alapakala

bruv, have you ever designed a fighter jet from a raft?

Because that is the equivalence of comparing OPFS is to a secured PostgreSQL query.

You cannot attain security from a raft, when fighter jets only need to drop bomps like a carpet to write on cities, and traverse microseconds of distances compared to whatever the wind is.

OPFS is insecure by design.

I mentioned threat remodeling for several reasons. One of them is, as designed OPFS fails every single one of your suggestions, and more.

So, an entire HPSA model needs to be redesigned, or stick to non HPSA whatsoever until further peer reviewed refuzzing has been made.

This type vectorization isn’t novel, it’s just hilarious vendors just accepted it without further security considerations.

we should get rid of VPNs because they suffer the same kinds of side channel risk.

🤝🤣

As demonstrated in the paper, OPFS enables attackers to read more than just browsing habits, but also solid state gates’ data.
Meaning, if vendors require HPSA, they will need to redesign their entire threat model to an isolated securely atomized one that OPFS by design cannot secure.

bruh, read my other comments 🧵

OPFS should not exist.

Block me too👋

or, no tabs at all. Let the window manager tab browser sessions instead. Isolated/jailed, ofc…

nrly, just Mozilla things.

OPFS

Seems like a feature vendors need reconsider unimplementing/threat remodeling.