Can a malicious website access the contents of files on a computer?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












This might be paranoid, but if I go to a malicious website, can they tell what is inside a PDF on my desktop or what is inside my images on my hard drive?



I have a Chromebook and a Windows machine.










share|improve this question









New contributor




john doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • Do you mean files on your hard drive, or files in the browser? If in the browser, where? On their website? etc. Please edit your question to include those details (and other you think are useful) and don't respond in the comments, as your question as it is is not answerable.
    – Nordlys Jeger
    5 hours ago










  • As a side note: No website is 100% secure. Some just aren't compromised yet or don't know they're compromised.
    – Nordlys Jeger
    5 hours ago










  • I edited it. thanks
    – john doe
    4 hours ago










  • Should this be specified to a specific browser? I'd imagine not all browsers are equally secure in this respect? IE Flash was a huge vulnerability for stuff like this, wasn't it? If it's not specific to a browser, maybe it should be limited to a certain version of a given HTML spec or whatever.
    – TankorSmash
    1 hour ago







  • 1




    Clarifying question: when you say "a website that might not be 100% secure", I read it as meaning "a malicious website". Am I reading that correctly?
    – Mathieu K.
    53 mins ago














up vote
1
down vote

favorite












This might be paranoid, but if I go to a malicious website, can they tell what is inside a PDF on my desktop or what is inside my images on my hard drive?



I have a Chromebook and a Windows machine.










share|improve this question









New contributor




john doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • Do you mean files on your hard drive, or files in the browser? If in the browser, where? On their website? etc. Please edit your question to include those details (and other you think are useful) and don't respond in the comments, as your question as it is is not answerable.
    – Nordlys Jeger
    5 hours ago










  • As a side note: No website is 100% secure. Some just aren't compromised yet or don't know they're compromised.
    – Nordlys Jeger
    5 hours ago










  • I edited it. thanks
    – john doe
    4 hours ago










  • Should this be specified to a specific browser? I'd imagine not all browsers are equally secure in this respect? IE Flash was a huge vulnerability for stuff like this, wasn't it? If it's not specific to a browser, maybe it should be limited to a certain version of a given HTML spec or whatever.
    – TankorSmash
    1 hour ago







  • 1




    Clarifying question: when you say "a website that might not be 100% secure", I read it as meaning "a malicious website". Am I reading that correctly?
    – Mathieu K.
    53 mins ago












up vote
1
down vote

favorite









up vote
1
down vote

favorite











This might be paranoid, but if I go to a malicious website, can they tell what is inside a PDF on my desktop or what is inside my images on my hard drive?



I have a Chromebook and a Windows machine.










share|improve this question









New contributor




john doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











This might be paranoid, but if I go to a malicious website, can they tell what is inside a PDF on my desktop or what is inside my images on my hard drive?



I have a Chromebook and a Windows machine.







windows security chromebook






share|improve this question









New contributor




john doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




john doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 11 mins ago









Mathieu K.

201212




201212






New contributor




john doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 5 hours ago









john doe

143




143




New contributor




john doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





john doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






john doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











  • Do you mean files on your hard drive, or files in the browser? If in the browser, where? On their website? etc. Please edit your question to include those details (and other you think are useful) and don't respond in the comments, as your question as it is is not answerable.
    – Nordlys Jeger
    5 hours ago










  • As a side note: No website is 100% secure. Some just aren't compromised yet or don't know they're compromised.
    – Nordlys Jeger
    5 hours ago










  • I edited it. thanks
    – john doe
    4 hours ago










  • Should this be specified to a specific browser? I'd imagine not all browsers are equally secure in this respect? IE Flash was a huge vulnerability for stuff like this, wasn't it? If it's not specific to a browser, maybe it should be limited to a certain version of a given HTML spec or whatever.
    – TankorSmash
    1 hour ago







