Cannot wait for an exploit to be discovered and observe how personal information is stolen via this API.... or even without exploit, people being tricked into accepting this permission and then having malicious apps taking advantage of this.
Why is this API even necessary? I understand that for Google there is an amazing appeal about getting access to your local drive, but for the end user this means that native apps will be slowly disappearing to make room for horrible slow clunky web apps that can read all your files.
I think it is obvious why the API is useful, productivity apps(as well as anything else that needs open and save files) on the web suffer from the friction of uploading and then downloading a file which makes for bad UX.
You can't account for every possibility but the permission management seems clear and doesn't persist. The notifications seem fairly overt as well. The fact that it is user driven too makes it hard to imagine that many/any users would not only accidentally allow permissions but then also accidentally select a sensitive file/directory. Only time will tell though.
I'm a Systems Reliability and DevOps engineer for Netdata Inc. When not working, I enjoy studying linguistics and history, playing video games, and cooking all kinds of international cuisine.
The 'upload' issue is actually a non-issue even without the FS API. You can (on a vast majority of modern browsers) pull off a 'fake' upload in any number of ways that works just fine without hitting the remote server.
Downloads are the big issue, because the current behavior of web browsers does not allow for apps to hint the browser that links should use 'Save As' behavior (but, FWIW, downloads donโt actually need to hit the server either, you can use either a Data URI (if the file is small enough) or the Blob API to generate a 'donwload' client side).
I also have the same view. The example use cases given on googles web dev page doesnt seem that relevant(Online IDE, Photo/Video editors etc). Also, spec does cover the security aspect but I still feel that this could go wrong.
Maybe this is geared towards converting web apps to offline mode. But sooner or later scammers will definitely find a way to abuse it. I would surely never give this permission to any site.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Cannot wait for an exploit to be discovered and observe how personal information is stolen via this API.... or even without exploit, people being tricked into accepting this permission and then having malicious apps taking advantage of this.
Why is this API even necessary? I understand that for Google there is an amazing appeal about getting access to your local drive, but for the end user this means that native apps will be slowly disappearing to make room for horrible slow clunky web apps that can read all your files.
For the same reason of leave horses to get heavier cars.
Or leave assembly to get slower programming languages.
It's called evolution.
Indeed, but there are advantages for PWAs especially in Android based like DEV itself
I think it is obvious why the API is useful, productivity apps(as well as anything else that needs open and save files) on the web suffer from the friction of uploading and then downloading a file which makes for bad UX.
You can't account for every possibility but the permission management seems clear and doesn't persist. The notifications seem fairly overt as well. The fact that it is user driven too makes it hard to imagine that many/any users would not only accidentally allow permissions but then also accidentally select a sensitive file/directory. Only time will tell though.
The 'upload' issue is actually a non-issue even without the FS API. You can (on a vast majority of modern browsers) pull off a 'fake' upload in any number of ways that works just fine without hitting the remote server.
Downloads are the big issue, because the current behavior of web browsers does not allow for apps to hint the browser that links should use 'Save As' behavior (but, FWIW, downloads donโt actually need to hit the server either, you can use either a Data URI (if the file is small enough) or the Blob API to generate a 'donwload' client side).
There's at least github.com/jimmywarting/StreamSave... (or for older browsers github.com/eligrey/FileSaver.js), it actually took me longer to figure out "uploading" files locally than saving files.
I use only Web Apps, I replaced all the native apps with web apps and I love it!
Last I checked web assembly is very usesable now. E.g. Blazor(c#) for something more mature and Yew(rust) for something still being worked on.
I also have the same view. The example use cases given on googles web dev page doesnt seem that relevant(Online IDE, Photo/Video editors etc). Also, spec does cover the security aspect but I still feel that this could go wrong.
Maybe this is geared towards converting web apps to offline mode. But sooner or later scammers will definitely find a way to abuse it. I would surely never give this permission to any site.