undefined | Better HN

0 pointsgnosis12y ago0 comments

"Standalone engines are subject to fewer attacks from untrusted code, so they're probably easier to exploit than a browser."

Probably? This is purely speculative.

I'd be interested to see any actual exploits of Interactive Fiction engines. So far, they are a much less attractive target to malware authors than web browsers are. That alone makes me prefer them over web browsers, no matter what their theoretical vulnerabilities may be.

"incognito mode / using a separate browser profile / portable browser installs are all options to completely preserve privacy"

Users are often tracked by their IP addresses as well as OS and browser fingerprinting, which Javascript can facilitate. Try going to Panopticlick[1] with Javascript turned off and then with it turned on and see the difference.

"that are either as convenient or more convenient than installing an interactive fiction engine."

But I already have multiple Interactive Fiction engines installed, so using them is perfectly convenient for me. As for others, how many people do you think actually bother to use a separate browser profile or even "incognito mode"? Not a hell of a lot. And if they do, they might also do what I do and disable Javascript altogether.

[1] - https://panopticlick.eff.org

0 comments

ronaldx12y ago

>So far, they are a much less attractive target to malware authors than web browsers are. That alone makes me prefer them over web browsers, no matter what their theoretical vulnerabilities may be.

I sympathise but find it quite contrary that you prefer to download standalone engines over something sandboxed in the browser. Although I believe there is some unknown percentage of users who won't turn on Javascript for this game, I can only imagine that a vanishingly small percentage of those might take a stance similar to yours.

The other obvious flip-side of your argument is: Javascript has a much bigger potential audience than IF engines these days. That alone makes Javascript preferable to develop for. The security and privacy issues do not make enough of a dent in Javascript's userbase to make this a serious consideration for developers.

gnosisOP12y ago

I never claimed that developers or the vast majority of users are going to suddenly abandon Javascript once they heard my oh-so-compelling argument against it.

In fact, I don't expect them to.

Most users are ignorant, technologically illiterate, blind to security issues, and lacking of any concern for their online privacy. Most developers aren't much better, and aim for the low-hanging fruit, without many scruples as far as respecting the privacy of their users goes.

No. Most of them aren't going to change. But that doesn't mean that I'm going to suddenly give in and start using Javascript myself. And though I be a lone voice crying in the wilderness, I'm going to stand up for what I know is right.

j / k navigate · click thread line to collapse