  • 1




    Clarifying question: when you say "a website that might not be 100% secure", I read it as meaning "a malicious website". Am I reading that correctly?
    – Mathieu K.
    53 mins ago
















  • Do you mean files on your hard drive, or files in the browser? If in the browser, where? On their website? etc. Please edit your question to include those details (and other you think are useful) and don't respond in the comments, as your question as it is is not answerable.
    – Nordlys Jeger
    5 hours ago










  • As a side note: No website is 100% secure. Some just aren't compromised yet or don't know they're compromised.
    – Nordlys Jeger
    5 hours ago










  • I edited it. thanks
    – john doe
    4 hours ago










  • Should this be specified to a specific browser? I'd imagine not all browsers are equally secure in this respect? IE Flash was a huge vulnerability for stuff like this, wasn't it? If it's not specific to a browser, maybe it should be limited to a certain version of a given HTML spec or whatever.
    – TankorSmash
    1 hour ago







  • 1




    Clarifying question: when you say "a website that might not be 100% secure", I read it as meaning "a malicious website". Am I reading that correctly?
    – Mathieu K.
    53 mins ago















Do you mean files on your hard drive, or files in the browser? If in the browser, where? On their website? etc. Please edit your question to include those details (and other you think are useful) and don't respond in the comments, as your question as it is is not answerable.
– Nordlys Jeger
5 hours ago




Do you mean files on your hard drive, or files in the browser? If in the browser, where? On their website? etc. Please edit your question to include those details (and other you think are useful) and don't respond in the comments, as your question as it is is not answerable.
– Nordlys Jeger
5 hours ago












As a side note: No website is 100% secure. Some just aren't compromised yet or don't know they're compromised.
– Nordlys Jeger
5 hours ago




As a side note: No website is 100% secure. Some just aren't compromised yet or don't know they're compromised.
– Nordlys Jeger
5 hours ago












I edited it. thanks
– john doe
4 hours ago




I edited it. thanks
– john doe
4 hours ago












Should this be specified to a specific browser? I'd imagine not all browsers are equally secure in this respect? IE Flash was a huge vulnerability for stuff like this, wasn't it? If it's not specific to a browser, maybe it should be limited to a certain version of a given HTML spec or whatever.
– TankorSmash
1 hour ago





Should this be specified to a specific browser? I'd imagine not all browsers are equally secure in this respect? IE Flash was a huge vulnerability for stuff like this, wasn't it? If it's not specific to a browser, maybe it should be limited to a certain version of a given HTML spec or whatever.
– TankorSmash
1 hour ago





1




1




Clarifying question: when you say "a website that might not be 100% secure", I read it as meaning "a malicious website". Am I reading that correctly?
– Mathieu K.
53 mins ago




Clarifying question: when you say "a website that might not be 100% secure", I read it as meaning "a malicious website". Am I reading that correctly?
– Mathieu K.
53 mins ago










2 Answers
2






active

oldest

votes

















up vote
6
down vote



accepted










Unless you explicitly grant a website—which is secure (HTTPS) or insecure (HTTP)—access to an item on your system that website will not have access to that item on your system.




This might be paranoid, but if I go to a website that might not be 100% secure, can they tell what is inside my hard drive desktop's PDF or what is inside my images on my hard drive?




Unless you explicitly give them access to your hard drive—or documents on your hard drive—then no, an insecure website won’t be able to access anything.



The only concern with a website that “might not be 100% secure” (and I am assuming HTTPS versus plain HTTP) is that when you transmit data back and forth HTTPS is encrypted and HTTP is not encrypted.



The risk then is if you type something into the site via a form and such, if the site is plain HTTP then the data you are transmitting is just clear text that anyone with a packet sniffer has the potential to read. But that is a slim chance at best.



Like if you are on a known public Wi-Fi network then maybe someone is on that network with you and potentially capturing packets and thus could detect what you are typing.



But in general if you are on a secure network at home or elsewhere you are “safe.”



