On this week in privacy, let's explore web apps and convenience.
Web apps are cool
Web apps are applications that run inside web browsers. As you probably already know, web apps have been around for years, most notably with in the form of electron apps, and have had varying levels of success. Whole frameworks like React and Vue are designed specifically to turn an ordinary web page into an interactive app that runs offline.
There are advantages and disadvantages of web apps. On the plus side, unless you allow notifications, they turn off when the browser is closed. There's no secret spying. They're also compatible with every operating system with a decent browser. On the negative size, native apps can be more feature rich, and better handle touch controls.
We can install web apps from the Brave menu. This creates a link on the app screen. Alternatively, we can just bookmark the site. Either works.
Logging in every time sucks
One of the biggest advantages of web apps in a secure browser is also a huge inconvenience. When the tab is closed, the app is deleted. This also deletes the login. So, the next time we visit the site, we have to open the password manager, the 2FA app, and possibly check our email to log back in. You may only do this once every few years with a native app.
The Sacrificial Browser
The solution is to download a second browser. Vivaldi is a great choice. In this new browser, turn on ad blocking, use a VPN when on WiFi, but don't delete session data when a tab or the browser is closed. This will keep us logged in. However, this will also allow the web app to spy on us depending on the permissions we give the app.
For that reason, we will only use this browser for web apps. Do not feed the machine by browsing the internet.
Using web apps properly
Never allow a web app to show notifications when you see the popup. That can allow the web app to run when the browser is closed. If you like being spied on, that's how you do it.
Apart from this, each web app is granted certain default permissions. These tend to be browser specific, but most will allow network access, sound, video and tab sandbox access to things like screen size and such. A good browser will outright deny some access while making an app ask permission for additional access - via a popup.
Be very, very careful about giving a web app any permissions. Unless it is obvious that the app needs access, say to upload photos, don't give them anymore than the default set. No need to let the web app fingerprint your machine. If you make a mistake, you can just clear the site data, log back in, and try again.
Summary
1. Web apps used in a secure browser require you to log in every time. This is far less convenient than using a native app, but also far less privacy invasive.
2. Download a second browser only for web apps. Keep the same security settings, except that data is allowed to remain in the browser.
3. Install the web apps via this second browser, and never give it permissions it doesn't need. Any permission you give it can be used to spy on you.
