I wish pages like this had a way to specify, in the HEAD tag, that they are to be run in an additional sandbox with zero network access. That way, the user agent could render them in a special way to indicate to the user that it is safe to share data with the app.
Because nothing is stopping this app from updating its code after a few weeks in order to begin shipping data.
Of course, you can download the page and then use it off-line. Sure. But it'd be nice for a page author to communicate "I'm good, this page is self-contained and doesn't need any further access to the network, please let the user know."
Allowing a user to "pin" that status would similarly be great. Oh, and apply that or make it available to browser extensions.
The first step along the way though is making actually secure web apps possible.
Aren't secure web apps already possible? Well, Signal among others thinks otherwise. See the Isolated Web Apps explainer for a full explanation https://github.com/WICG/isolated-web-apps
In terms of version-pinning, the next-best idea I can come up with is to deploy your app as an HTML file with a single JS script, using subresource integrity[0] for the script. (The rest of the HTML content would need to be dynamically inserted by said script)
The developer can still change the HTML file, but if they change the script it's easy(ish) to observe that the hash has changed.
GitHub recently introduced[1] an "artifact attestation" system, which is essentially a way to demonstrate that a particular build was built by a particular source tree (although the precise security properties are more subtle than I've summarized here). Combining these two things and writing a static "load the most recent version and verify its integrity" script could be interesting.
I agree. This mode could even be enabled (but never disabled) via a javascript call. Once done, the browser could relax certain restrictions that are designed to prevent fingerprinting, since without network access I think most fingerprinting-related attacks become impossible
I dig the simplicity, but "mp4" for example is just a container format. Even if you don't make the codecs user-configurable, it'd be nice to know which codecs are being used e.g. "mp4 (h264 + AAC)".
Question, does it strip metadata? Because ideally that's what I'd expect from a "privacy-friendly" tool.
I let it "convert" one mp4 file into another, and it's taking a while, which makes me think it's doing a full re-encode. It might be worth adding logic to merely remux i.e. "-vcodec copy" where possible, as an optimisation.
Consider adding HEIC/HEIF image support, as well as JXL. Slightly less common, but all the more reason why someone would want to convert.
Hey! Yea, for mp4 its just ffmpeg -i and nothing else .. Good idea to optimize this. In general ffmpeg-wasm is a lot slower than FFmpeg run on your desktop, but let me see if I can improve on this.
This tool is an ergonomic replacement for things `ffmpeg` and `imagemagick`. Among the privacy-conscious, these tools are the go-to for stripping unwanted metadata, so I'd want the same from a replacement.
Of course, ffmpeg can do a lot of things, and I wouldn't expect them all to be supported. But I do expect metadata stripping (at least as an option) from a tool with privacy in the headline.
Major thumbs up on the idea and the simple interface, though some feedback:
If everything is local, using “Download” and “Upload” doesn’t seem like the proper choice of words.
It’s confusing that the Download button is on a table which shows the name of the file we “uploaded”, making it look like we’ll get the same file and not the conversion.
It might be worth considering some basic options to determine quality. Nothing too fancy, but at least an idea of what the quality/size ratio will be. For testing purposes I converted an MP4 to WebM which reduced it to less than one sixth of the size but the quality was so destroyed that the time and resources it took were a waste, the file went straight into the bin.
Yea makes sense with file naming and button. Let me try to iterate on that.
The mp4 to webm was actually the hardest to get working. Seemed like FFmpeg-wasm would stall at different times with some settings. I've updated it now to produce a bit better quality, but will definitely keep improving on this.
I was slightly confused at the start, as I didn't know exactly what it converts the image/audio/video into? I thought, based on the title, that it can convert image to video for example, or video to audio. Can it? Or is it more of a format/encoding converter?
This is a great tool and you should consider converting it to a PWA so it can be installed in addition to bookmarked.
Uploaded five files ~86 mb each (opus > wav). 3 files get converted ok. Two stops at 97% in brave/win11. DevTools reports: RangeError: Array buffer allocation failed
Using online converter is actually a good idea because it is often difficult to install tools like ffmpeg properly; for example, by default Fedora installs a version of ffmpeg which doesn't contains encoder like x264 and it requires googling and trying different commands to fix it.
Extremely convenient. Nice to see WASM is enabling such use cases. It's crazy how many online converter websites and none of them are good (ads, paid features, etc.).
My recommendation: think about PDFs. A lot of space for disrupting existing conversion websites there when it comes to speed, privacy, UI/UX. Not even anything complicated: splitting, combining, rotating, compressing, etc.
Because nothing is stopping this app from updating its code after a few weeks in order to begin shipping data.
Of course, you can download the page and then use it off-line. Sure. But it'd be nice for a page author to communicate "I'm good, this page is self-contained and doesn't need any further access to the network, please let the user know."
Allowing a user to "pin" that status would similarly be great. Oh, and apply that or make it available to browser extensions.