In general, an “insecure” website only matters if you send data to them.






share|improve this answer






















  • weren't there some exploits where Google awarded large amounts of money to people who escaped the browser sandbox...
    – NoSenseEtAl
    16 secs ago

















up vote
1
down vote













A remote computer can't access anything on your computer without the aid of co-operating software on your computer.



In the case of you using your computer to visit an untrusted website, you are using browser software on your computer to initiate web requests (the HTTP or HTTPS protocol) to receive data from the remote computer. In this simple model, the remote computer has absolutely no access to your computer, but... browsers have some features which complicate this picture.



Modern browsers have a feature which allows you to upload files from your computer. A website may include a form which makes use of this feature. This feature does not give the website a view into your computer. When your browser processes such a form, it presents you with a file selection control; your browser can see the files on your computer, and when you make a selection, your browser sends the contents of that file, and only that file to the remote system. The way this feature works leads some people to believe that the website can see files on your computer when it actually cannot.



All modern browsers have JavaScript engines built into them. The website may include JavaScript code which is intended to be executed by your browser. When the browser receives JavaScript in a page, it will typically execute it automatically. JavaScript is normally used to enhance the user experience; it has certain capabilities and some limitations. The JavaScript engine can't "see" into your computer - can't see your files or what may be going on in other programs, but it can direct the browser to load other files from the same site - images, pages, etc.. JavaScript could make the browser at least attempt to download and execute a program which may have greater access to or control over your system. While JavaScript itself is limited in what it can do on your computer, it is nevertheless possible for a malicious programmer to make use of JavaScript to trick an unsuspecting user into downloading a more capable and malicious program.



TL;DR: An untrusted website cannot by itself see into your computer. But, a site can try to trick you into downloading and executing malicious software. Such software could potentially do anything on your computer. Your browser should not automatically download such software; at the very least, it should require your explicit acceptance. A malicious website could, however, try to trick you into giving such acceptance.






share|improve this answer




















  • thank you for the reply. this was informative
    – john doe
    33 mins ago










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "3"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);






john doe is a new contributor. Be nice, and check out our Code of Conduct.









 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1366768%2fcan-a-malicious-website-access-the-contents-of-files-on-a-computer%23new-answer', 'question_page');

);

Post as a guest






























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
6
down vote



accepted










Unless you explicitly grant a website—which is secure (HTTPS) or insecure (HTTP)—access to an item on your system that website will not have access to that item on your system.




This might be paranoid, but if I go to a website that might not be 100% secure, can they tell what is inside my hard drive desktop's PDF or what is inside my images on my hard drive?




Unless you explicitly give them access to your hard drive—or documents on your hard drive—then no, an insecure website won’t be able to access anything.



The only concern with a website that “might not be 100% secure” (and I am assuming HTTPS versus plain HTTP) is that when you transmit data back and forth HTTPS is encrypted and HTTP is not encrypted.



The risk then is if you type something into the site via a form and such, if the site is plain HTTP then the data you are transmitting is just clear text that anyone with a packet sniffer has the potential to read. But that is a slim chance at best.



Like if you are on a known public Wi-Fi network then maybe someone is on that network with you and potentially capturing packets and thus could detect what you are typing.



But in general if you are on a secure network at home or elsewhere you are “safe.”



In general, an “insecure” website only matters if you send data to them.






share|improve this answer






















  • weren't there some exploits where Google awarded large amounts of money to people who escaped the browser sandbox...
    – NoSenseEtAl
    16 secs ago














up vote
6
down vote



accepted










Unless you explicitly grant a website—which is secure (HTTPS) or insecure (HTTP)—access to an item on your system that website will not have access to that item on your system.




This might be paranoid, but if I go to a website that might not be 100% secure, can they tell what is inside my hard drive desktop's PDF or what is inside my images on my hard drive?




Unless you explicitly give them access to your hard drive—or documents on your hard drive—then no, an insecure website won’t be able to access anything.



