Misguided JavaScript API: Origin Private File System
The Origin Private File System (OPFS) is a new JavaScript API that prioritizes web developers' needs over user privacy. It allows websites to access a private file system on users' devices without stringent security checks, raising concerns about data exfiltration and excessive storage quotas. Critics argue that the OPFS poses significant risks to user control and privacy, suggesting it should not have been implemented.
- ▪The OPFS offers low-level file access that is private to the origin of the page.
- ▪Websites can potentially exploit the OPFS for side channel data exfiltration attacks.
- ▪The API allows websites to store up to approximately 60% of total disk space, which can lead to excessive data storage.
Opening excerpt (first ~120 words) tap to expand
Previous: The Mythical App Store Reviewer Month Articles index Jeff Johnson (My apps, PayPal.Me, Mastodon) Misguided JavaScript API: Origin Private File System May 28 2026 The web browser vendors continually add JavaScript API that prioritize the needs of web developers over web users. The interests of the two groups can conflict, for example because web developers often want to fingerprint and track web users, and I would note that Google Search advertising revenue provides a large part of the funding for all three of the major web browser engines: Chromium, Gecko/Quantum, and WebKit.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Lapcatsoftware.
Discussion
0 commentsMore from Lapcatsoftware
