upgrade that does things I do not want to allow.
So too on SAFE if we can have this where we allow a APP with a particular signature to have certain permissions and the APP is considered new, requiring authorising again, if it changes in any way.