This is what interests me, but I’m not clear whether or not we can prevent Web or desktop apps leaking or stealing data that we give them access to. So that’s my first question: can SAFE Browser + Web app be made watertight, to prevent the app from sending our data anywhere other than our own storage, and could that be a useful default (or would it be too restrictive for many apps)?
I think there’s going to be a role for this, but I’m more interested in what we can do for my mum here. Although tbh, even myself, I would probably manage to mess things up with such a fine grained system. Even quite simple models like Android permissions tend to be just clicked through by most people without consideration. I know I would bother to tweak them if I could, but most people rely on the App stores to weed out harmful apps, which is not that effective, and likely to get worse over time IMO.
If we could be sure that an app can’t post our data elsewhere, then what we give it permission to do in our storage - read or write - it’s much less of an issue.
Data Sharing Controls v Data Access Controls
If we could be sure we can control and monitor what it is allowed to send elsewhere, the UX could become much less onerous, and I think be designed to discourage bad behaviour by apps.
For example, say by default apps can read and write most of our stuff (everything except things we regard as needing high level of security say), but have to ask if they want to send anything elsewhere the effect is to:
- make it easier to write powerful apps that do great things with our data
- discourages apps from trying to send data elsewhere unless for good reason, because by default they have to ask permission every time, which both alerts the user, and makes using the app less convenient
On the other hand, if we use the Android model where apps can freely send information elsewhere (pretty much undetected by the user), and all users can do is say what they can and cannot read, the effect is reversed. Apps are encouraged to ask for extra access all the time, and can get away with doing whatever they like with it until someone in an app store flags this. And then what? Just roll out a new well behaved app and start over, meanwhile existing users of the bad app carry on being screwed.
So what do we think, is it feasible to make SAFE Browser + Web app watertight, preventing the app from sending our data to anywhere other than our own storage, and could that be a useful default (or would it be too restrictive for many apps)?
UPDATE: the answer is yes, this is technically feasible: we can implement fine grained permissions and monitoring of where an app stores data on SAFE. See Nikita’s post.. So now we can think about the usefulness of this, and whether we can come up with a usable UX to support it, that delivers the benefits listed above, without too much inconvenience.