-
Omni rizzler
> Any advice in why I would prefer to use a windows XMPP client vs a browser based one? Gajim vs Movim? I have found in the past some chat apps (discord) perform better in-browser so I save a browser instance/"app" rather than use the client. Also eliminates software updates, which is nice. Movim loads a lot , takes time and I had issues with memo encrypted chat with it but gajim is fast and stored a lot more msg but I have not tried the memo encription on it yet
-
L29Ah
browser is slow and insecure
-
L29Ah
discord client is a browser in disguise iirc
-
edhelas
> browser is slow and insecure Explain :p ↺
-
funderscore
> discord client is a browser in disguise iirc It's electron yes ↺
-
funderscore
> browser is slow and insecure Slow, maybe. But insecure? Explain more ↺
-
menel
When you use plastic Bowser you load the code when you open the website from the server. So you have to absolutely trust thr lle source where you load it from every time you open it
-
menel
With a real client you only have to trust on updates, and not the same server you chat with.
-
menel
Webclient is like loading code and executing it from a website every time you open it.
-
L29Ah
funderscore: how many remote code execution vulnerabilities are found in chromium every year?
-
edhelas
> Webclient is like loading code and executing it from a website every time you open it. Maybe we should try to cache some of the things in the browser, I'll tell the W3C to think about it 🤔 ↺
-
edhelas
Fun fact, the native apps are leaking way more personal information than their web version because the browser is having a very limited surface attack. The Discord App knows which apps are running on your computer, the Discord Web App don't know anything.
-
edhelas
But the issue are web apps :p
-
L29Ah
discord is malware, typical xmpp client isn't
-
L29Ah
if you have no option not to run malware, better run it in a shitty browser than in your system as a non-sandboxed code indeed
-
L29Ah
s/browser/& sandbox/
-
funderscore
Yes thats the thing
-
funderscore
Browsers typically run code inside a sandbox
-
funderscore
so it can't access all your stuff. While a native app can do whatever it wants
-
funderscore
> When you use plastic Bowser you load the code when you open the website from the server. > So you have to absolutely trust thr lle source where you load it from every time you open it But this is a very good point also ^ ↺
-
funderscore
(And to set expectations, I am not a huge fan of WebClients, I prefer tui)