2025 Web Platform: What are we working on?

WEH 2025 - Web Platform: What are we working on?

• GitHub issue: https://github.com/Igalia/webengineshackfest/issues/53
• URL: https://meet.jit.si/WEH2025-Web-Platform
• Slides: https://docs.google.com/presentation/d/1I9C6bffh-kXyPCLVq0F01_4Lj3MyXdcTKTQF4pyxqlk/edit?slide=id.g343a8a9927e_0_47#slide=id.g343a8a9927e_0_47
• Threat Model: https://github.com/simoneonofri/threat-model-web

1. Round of introductions: mostly Igalia, Mozilla, Tor Browser, Huawei

2. Presentation

3. Collaborative session:

Tor browser: plugins - not in browsers anymore extension - very powerful, they are applications, should be taken care in the same way, do not keep sandboxing and sandboxing them, otherwise they will not work

Igalia: privacy - web apis, browser functionality, powerful features, are always put behind the permission prompt, not sure how much that works in practice, need more discussion, need more transparency

Igalia: in Chrome, Firefox, asking for permission when installing an extension, every time ask for a permission, which is actually a way of increasing the chance of mitigating, too much permission without understanding

Tor browser: permission of extensions, in Tor instead of prompting, establish some trust in a site, give permission at the moment they are needed, the site needs to provide more details to allow the users understand why they need the permission

(??): in the future, a lot AI building, if there are things that are potentially dangerous - the model should be more flexible. things like autoplay might be level 1

(Igalia): distinguish levels of API permission, I vaguely remember there was a ranking of permission in Chrome … perhaps a strategy of SEO

(Igalia): disable powerful search results

(Igalia): how to help people who write specs to fill in the S&P questionnaires, is it possible to help people write APIs through the graph of the model