> If an app really needs the feature it will have to distribute a native binary (like you have/had with some web video/screenshare) so do you prefer to have some applications that each one has to offer a Windows and Mac binary (no Linux or mobile) ?

Yes. 100%. And I say that as a Linux-user.

If someone needs access to low level system and platform specific stuff, I would like to have that confined and isolated in an app 100% separate from my browser, which is already having a hard time staying secure.

That will also make such apps harder to make, so people will not make the decision to require such APIs lightly, or “just” to profile a user.

This is the same position I have on WebDRM, and the way WebDRM has gone only solidifies my stance.

> I would like to have that confined and isolated in an app 100% separate from my browser, which is already having a hard time staying secure.

So instead of having all of the security features that browsers have you would prefer to run the application in an environment where code has all of the permissions as the user running it. I'm sure malicious actors are onboard with this proposal!

But this means you have to install 10 different extra plugins, 1 for your webconfrerence progrtam , 1 for screenrecording, other one for the other screen sharing that you need for the other project, other binary for some hobby you have that needs that feature.

The solution is to use a browser you trust and ask for browsers to have this modules off by default, maybe have the option to compile without pdf, webcam support, I am sure there will be people that would compile this browsers with the things they do not like out.

In Linux you could probably sandbox your borwser so it will not even see your real webcam or other hardware. So I prefer installing a full featured open source browser then 10 closed binary executables.

The growing complexity of browsers make security harder. But at the same time - mainstream platforms are also getting more limited in the name of security. It's almost impossible for a power user to fix something themselves. They have to install an app, or root their device. The alternative is not really downloading a random binary, you can no longer do that. The only alternative to get shit done is to go buy a Linux compatible PC and learn some programming. 20 years ago the security was terrible, but you could fix things yourself without being a developer. No matter how much systems are limited, security issues persist. If you are worried that your browser is insecure, switch to a more secure browser that doesn't have those features, or disable the features in the browser you already use.

As a developer I could write detailed instructions on my website how to install Linux, what OS and packages to use, instructions for git clone etc. Or I could just have a button that the user can click on.

IMO interfacing with hardware is a decent reason to write a small TCL/python app.

Hardware manufacturers suck SO badly at the web and software in general, the idea of having to use their website to configure something makes me feel nauseous.

Can you be more clear? For example I want to make something like video calls and screen-sharing do I do it in Python(or C proprietary) for all platforms then ask my users to install an extension that let's me connect with my application?

I understand where you are coming from and I would also like Firefox not to force on me the PDF reader and other options, if they could have this extra features as plugins that you could as a power users uninstall and use your preferred thing would be nice.

Can you also make more clear why you don't trust someone making a webpage that calls an hardware related API but you trust them if instead of the page is a binary or a python script.

Yeah, I can pull the script down and have something that I know works.

It’s not a security thing, I don’t trust the business people to avoid changing things in a breaking way.

Firefox or Chrome would have control over that hardware related code not the third party software, the software would ask if you have a microphone or not and a popup would/should appear so you can confirm, an evil developer can't go around this.

I know. I’m concerned the application will get changed in between uses. If it’s complex enough that I couldn’t use just screen or a short script I write myself then that means I’m depending on the behavior of a webpage to remain consistent for some process.

I don’t care about security I care about the application written by the device manufacturer (who I trust from a security standpoint) not changing (which it will, because some business/marketing/“UX” guy always comes along and breaks things and I won’t have a way to get the old version of the application that I needed to drive the hardware)

I mean the idea that webpages will want hardware access is concerning and I’m sure a lot of them will ask for it for some reason and that is a security problem but it’s not at all what I’ve been talking about. Maybe try rereading my other replies?

Sorry if I did not understand your example, are you afraid of companies offering a webpage for configuring your printer/drone/device instead of a stand alone application, Then if the site goes down you can't configure your thing?

If this is the case then you are asking to not allow features for the good developers because bad/lazy developers exists.

I have a Canon printer that works fine on Linux but I do not have the GUI executable like on Windows, so one day it did not work anymore, I had no idea what to do so i installed the driver on a Windows VM , let the VM to access the printer and I got a diagnostic (I forgot to open a tray thing). So for this case if the printer devs could make this diagnostic tool as a webpage or Electron app would have helped me a lot (I was lucky I already had a Windows VM)