Hacker News new | past | comments | ask | show | jobs | submit login

There are ways to make sure that doesn’t happen, like making sure only the origin the file was written from can open and see the files.

They should have put out a counter proposal. They certainly didn’t show it’s technically infeasible




Everything has been moving to first party especially during the last year.

So the origin is the one storing the tracking data, capturing it and sending it to Meta etc.

Which is what makes this so hard as there is no difference between a PWA and a rogue website.


Now we're getting into the fundamental fact that some websites have lots of tracking and such, and some don't.

This is no different than having to send the files to a server owned by the website. I fail to see any meaningful difference here. Should we also not allow HTTP requests? I don't see how this is different.


We are talking about storing data on user's computers.

If you allow PWA apps to do this. You also allow websites to use it for tracking.

Hence why Apple restricted this feature.


Storing data with user permissions, not permission-less. Its in no way like local storage or indexdb. Those permissions could be scoped to only allowing explict read/write of certain files (IE, the ones the user initiated) and not allow for arbitrary writing of files to the filesystem, for instance.

We already do this with the file upload API




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: