←back to thread

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

(www.zdnet.com)
428 points coronadisaster | 4 comments | 29 Jun 20 10:16 UTC | HN request time: 0s | source
Show context
philistine ◴[29 Jun 20 13:03 UTC] No.23677180[source]
I’ve heard so many people complain on HN about Safari’s lack of support for APIs. Before now, we didn’t have a public justification why Apple refused to implement them. Now we know.

The price of a Safari user in the ad market is going down, and it’s exactly what should be happening. I’m very happy with Apple.

https://9to5mac.com/2019/12/09/apple-safari-privacy-feature-...

replies(8): >>23677237 #>>23677240 #>>23677307 #>>23677333 #>>23677632 #>>23678116 #>>23681749 #>>23682896 #
fastball ◴[29 Jun 20 13:21 UTC] No.23677307[source]
Except "privacy" as a justification is BS.

You can implement these APIs while at the same time requiring explicit permission from the user before a web application can use them. This preserves privacy while also giving users the option to have much more powerful web applications.

Apple doesn't want to implement these APIs because currently if you want access to these things on iOS, you need to go through their walled garden App Store, where they get a big chunk of any revenue you might make on such a service and can nerf competitors and all the other anti-competitive stuff they're doing.

replies(7): >>23677413 #>>23677496 #>>23677509 #>>23677610 #>>23679646 #>>23679893 #>>23680797 #
user5994461 ◴[29 Jun 20 13:35 UTC] No.23677413[source]
I don't want random web sites I open (and their ads) to ask permission to scan bluetooth in my area and use usb devices connected to my computer. A website has no business doing any of that. There is no justification for these API to exist.
replies(5): >>23677428 #>>23677459 #>>23677466 #>>23677539 #>>23679532 #
fastball ◴[29 Jun 20 13:37 UTC] No.23677428{3}[source]
I disagree. I want that. Therefore a website does have business asking for those things.
replies(2): >>23677512 #>>23678674 #
fennecfoxen ◴[29 Jun 20 13:44 UTC] No.23677512{4}[source]
You're wrong. Therefore the developers' effort should not be wasted, and certainly not while exposing their users to privacy risks, exploits, and such other dangers as will inevitably arise when placing the capabilities to perform sensitive operations in software which also deals with untrusted input from the Internet.
replies(3): >>23677590 #>>23677660 #>>23677769 #
1. Sayrus ◴[29 Jun 20 13:53 UTC] No.23677590{5}[source]
This is definitely going to be downvoted.

Isn't App store apps (Not reserved to Apple's one, this also works for Google, Microsoft and many others) untrusted code too? It runs with even more privileges than your browser's code and have access to more fingerprinting information if that's what it is going to do.

As far as I see it, a PWA with these permissions has less privacy risks than a native application I can find on a store. I'd really like to understand how installing an app is not an issue but having the access from the browser is. Is it simply the permission framework that is broken and you don't trust it to not leak information when the API is disabled?

replies(1): >>23679683 #
2. otterley ◴[29 Jun 20 17:20 UTC] No.23679683[source]
Isn't App store apps (Not reserved to Apple's one, this also works for Google, Microsoft and many others) untrusted code too?

Apple puts every submitted application through an enormous battery of automated (and sometimes manual) tests and disassembly to look for malicious or non-permitted behavior before publishing apps to the App Store. They don't have that ability with random websites.

replies(1): >>23681336 #
3. searchableguy ◴[29 Jun 20 19:15 UTC] No.23681336[source]
How did facebook, tiktok and many others get past through that lol?
replies(1): >>23685025 #
4. saagarjha ◴[30 Jun 20 00:07 UTC] No.23685025{3}[source]
Because Apple does not enforce their rules consistently.