undefined | Better HN

0 pointsJohnFen3y ago0 comments

With a couple of necessary exceptions, I don't use websites to store or process personal data, so that's not really the use case I have in mind.

What I have for native applications that I don't for the web is the ability to firewall off the native applications.

0 comments

tiagod3y ago

> What I have for native applications that I don't for the web is the ability to firewall off the native applications.

There you're placing trust on the firewall's sandbox. Are you sure the application can't communicate with the outside at all? DNS exfliltration for example?

JohnFenOP3y ago

A firewall is not a sandbox, but yes, I am sure that the applications can't communicate with the outside at all. My logs would show if they were. Any and all packets that originate from them are dropped, including DNS lookups and the like.

j / k navigate · click thread line to collapse

0 comments

tiagod3y ago

> What I have for native applications that I don't for the web is the ability to firewall off the native applications.

There you're placing trust on the firewall's sandbox. Are you sure the application can't communicate with the outside at all? DNS exfliltration for example?

JohnFenOP3y ago

j / k navigate · click thread line to collapse