Web App Security Notice
This web app communicates directly with your radio hardware through
Web Serial and may use your microphone for signal analysis.
It runs entirely in your browser. No data are uploaded or shared but several browser-level
permissions and security factors are important to understand.
Possible Risks
-
Browser Permissions: When the app requests access to a serial port or microphone, it must be granted by you. If you allow access to the wrong device or site, another page from the same origin could re-use that permission.
-
Third-party Scripts or Extensions: Malicious extensions or injected scripts could read or modify the page, including serial data.
-
Public Hosting: If this page is hosted on an open or shared domain, other users could potentially inject or link content that inherits the same permissions and local storage. Recommendation: Download and run on your own server, e.g. localhost.
-
Accidental Device Control: Any granted serial connection allows the page to send commands to your device. Always verify that the connected port belongs to your transceiver.
How to Stay Safe
- Use the app locally whenever possible: open the page as
https://localhost or from your computer's own web server.
- Grant permissions only when needed and only to the devices you recognize.
- Use a clean browser profile (no extra extensions) for radio control.
- Close the tab when you finish operating. This ends all active serial and audio sessions.
- If you host this online, use HTTPS, apply a strict Content Security Policy (CSP), and disable iframes and third-party scripts.
- Never share your running session via screen-sharing or remote control while the serial port is open.
The reason is that remote control of your browser can affect the serial port and potentially operate the radio.
This app is designed for direct local control and signal visualization. It never sends CAT data, audio, or settings over the internet. Keeping it on your own machine or trusted server ensures your radio stays secure.
Security note post-edited from a ChatGPT5 summary. DJ0MZ