The premise is wrong because

99.9999% of "clients" are way worse than any browser for same service

so just throwing such advice around is wildly irresponsible. Examples given were

alexandrite for desktop - does not exist and if it did it would be what, an electron app?

Gemini - impossible or unweildy to use web browser anyway. gemini is a revamped gopher. You can access gemini via a web proxy but i doubt that is substantially worse than using a client https://geminiprotocol.net/clients.html either a proxy or client could contain malicious or sloppy code

neon modem - a github project with 9 contributors https://github.com/mrusme/neonmodem. it is a TUI interface for an itty bitty nichy part of the web. Cool to find out there is a tui for lemmy i will try it because i am a total weirdo not a normal person. It took me years to learn enough to be able much less willing to try a tui for fun.

So we have zero examples. Better but still not great example would have been reddit with 3PA prior to the API changes. Or mail cient vs webmail. Or usenet vs forums. Or bittorrent streaming vs netflix. Ytdlp vs youtube. Rss vs most other options.

Web is universal and low barrier. If you want to move to clients for everything youd have to rework every kind of function done on the web. Personally i like using special FLOSS clients when i can (like the lemmy client i am using right now) but i dont want it for everything. And a lot of the coziness with volunteer small groups of devs would vanish with any degree of popularity. A lot of the vulnerabilities that persist are pervasive to the internet and need systemic solutions like net neutrality and enforcement of regulations. Same problems could easily reproduce themselves with the proposed solution. Security thru obscruity sux.

@PaX & @EatPotatoes I tried neonmodem. Was eventually able to login to hexbear.

username and password stored plain text wtf

• who needs spyware with such abysmal security?
• you are much better off with a web browser
• no mention of this in the installer, the --help, the readme, the application
• I only found it because I was trying to troubleshoot another bug so I looked in the config file
• PR open since June 2023; no work since July
• another PR by different user attempting to solve the same problem but it was closed due to existing (still today unmerged) PR
• The devs are aware since many months. Have not even bothered in any way to alert users.
• Lack of notice demonstrates total lack of concern for users which I'm sure is manifested in lots of other ways

Lots of people share computers, they have unencrypted hdds, they have auto cloud backup etc. Hopefully no need to describe all reasons why plain text credential storage is Bad.

Like the advice to prefer clients over web, this project in its current state is plain irresponsible.

Clear from the github/website that this is intended primarily to adhere to devs' aesthetic tastes and nothing more.