Punch nazis, trebuchet TERFs.

I am building Voyager, a client for lemmy!


I mainly post under @[email protected] now.

  • 8 Posts
  • 213 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle





  • aeharding@lemmy.worldtoTechnology@lemmy.world*deleted by creator*
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    8 months ago

    Mlem in app browser is using an in app browser API that is secure by design. It doesn’t allow snooping or injecting anything. This article is talking about abusive apps like Facebook that roll their own in app browser.

    Edit: although on iOS, the secure iOS in app browser api is always using safari engine, so the user choice argument is still valid.


  • It’s crazy that the in-app browser isn’t an OS-level overlay that the app can’t influence or look at what the user is doing in it.

    Android and iOS both have apis for in app browsers that are secure by design. Voyager for Lemmy uses this. Mastodon uses this. Last I checked even Twitter used this. However Facebook does not.

    these platforms also offer lower level APIs to build custom interface which are more powerful and flexible (but can be abused). This isn’t necessarily a problem. Custom browser apps need that functionality, and apps sometimes display their own content with web views.

    The problem is that app stores allow slapping a skin on this more powerful API and treating it like an in app browser to connect to arbitrary sites. Dumb imo. If you offer an in app browser, it should be required to use the platforms secure in app browser API.

    More powerful APIs should only be available to browser apps and displaying your own content in a web view.







  • I made a purchase on a sketchy site (during Covid when things were hard to find). A day or so later, some unauthorized transactions were made on my card. “Bank” called from actual number of my bank, to verify if I actually made the transactions. provided some of my personal information, transaction amount etc then asked to verify ssn. It was very convincing.

    Luckily I refused because I know anyone can call you claiming to be any number, and I didn’t give out any info, and said I would call back that number (my bank).

    Bank had no knowledge of a call.

    15 minutes later, get real fraud department call from my bank. They just wanted to know if it was fraud or not and didn’t ask for any other info.

    Moral of the story: if someone calls you, never give out personal info. Tell them you will call back if needed.