Ask HN: Any questionable WASM-only websites?

8 points by bitzun ↗ HN
Like many, I have a hunch that as WASM proliferates, in addition to all the (legitimately) cool apps we will have abusive (intentionally or not) behavior like uninspectable canvas-only webpages.

My ask is: does anyone have examples of sites that already use WASM unnecessarily, or as an obfuscation or DRM tactic?

I ask because I want to look into the state of tooling to allow users to augment those sites to be more friendly.

4 comments

[ 6.3 ms ] story [ 19.2 ms ] thread
WASM code can only access the resources the outside JavaScript tool makes available to it. In theory, Satan himself could write the most clever WASM code ever, and it couldn't do anything that the outside JavaScript didn't permit. This is the beauty of capability based security.
It seems the Cloudflare extended challenge page. At least it requires turning on JIT in hardened chromium builds which loosely correlates to usage of webassembly.
What use is that when the policy is defined by the same person?
It's of no use when defined by the same person. It's of immense use when the user gets to decide which resources are to be used, and the operating system enforces their will.

Wallets/purses/etc. work because their user can see their cash, and quickly decide which economic capability tokens ($5 bills) they can dedicate to a financial transaction. (I.E. buying a loaf of bread) There's no chance that giving someone said token will compromise your email, dump all your passwords to utopia, promise your first born son, etc.

It would be nice if our operating systems provided this bare minimum level of security functionality, instead of forcing you to give all of your resources to a program you want to run, each and every time, forever.