Looks like these safeguards are in place:
* System and root directories cannot be selected. * Can only being activated after user action. * Requires https. * Double-confirmation for write access.
No API like this could ever be bulletproof, but it's a start I guess.
Very cool API though, and it really does open up a whole new world of possibilities.
Those are some pretty flimsy safeguards. I don't keep my secrets in system directories and using HTTPS doesn't mean the site isn't malicious.
> I don't keep my secrets in system directories
Root of the home directory is also excluded.
But obviously yeah, nothing's going to prevent you from giving a website access to your .ssh directory if you explicitly select it.
Personally I don't have a problem with that. The ability to upload files has been a thing on the web for forever and I don't think there's ever been anything that stopped users from uploading their private key. Possibly some users have gotten phished that way, but at a certain point you have to accept responsibility for your own actions, otherwise you start ceding control of your life to a corporate nanny state.
> System and root directories cannot be selected.
That desperately needs something like the Public Suffix List [1] - a community-managed list where authors of software can blacklist directories containing sensitive files or such files directly for all browsers implementing this feature.
If I were to design such a list, it would include ~/.ssh, ~/.aws, ~/.config, ~/Library, ~/.{ba,z}sh{rc,_profile,_history}, ~/.m2, ~/.npm, ~/.npmrc, ~/.profile at the very least. Because users will get phished.
[1] https://en.wikipedia.org/wiki/Public_Suffix_List
This is still a security nightmare! You won't get every folder, or even enough folders.
Black listing is never secure. White listing is. Sadly some really smart person decided it was a good idea to store pictures and SSH keys within the same directory tree.
> Sadly some really smart person decided it was a good idea to store pictures and SSH keys within the same directory tree.
~/Pictures and ~/.ssh are as far apart as they can be while staying in the user's home directory. I guess you could stick stuff in... /var or something, but that seems worse overall.