Privacy controls for apps

[lsileoni]

trafficstars

Description of the feature

It would be good to have some form of app controls to restrict requests to and from third parties. I'm envisioning some sort of pop up saying "this app wants to make request to third parties xyz, authorize y/n" with an additional toggle per-app, which can be toggled at any point in time. Another avenue would be to just block by default, then allow the user to lift those restrictions per app.

The problem the feature will solve

As it stands now apps can make requests to and from whatever third parties the app creator chose to include, but users don't have fine-grained control over the apps themselves.

This can be an avenue for bad actors to publish apps and gain information about users, that could identify them through IP/browser data/whatever the app creator chooses, as third parties may suddenly just serve different files for example, or log all requests etc...

Relevant links or sources

This NFT on OpenSea Will Steal Your IP Address

[jelveh]

As discussed on Discord I think this has potential, especially since we're privacy-focused. One thing I want others to chime in on as well, is implementation. For example, how could we practically limit HTTP requests in an iframe.

[AtkinsSJ]

The sandbox attribute on iframes gives you some control over what they're allowed to do, but I don't think any of the options would prevent the iframe from making requests... Intercepting the requests from the outside is also not possible I believe.

One option might be to proxy each app, and insert a script into its html that makes these changes. But the app could just remove the script from itself, so that doesn't protect you from someone who knows about Puter and wants to bypass restrictions.

It's tricky!

[jelveh]

I don't think this is possible without major infra for networking. But, generally I'm going to add other privacy controls for apps in the upcoming Settings app.