The only concern with a website that “might not be 100% secure” (and I am assuming HTTPS versus plain HTTP) is that when you transmit data back and forth HTTPS is encrypted and HTTP is not encrypted.



The risk then is if you type something into the site via a form and such, if the site is plain HTTP then the data you are transmitting is just clear text that anyone with a packet sniffer has the potential to read. But that is a slim chance at best.



Like if you are on a known public Wi-Fi network then maybe someone is on that network with you and potentially capturing packets and thus could detect what you are typing.



But in general if you are on a secure network at home or elsewhere you are “safe.”



In general, an “insecure” website only matters if you send data to them.






share|improve this answer






















  • weren't there some exploits where Google awarded large amounts of money to people who escaped the browser sandbox...
    – NoSenseEtAl
    16 secs ago












up vote
6
down vote



accepted







up vote
6
down vote



accepted






Unless you explicitly grant a website—which is secure (HTTPS) or insecure (HTTP)—access to an item on your system that website will not have access to that item on your system.




This might be paranoid, but if I go to a website that might not be 100% secure, can they tell what is inside my hard drive desktop's PDF or what is inside my images on my hard drive?




Unless you explicitly give them access to your hard drive—or documents on your hard drive—then no, an insecure website won’t be able to access anything.



The only concern with a website that “might not be 100% secure” (and I am assuming HTTPS versus plain HTTP) is that when you transmit data back and forth HTTPS is encrypted and HTTP is not encrypted.



The risk then is if you type something into the site via a form and such, if the site is plain HTTP then the data you are transmitting is just clear text that anyone with a packet sniffer has the potential to read. But that is a slim chance at best.



Like if you are on a known public Wi-Fi network then maybe someone is on that network with you and potentially capturing packets and thus could detect what you are typing.



But in general if you are on a secure network at home or elsewhere you are “safe.”



In general, an “insecure” website only matters if you send data to them.






share|improve this answer














Unless you explicitly grant a website—which is secure (HTTPS) or insecure (HTTP)—access to an item on your system that website will not have access to that item on your system.




This might be paranoid, but if I go to a website that might not be 100% secure, can they tell what is inside my hard drive desktop's PDF or what is inside my images on my hard drive?




Unless you explicitly give them access to your hard drive—or documents on your hard drive—then no, an insecure website won’t be able to access anything.



The only concern with a website that “might not be 100% secure” (and I am assuming HTTPS versus plain HTTP) is that when you transmit data back and forth HTTPS is encrypted and HTTP is not encrypted.



The risk then is if you type something into the site via a form and such, if the site is plain HTTP then the data you are transmitting is just clear text that anyone with a packet sniffer has the potential to read. But that is a slim chance at best.



Like if you are on a known public Wi-Fi network then maybe someone is on that network with you and potentially capturing packets and thus could detect what you are typing.



But in general if you are on a secure network at home or elsewhere you are “safe.”



In general, an “insecure” website only matters if you send data to them.







share|improve this answer














share|improve this answer



share|improve this answer








edited 3 hours ago

























answered 4 hours ago









JakeGould

29.9k1090132




29.9k1090132











  • weren't there some exploits where Google awarded large amounts of money to people who escaped the browser sandbox...
    – NoSenseEtAl
    16 secs ago
















  • weren't there some exploits where Google awarded large amounts of money to people who escaped the browser sandbox...
    – NoSenseEtAl
    16 secs ago















weren't there some exploits where Google awarded large amounts of money to people who escaped the browser sandbox...
– NoSenseEtAl
16 secs ago




weren't there some exploits where Google awarded large amounts of money to people who escaped the browser sandbox...
– NoSenseEtAl
16 secs ago












up vote
1
down vote













A remote computer can't access anything on your computer without the aid of co-operating software on your computer.



