This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Settings for users to manage which websites/domains can use WebAssembly

moonstein
Strollin' around
‎10-10-2023 02:21 PM
Status: New idea

WebAssembly has undeniably expanded the horizons of web development and user experience. However, the potential for misuse and the rising concern surrounding malicious parties exploiting WebAssembly requires the implementation of some kind of permissions management. This would allow users to explicitly give permissions (more control) and promote more transparency.

According the article WebAssembly Is Abused by eCriminals to Hide Malware the "CrowdStrike researchers analyzed 12,291 unique WebAssembly (Wasm) samples from May 2018 to June 2021 and found that 75% of Wasm modules are malicious". They discovered that "cryptocurrency miners boost efficiency by abusing WebAssembly to achieve near-native execution performance" and they also "turn to WebAssembly to hide web-based malware".

Without a proper permissions management system in place, malicious code could use WebAssembly to harness the power of users devices to perform actions without their consent. A permissions framework would act as a crucial layer of defense, ensuring that only trusted sites can use WebAssembly. Apart from that, many users would like to have more control about which websites uses WebAssembly, given them the power to decide what a website can or cannot do with their processing power.

See more ideas labeled with:
Comment
2 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎10-26-2023 08:07 AM
‎10-26-2023 08:07 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

luis123456789
Making moves
‎11-20-2023 06:11 AM
‎11-20-2023 06:11 AM

Allowing for a per-domain / per-site permission (or, would I even suggest, per-container permission similar to proxy support) would improve not only privacy and security, but also privacy and security conscious *usage patterns* (aka: "light patterns", in contrast to "dark patterns"). Since ATM it would be normal for secure usage to have WASM disabled in user.js, but then when a site malfunctions due to lack of WASM:

1. it is first needed to diagnose that lack of WASM is the cause. Tutanota for example offers no diagnostic (merely a generic "browser unsupported" message, and not even console errors)

2. then the user needs to reenable WASM in about:config.

3. then after usage, the user needs to remember to redisable WASM in about:config. Or wait until browser is restarted.

 

A permission would also helpfully come with added control features, such as a toggle or command to manually delete all WASM-related caches.

 

 

Copyright © 2024 Khoros, LLC