Say I want to use discord, is it better from a privacy standpoint to use it as a web app compared to downloading the actual app? I'm assuming yes, because I assume the downloaded application will come with more tracking and telemetry. I'm not sure though, interesting in what y'all know about this.
A good test is to use tor browser and try to register/login/use some of those webapps, if it's working, the webapp is trying to tracking you or don't like to don't know you.
reply
Correct typically this is the case but that doesn't mean you can assume web apps are privacy preserving, quite the contrary.
There are tradeoffs so it's hard to say web apps are categorically better, but it's probably a decent heuristic to say they are.
From a networking perspective with a native process and running a firewall such as Little Snitch, you can have exact control over the network connections a process makes, whereas with a web app you typically can't control that very easily.
But then it gets worse with native when you look at telemetry. The discord EXE hoovers things up such as all the processes running on your machine and sends this to their servers. If you doubt this just request all your data under GDPR law (or get a friend to) and look at it yourself. Browser APIs just don't support that kind of thing.
reply
From a networking perspective with a native process and running a firewall such as Little Snitch, you can have exact control over the network connections a process makes, whereas with a web app you typically can't control that very easily.
This! This is why I Little Snitch when I don't trust a app or website. You can inspect all requests that are made to it - https://help.obdev.at/littlesnitch4/adv-traffic-capture
If this is too overwhelming to you, you can start with https://obdev.at/products/littlesnitch-mini/index.html (it's free)
reply
  • Always use PWAs when possible.
  • The less apps you install, the better.
  • PWAs are way more secure, altough native apps will have better performance.
Twitter is a good example. Their PWA is not as good as the native app, but still does the trick.
reply
You mean secure from a privacy standpoint. Native apps have access to more security features afaik.
reply
It would be really great if web apps allow me to run PWAs in incognito mode like I always do when I'm browsing or going to sites like discord. That way I never leave my cookies crumbs behind when finish.
reply
I use PWAs when available. I think having fewer things installed is more secure.
reply
It is more secure :) less attack surface!
Best code is no code!
reply