In the case of you using your computer to visit an untrusted website, you are using browser software on your computer to initiate web requests (the HTTP or HTTPS protocol) to receive data from the remote computer. In this simple model, the remote computer has absolutely no access to your computer, but... browsers have some features which complicate this picture.



Modern browsers have a feature which allows you to upload files from your computer. A website may include a form which makes use of this feature. This feature does not give the website a view into your computer. When your browser processes such a form, it presents you with a file selection control; your browser can see the files on your computer, and when you make a selection, your browser sends the contents of that file, and only that file to the remote system. The way this feature works leads some people to believe that the website can see files on your computer when it actually cannot.



All modern browsers have JavaScript engines built into them. The website may include JavaScript code which is intended to be executed by your browser. When the browser receives JavaScript in a page, it will typically execute it automatically. JavaScript is normally used to enhance the user experience; it has certain capabilities and some limitations. The JavaScript engine can't "see" into your computer - can't see your files or what may be going on in other programs, but it can direct the browser to load other files from the same site - images, pages, etc.. JavaScript could make the browser at least attempt to download and execute a program which may have greater access to or control over your system. While JavaScript itself is limited in what it can do on your computer, it is nevertheless possible for a malicious programmer to make use of JavaScript to trick an unsuspecting user into downloading a more capable and malicious program.



TL;DR: An untrusted website cannot by itself see into your computer. But, a site can try to trick you into downloading and executing malicious software. Such software could potentially do anything on your computer. Your browser should not automatically download such software; at the very least, it should require your explicit acceptance. A malicious website could, however, try to trick you into giving such acceptance.






share|improve this answer




















  • thank you for the reply. this was informative
    – john doe
    33 mins ago














up vote
1
down vote













A remote computer can't access anything on your computer without the aid of co-operating software on your computer.



In the case of you using your computer to visit an untrusted website, you are using browser software on your computer to initiate web requests (the HTTP or HTTPS protocol) to receive data from the remote computer. In this simple model, the remote computer has absolutely no access to your computer, but... browsers have some features which complicate this picture.



Modern browsers have a feature which allows you to upload files from your computer. A website may include a form which makes use of this feature. This feature does not give the website a view into your computer. When your browser processes such a form, it presents you with a file selection control; your browser can see the files on your computer, and when you make a selection, your browser sends the contents of that file, and only that file to the remote system. The way this feature works leads some people to believe that the website can see files on your computer when it actually cannot.



All modern browsers have JavaScript engines built into them. The website may include JavaScript code which is intended to be executed by your browser. When the browser receives JavaScript in a page, it will typically execute it automatically. JavaScript is normally used to enhance the user experience; it has certain capabilities and some limitations. The JavaScript engine can't "see" into your computer - can't see your files or what may be going on in other programs, but it can direct the browser to load other files from the same site - images, pages, etc.. JavaScript could make the browser at least attempt to download and execute a program which may have greater access to or control over your system. While JavaScript itself is limited in what it can do on your computer, it is nevertheless possible for a malicious programmer to make use of JavaScript to trick an unsuspecting user into downloading a more capable and malicious program.



TL;DR: An untrusted website cannot by itself see into your computer. But, a site can try to trick you into downloading and executing malicious software. Such software could potentially do anything on your computer. Your browser should not automatically download such software; at the very least, it should require your explicit acceptance. A malicious website could, however, try to trick you into giving such acceptance.






share|improve this answer




















  • thank you for the reply. this was informative
    – john doe
    33 mins ago












up vote
1
down vote










up vote
1
down vote









A remote computer can't access anything on your computer without the aid of co-operating software on your computer.



In the case of you using your computer to visit an untrusted website, you are using browser software on your computer to initiate web requests (the HTTP or HTTPS protocol) to receive data from the remote computer. In this simple model, the remote computer has absolutely no access to your computer, but... browsers have some features which complicate this picture.



