Web based ≯ desktop.

Update: Thanks to James Kew and Stilgherrian, I now have two equally valid suggestions for a symbol, and I’m using one of them. This doesn’t mean that one of the suggestions was not-greater-than the other, of course..

Over here Dare is commenting on this blog post which talks about uses for authenticated feeds:

Examples of private feeds intended for 1:1 communication include bank balances, e-mail notifications, project status, and the latest bids on that big contract. Data in the wrong hands could be dangerous, and many companies will stay away from the feed syndication space until they feel their users’ personal data is secure.

Dare says that

Niall mentions white listing user agents but those are trivial to spoof. With Web-based readers, one can whitelist their IP range but there isn’t a good way to verify that the desktop application accessing your web server is really who the user agent string says it is. … This seems to be yet another example of where Web-based software trumps desktop software.

Sorry Dare, but I don’t agree. I don’t see how the web-based aggregator provides any extra security: that same keylogger/screenscraper running on my desktop that could so easily have pulled my bank details out of RSS Bandit can just as easily steal my login details to My Yahoo/Google Reader/whatever MSNs offering is/Bloglines/etc and thus expose my information.

In fact, web-based software introduces attack vectors that desktop software wouldn’t – keyloggers installed on public machines in net cafes, for instance.

I’m curious about your reasoning that a “Web-based solution trumps desktop software.” Can you expand on that?

Leave a Reply