"Keep it in the browser"?

General
1

I have heard several times that the principle of ‘keep it in the browser’ should be applied when using the browsers recommended here on PG. This would reduce the attack surface and protect your data if necessary.

I have a few questions about this, as I couldn’t find a thread here that deals with this topic.

1. In the case of privacy-invasive programmes such as Instagram or Discord, I understand that it is clearly better to use them in the browser, as they have less access to data and the system.

2. But what about the software recommended here on PG? Should I use Notesnook, Bitwarden and everything else in the browser, or should I download the apps?

The background to this is that browsers are of course also vulnerable to attack, and separate software (recommended here on PG) would probably be the better choice and support more functions.

Can anyone help me with this or give me a more qualified answer?

1 Like
2

My response is by no means “more qualified”, and mostly confined in PC environment, as benefits of using PWA over native applications on mobile is much less controversial (I think).

IMO it comes down to your assessment and your preference.

I use a simple “diagram” to illustrate the key difference between native application and PWA.

PWA -(runs on )-> Web Browsers -(runs on) → OS

Native Application -(runs on)-> OS

Ride on the diagram above, here are my reasons to choose one over another, depending on your assessment.

Reasons for using PWA (click to expand)

If you use PWA, while browser itself is a prominent attack vector, it is constantly being studied and improved, it is also being confined by the OS.

Users are much less likely (if practical at all) being tricked to install malicious update of such site / PWA, unless either the dev went woke, you got DNS-jacked, or the site got hacked.

You will also most likely not being asked to install other dependencies (such as .net framework and what not) to run sites/ PWA, which is a big plus.

On the other hand, browsers with adblocking/ JS blocking features, combined with multiple user profiles, can supercharge the privacy and security protection.

Chromium based browsers can “package” many websites as “web applications” and “install” them to your PC, which is very convenient.

Reasons for using Native Apps (click to expand)

You are most likely avoiding the largest attack vector of using a computer (i.e. web browser).

There is no worries your browser will know / transmit / record what you do within a native application as web browser is not involved.

Native applications has unrivaled flexibility and functionality when compared to PWA, it is also more likely that native applications being open source and reproducible than a PWA (so you can check the code and build it yourself, if you wish).

All in all, I prefer PWA over native applications.

4 Likes
3

Native apps can fingerprint you with basically 100% accuracy since they have access to all kinds of system data that is not exposed by the browser. Unfortunately, browsers also expose far too much data, like system language, time zone, resolution, number of CPUs, memory, etc.

3 Likes
4

Malicious javascript code is a theoretical possibility. It is briefly mentioned on the website here, saying that web-based E2EE is flawed:

In practice, the effectiveness of different E2EE implementations varies. Applications, such as Signal, run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a backdoor in their application—in an attempt to steal your private keys—it could later be detected with reverse engineering.

On the other hand, web-based E2EE implementations, such as Proton Mail’s web app or Bitwarden’s Web Vault, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider’s guilt.

Therefore, you should use native applications over web clients whenever possible.

1 Like
6

So even what the other two users said, it is better to use native apps e. g. for services recommended by PG (foss and to some degree audited) to mitigate the downsides.

However, besides from that PWA or websites are the way to go?

7

If you’re asking for my opinion on the debate, I wouldn’t have one on this. I’m just providing relevant information so that people make informed decisions. Overall, I’m in the same boat as you. Here are some relevant threads I found on the forum:

Here is some advice from @xe3:

If you trust the apps/developers that PG recommends, you can consider using their native apps. The usual issues of using native apps are that they can fingerprint you more granularly and have elevated privileges in the OS compared to the browser, among other things, but these are non-issues if they are trustworthy.

If you don’t trust them, use web apps to confine their usage to the browser to prevent elevated privileges and fingerprinting. But keep in mind the prominent attack vector of browsers. Use a secure browser, keep it up-to-date.

3 Likes
8

If it’s a company that cares about privacy and security, like the ones recommended by PG, I’ll almost always use the app.

If it’s available through F-Droid, I prefer the app.

I’ll use a browser instead of an app if the app contains a bunch of trackers from Google, Amazon, Facebook, etc.

If I need a privacy invasive app, I leave it disabled until I do need it. The Amazon app is only enabled when I’m standing in front of a locker.

I know someone is going to suggest this … no pin code for the lockers in my city.

Another reason I use a browser over an app is if the app offers information that can be gathered with a simple search such as metric or currency conversion.

9

Notesnook is even better on a desktop browser. On a mobile browser, it’s fine, but when I go to settings, it cuts of half the page. So I use apps when PWA is not practical for me. When I used to use Bitwarden, I also used PWA and I don’t generally need auto-fill.

I also use PWA if the native app has too many trackers. You can use exodus to check. I use Patreon, Reddit and YouTube PWA, and I don’t miss using the native apps at all.

If you’re not used to using PWA, I would try it with every app you would normally use first, unless they don’t have PWA version available. The recommendations on PG are mostly trusted apps, but whether you trust them is up to you.

10

A useful perspective for me is always use two questions:

  1. Does it do encryption? If yes, I prefer native apps since browser based cryptography is both imperfect and often does not work without javascript or in jitless mode.
  2. Does it parse untrusted data? If yes, I try to confine it in the browser or remote browser or VM depending on the device I am on. This means RSS readers, Content streaming, pdf reader etc. is all browser apps often also through proxy (like miniflux for RSS or dangerzone on remote VM for pdf).

The interesting cases are where it does encryption and parses untrusted data (encrypted email(?), signal attachments, etc.). This is why I do not use encrypted mail, since my provider can scan any attachments coming in, and I can setup custom pipes for virustotal and anyrun sandboxes. So mail is confined to the web browser. For messenger attachments, I use a separate profile with native app and hope for the best (running them through the same pipes as mail attachment if they are not identifiable or personal).

Ultimately using a web app or an app is not something that protects against the developer (you have to trust them in any and all cases including reproducible builds and provenance). It is to stop targeted malicious updates, web crypto shenanigans, and stop user generated content from harming the device.

1 Like
11

Have you considered collecting from a retail location? My local locker requires Bluetooth so I travel twice as far and use it as an opportunity to buy fresh food. All you need is a 6 digit code written on a scrap of paper. Amazon don’t have access to their CCTV and the staff are friendly.

12

Only options where I live is a locker or a post office. Delivery currently isn’t available at the post office.

Not a lot of fresh food at the post office.

Not in my country, photo ID is required to collect a parcel and I have to show the clerk the barcode that arrives in my email.

I’ve never seen a CCTV on the locker so I don’t see how that matters.

It’s rare to find staff that isn’t.

13

Every locker where I live has two external cameras plus one integrated above the touch screen. Forgive me for having no idea where you live. When you referenced an unspecified city I assumed there was more than one option. Our post offices are typically inside shops. Dedicated post offices also sell snacks to remain profitable.

Not everyone enjoys an active social life. Collecting a parcel or catching the bus can reduce isolation. Don’t take a friendly encounter for granted.

14

I’m currently researching this matter. Just a few months ago there was a locker right next to my house and it required only a pin. Now that one is not working and all closest ones require and app.

I see only a couple that don’t have the app as requirement, now that I’ve read your post I wonder if those are ‘retail locations’ that you mentioned? They are titled as post offices though, gona find out now. Idea of setting a separate device for that BLE locker did not feel right anyway.
1 Like