Modern browsers have a feature which allows you to upload files from your computer. A website may include a form which makes use of this feature. This feature does not give the website a view into your computer. When your browser processes such a form, it presents you with a file selection control; your browser can see the files on your computer, and when you make a selection, your browser sends the contents of that file, and only that file to the remote system. The way this feature works leads some people to believe that the website can see files on your computer when it actually cannot.



All modern browsers have JavaScript engines built into them. The website may include JavaScript code which is intended to be executed by your browser. When the browser receives JavaScript in a page, it will typically execute it automatically. JavaScript is normally used to enhance the user experience; it has certain capabilities and some limitations. The JavaScript engine can't "see" into your computer - can't see your files or what may be going on in other programs, but it can direct the browser to load other files from the same site - images, pages, etc.. JavaScript could make the browser at least attempt to download and execute a program which may have greater access to or control over your system. While JavaScript itself is limited in what it can do on your computer, it is nevertheless possible for a malicious programmer to make use of JavaScript to trick an unsuspecting user into downloading a more capable and malicious program.



TL;DR: An untrusted website cannot by itself see into your computer. But, a site can try to trick you into downloading and executing malicious software. Such software could potentially do anything on your computer. Your browser should not automatically download such software; at the very least, it should require your explicit acceptance. A malicious website could, however, try to trick you into giving such acceptance.






share|improve this answer












A remote computer can't access anything on your computer without the aid of co-operating software on your computer.



In the case of you using your computer to visit an untrusted website, you are using browser software on your computer to initiate web requests (the HTTP or HTTPS protocol) to receive data from the remote computer. In this simple model, the remote computer has absolutely no access to your computer, but... browsers have some features which complicate this picture.



Modern browsers have a feature which allows you to upload files from your computer. A website may include a form which makes use of this feature. This feature does not give the website a view into your computer. When your browser processes such a form, it presents you with a file selection control; your browser can see the files on your computer, and when you make a selection, your browser sends the contents of that file, and only that file to the remote system. The way this feature works leads some people to believe that the website can see files on your computer when it actually cannot.



All modern browsers have JavaScript engines built into them. The website may include JavaScript code which is intended to be executed by your browser. When the browser receives JavaScript in a page, it will typically execute it automatically. JavaScript is normally used to enhance the user experience; it has certain capabilities and some limitations. The JavaScript engine can't "see" into your computer - can't see your files or what may be going on in other programs, but it can direct the browser to load other files from the same site - images, pages, etc.. JavaScript could make the browser at least attempt to download and execute a program which may have greater access to or control over your system. While JavaScript itself is limited in what it can do on your computer, it is nevertheless possible for a malicious programmer to make use of JavaScript to trick an unsuspecting user into downloading a more capable and malicious program.



TL;DR: An untrusted website cannot by itself see into your computer. But, a site can try to trick you into downloading and executing malicious software. Such software could potentially do anything on your computer. Your browser should not automatically download such software; at the very least, it should require your explicit acceptance. A malicious website could, however, try to trick you into giving such acceptance.







share|improve this answer












share|improve this answer



share|improve this answer










answered 2 hours ago









Zenilogix

17019




17019











  • thank you for the reply. this was informative
    – john doe
    33 mins ago
















  • thank you for the reply. this was informative
    – john doe
    33 mins ago















thank you for the reply. this was informative
– john doe
33 mins ago




thank you for the reply. this was informative
– john doe
33 mins ago










john doe is a new contributor. Be nice, and check out our Code of Conduct.









 

draft saved


draft discarded


















john doe is a new contributor. Be nice, and check out our Code of Conduct.












john doe is a new contributor. Be nice, and check out our Code of Conduct.











john doe is a new contributor. Be nice, and check out our Code of Conduct.













 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1366768%2fcan-a-malicious-website-access-the-contents-of-files-on-a-computer%23new-answer', 'question_page');

);

Post as a guest













































































Comments

Popular posts from this blog

What does second last employer means? [closed]

Installing NextGIS Connect into QGIS 3?

One-line joke