this post was submitted on 08 Aug 2023
1931 points (98.8% liked)
Firefox
17937 readers
39 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This recent trend of using the browser window to handle logins and authentication is lame. Several apps that I use at work use the browser for file tracking too. You open a shared file, which opens the browser, which then opens the program with the correct file. Like what the fuck? It's lazy and annoying. They polute your workspace with open tabs that you never wanted. If they're going to use the browser for handling everything, then just make it a fucking web app! But nooo! You need to download our program so that we can track you, even though we actually use the browser for all of the functionality.
Browser auth is easier to dev and more secure because SSL is pre-established. Browsers tend to get security updates more often and have built in cert stores. Browsers are so central to an OS nowadays that path traversal is easier to set up, relative to individual apps.
If every application had to write this functionally, companies would have to redirect dev focus away from their core services and, most likely, would be shittier (for a number of reasons). It would also lead to more OS bloat.
On the other hand, if every app was a web app they'd be able to track you even better than they do now (at least regarding human interaction with the app itself); it's easy to set up an outbound block on an application that isn't a browser. On the other hand, installed apps can establish persistence. Like how Logitech does with its options software (I fucking hate this behavior btw).
I understand that they're leveraging the browser SSL for authentication. But there are ways to do that without opening another tab inside of your browser and then just leaving it there. They could handle those calls inside of an app window that loads whatever resources they need, or makes secure CURL calls, or whatever. There are a lot of ways to implement it that would result in a better UX. Yes I agree with you, they're saving time by doing it the way they're doing it. But I disagree that the UX should suffer because the business management wants the engineers want to save time. There are paths that address both issues. They may require some compromise, but the end experience for the user is superior. Maybe my ideas are dated, but I have always strongly supported the belief that user experience should be one of the highest priorities when building user interfaces. I think the problem is that we now live in a world with thoroughly entrenched tech companies, so they put UX third, knowing the user has very few options.