Future of Coding is an online community with a welcoming, cooperative, and revolutionary spirit. We are unified in the belief that the common practice of programming is tragically less humane than it could be.

Future of Coding

I'm thinking about building a client side web app environment that blocks network access and focuses on end user controlled storage. Anyone have prior examples of something similar or just general thoughts on the idea?

Love the idea. What do you/we think about IPFS? Have always been curious about a browser that "mounts" it by default. Should work in an offline-first setting?

or just using indexeddb is enough if you plan to never sync

<@USH01JEDQ> I was intrigued with IPFS for a while but now I think content addressing just creates as many (if not more) problems than it solves. Yes certainly offline first at least with service workers.

<@UBN9AFS0N> I was thinking the indexeddb global could be overridden to be local or cloud or auto sync, that way keeping one standard storage interface for open source apps.

have you checked <https://remotestorage.io/> ?

I've built using react/redux and this: <https://www.npmjs.com/package/redux-localstorage> which lets you sync your redux store to local storage. It worked pretty seamlessly. Plus if you buy into redux-sagas you can use an actor model.

<@UBN9AFS0N> Ah interesting. That is the kind of prior art I was looking for

If you use wasm for the apps, you'd get blocked network access by default. Wasm modules can only access functions that you explicitly provide from the (js-based) environment, so it's easy to restrict capabilities to what you want to allow.

Yeah I've considered the wasm only strategy but I think there's still too much friction when dealing with the dom etc.

```window.XMLHttpRequest = function() {};
window.fetch = function() {};```
lol :slightly_smiling_face:

The tricky part is stopping dom nodes from triggering IO but yeah that's the general idea

What's the goal with blocking network access?

Electron is now encouraging a strong separation between processes that talk to the network and processes that talk to the file system. (For security, to avoid inadvertently loading untrusted code over the network and letting it have access to the filesystem.)

<@UKDM3GLAJ> To provide a guarantee that the app isn't stealing your data

I wonder if you could implement it more rigorously with a strict <https://en.wikipedia.org/wiki/Content_Security_Policy|CSP>

Actually CSP is not rigorous enough and the spec writers have even said they don't view it as a guarantee against all ways of data exfiltration.