I dont care about your unique SaS usecase, these are invasive. Make a native app if that's what you need.
The difference is intent. By installing Chrome I do not intend on giving up every last bit of privacy and control over my computer, they just want to trick me into doing so by stuffing functionality into web APIs that should never have been web APIs in the first place.
You make it sound as if Chrome will expose your private data and the control over your computer to everyone who cares to use it.
Aren't you in control over what you allow to access on the per-site basis?
If you're questioning whether they're trustworthy, you should be going out of your way to avoid installing their native app, preferring a web-based solution instead.
> By installing Chrome I do not intend on giving up every last bit of privacy and control over my computer, they just want to trick me into doing so by stuffing functionality into web APIs that should never have been web APIs in the first place.
Is Chrome really so bad about accidentally granting privileges (webcam, say) to websites?
Perhaps there's a more privacy-oriented browser that lacks such functionality entirely? Sounds like a good idea, come to think of it.
You mean the same way you are in control over what data tracking you allow and what cookies can be set on a per-site basis? In theory perhaps, in practice no.
Yes, Chrome is bad at managing privileges and leaking data back to Google and any other web site that is smart enough to know how to ask for it. Avoiding browsers that implement this and shaming sites that use the APIs is apparently the approach that will be necessary going forward.
I am still confused. How is it different from the native app situation? How can you be sure which of your data is being tracked by the Facebook app, or Twitter app, or Instagram app, or whatever the cool kids use these days?
WebKit on the iPhone limits the APIs that a web site can access. An app has fewer limits, even on an iPhone. This means that with a VPN, a decent DNS server, and some content blockers on the iPhone I can limit what data Facebook has access to in ways that an app does not allow. This is only possible because I have the choice between the app (with fewer limits and protections) and a restrictive browser environment. If the browser provided all of the goofy APIs Google wants to shove down people's throats I would have a much more limited set of options.
I don't know what you mean by this. A native app has far more access to your machine than a website has. If you've installed untrusted native code, it's game over.
Are you thinking of web-trackers like the infamous Facebook 'Like' button tracking you around the web? We have a solution to that, and it doesn't involve trusting native apps. Firefox Containers sound like just the ticket. [0]
> This is especially the case when the leading browser happens to be created by a data collection company.
> Avoiding browsers that implement this and shaming sites that use the APIs is apparently the approach that will be necessary going forward.
As far as I know Chrome doesn't leak browsing data back to Google any more than any other browser, not counting features like auto-complete. If you want a Google-free browser, though, you can either go with Firefox, or a Firefox derivative, or go with an alternative like 'ungoogled-chromium' [1]
As for shaming, I have very little confidence that this could work. The 'cookie law' gave websites the choice between not using tracking cookies, or showing a popup announcing to the user that the website uses tracking cookies. In response, virtually the entire web now shows a popup announcing their use of tracking cookies. Many of us thought the law would have a sort of shaming effect, but it didn't.
edit I'm ignoring the option to click the 'Deny' button that the popups are required to give. I wonder how many people click to deny. I don't think I've ever seen hard numbers.
[0] https://addons.mozilla.org/en-GB/firefox/addon/multi-account...
You're either trolling or clueless. Everyone needs a web browser. There are basically 2 of them. These are used (or necessary) to access a lot of things in today's world, from ordering a pizza to accessing government publications. Nobody NEEDS one particular web app. We can avoid installing apps, but not standards compliant web browsers.
If you use Firefox Containers, you avoid untrusted native code, and you avoid persistent cookies tracking you around the web.
There's no way you can argue that a single "grant all permissions" step is more privacy friendly than fine grained permissions.