> Websites[...] can sneakily copy the files you are working with
You have made one of the most baffling logical errors that commonly crop up when people criticize browser-based apps.
Browser-based apps execute in a sandbox. They are more constrained in what they can do in comparison to a traditional program running on your machine. Any nefarious thing a browser-based app can do, a local program can do, too, and not just that, but they can do it in a way that's much harder to detect and/or counteract.
There are good reasons available if you want to criticize browser-based apps. This is not one of them.
i can remove network access capabilities from a desktop app after it is installed. i can't easily do that with an app running in a browser.
likewise monitoring and detecting network access per application is easy. tracking down which browser tab is making which network connection is a lot harder.
i am using that already. at least in firefox the network tab only shows which destinations generate traffic. it does not show which tab the traffic comes from. since any page can connect to multiple destinations, not just the one where the page is loaded from, this is not enough to identify the culprit.
you are not wrong on the comparison but you miss the tools available to contain a desktop application that are not available for a browser application. by default a browser application is more limited than a desktop application, but those limitations also reduce the possible functionality of a browser application, and they are locked in place as far as i am aware of.
for a desktop application, at least on linux there are tools available to further constrain its access to the system by monitoring its activity, removing capabilities or placing the app in a container or even a VM. (VM are available on windows and mac too, but i don't know about other features)
to contain a browser app in this way i would have to run a contained copy of the browser as a whole, and i still can't easily limit network access.
further, almost all desktop applications on linux come from a trusted source or a trusted intermediary and have undergone at least some kind of review, whereas browser applications can be reviewed but it is non-trivial to ascertain that i am running the exact same version that was reviewed.
it is possible, and it is my hope for all this to change. i actually believe browser applications are a good idea, but the ability to audit, and constrain browser applications needs to improve a lot for that to happen.
I am not sure about your level of computer literacy, so sorry in advance if I give a a overly detailed response.
Certainly a website is allowed to process files you upload to it and the javascript are allowed to XMLHttpRequest in that sandbox.
This is outside the control of the user. While had it been an app running locally, I could restrict network access or other resources.
Of course the web developer can chose to process the file client side only, but generally when you upload a file to a website, it gets uploaded and processed by their servers.
Surely you can verify this yourself while using the website, but I am confident that most users of a website wouldn't do that and be none the wiser how their data is being processed.
TLDR: I don't believe the average web user is capable of distinguishing a webapp that works in offline-only mode from a ordinary website.
> I am not sure about your level of computer literacy, so sorry in advance if I give a a overly detailed response
In technical discussions, this is what I call "The Move". It comes from a desire to position the person making The Move as more knowledgeable and experienced and therefore correct and the other person as relatively new, inexperienced, lacking in wisdom, and naive. It's extremely sophomoric and perversely favored by those who lack the attributes they're trying to project. Don't do it.
I know how browsers and web apps work. I'm a former Mozillian, and among other things, I wrote, edited, and maintained the JS docs on developer.mozilla.org.
Even aside from The Move, nothing else that you wrote out here is especially relevant. The central observation I made is that users have more reason to be circumspect of non-browser based programs that they download and run than they do of browser-based programs because any nefarious thing a browser-based app can do, a native executable can do, too—or worse.
Anyone who has a gut feeling to the contrary is doing exactly that: operating on vibes and intuition and trying to reason with their gut instead of using actual reason to do what is ultimately a straightforward calculation.
(And the thing is, you and everyone else in your camp already knows the truths I've written out here. If you disagree, then we'll set aside one day a year that we'll call Native App Day. For Native App Day, browsers will refuse to execute browser-based apps. Instead everyone who publishes a web app will agree to publish programs packaged in the native executable format for Mac, Windows, and Linux, and everyone who typically uses the web app will run these executables with the same alacrity they apply when they undertake to use the web app. This will be strictly enforced, and there will be no cheating by folks who just refuse to use the computer on Native App Day.)
>> I am not sure about your level of computer literacy, so sorry in advance if I give a a overly detailed response
> In technical discussions, this is what I call "The Move". It comes from a desire to position the person making The Move as more knowledgeable and experienced and therefore correct and the other person as relatively new, inexperienced, lacking in wisdom, and naive. It's extremely sophomoric and perversely favored by those who lack the attributes they're trying to project. Don't do it.
Nonsense. Judging from your previous post it is apparent you are speaking outside of your expertise. Smearing labels all over rather than factually responding only makes it more so.
You claimed sandboxed browser apps was "more secure" than a traditional app.
Nobody suggested otherwise. In fact, we weren't discussing brower sandbox security model up to that point, but the differences between a online-only closed source web app and a traditional FOSS app.
> I know how browsers and web apps work.
So do the lot of us here, yet you don't seem to share a common understanding of the domain.
You do have a skewed understanding of the web app and seem to fail to understand why people would want a traditional app they could inspect and lock down as they please.
This suggest to me you are junior and/or suffering from a bit of Dunning Kruger because you might be skilled in other areas (in this case skilled in web dev and unskilled in traditional app dev), hence my previous comment about your skill level.
You responded to a lengthy post I made, and yet you fail to address any of the points raised.
> The central observation I made
.. was questioned by me and others and you just ignore what was said.
> And the thing is, you and everyone else in your camp already knows the truths I've written out here.
Get off your high horse.
You haven't shared shared any truths, you haven't addressed the issues we raised and you have a rather rude tone saying things like:
> You have made one of the most baffling logical errors that commonly crop up when people criticize browser-based apps.
You have made one of the most baffling logical errors that commonly crop up when people criticize browser-based apps.
Browser-based apps execute in a sandbox. They are more constrained in what they can do in comparison to a traditional program running on your machine. Any nefarious thing a browser-based app can do, a local program can do, too, and not just that, but they can do it in a way that's much harder to detect and/or counteract.
There are good reasons available if you want to criticize browser-based apps. This is not one of them.