←back to thread

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

(www.zdnet.com)
428 points coronadisaster | 1 comments | 29 Jun 20 10:16 UTC | HN request time: 0.208s | source
Show context
philistine ◴[29 Jun 20 13:03 UTC] No.23677180[source]
I’ve heard so many people complain on HN about Safari’s lack of support for APIs. Before now, we didn’t have a public justification why Apple refused to implement them. Now we know.

The price of a Safari user in the ad market is going down, and it’s exactly what should be happening. I’m very happy with Apple.

https://9to5mac.com/2019/12/09/apple-safari-privacy-feature-...

replies(8): >>23677237 #>>23677240 #>>23677307 #>>23677333 #>>23677632 #>>23678116 #>>23681749 #>>23682896 #
fastball ◴[29 Jun 20 13:21 UTC] No.23677307[source]
Except "privacy" as a justification is BS.

You can implement these APIs while at the same time requiring explicit permission from the user before a web application can use them. This preserves privacy while also giving users the option to have much more powerful web applications.

Apple doesn't want to implement these APIs because currently if you want access to these things on iOS, you need to go through their walled garden App Store, where they get a big chunk of any revenue you might make on such a service and can nerf competitors and all the other anti-competitive stuff they're doing.

replies(7): >>23677413 #>>23677496 #>>23677509 #>>23677610 #>>23679646 #>>23679893 #>>23680797 #
user5994461 ◴[29 Jun 20 13:35 UTC] No.23677413[source]
I don't want random web sites I open (and their ads) to ask permission to scan bluetooth in my area and use usb devices connected to my computer. A website has no business doing any of that. There is no justification for these API to exist.
replies(5): >>23677428 #>>23677459 #>>23677466 #>>23677539 #>>23679532 #
fastball ◴[29 Jun 20 13:37 UTC] No.23677428[source]
I disagree. I want that. Therefore a website does have business asking for those things.
replies(2): >>23677512 #>>23678674 #
fennecfoxen ◴[29 Jun 20 13:44 UTC] No.23677512[source]
You're wrong. Therefore the developers' effort should not be wasted, and certainly not while exposing their users to privacy risks, exploits, and such other dangers as will inevitably arise when placing the capabilities to perform sensitive operations in software which also deals with untrusted input from the Internet.
replies(3): >>23677590 #>>23677660 #>>23677769 #
fastball ◴[29 Jun 20 13:59 UTC] No.23677660[source]
How can I be "wrong" about wanting these features? They're features that I want. I literally can't be wrong about that.

> capabilities to perform sensitive operations in software which also deals with untrusted input from the Internet.

But native apps don't deal with input coming from the internet? If that's what you think, you're... wrong.

replies(2): >>23679810 #>>23683643 #
close04 ◴[29 Jun 20 17:27 UTC] No.23679810[source]
Apps go through some for of validation by the "gatekeepers", and as a user you curate them a bit, you install the trustworthy looking ones. I mean you have a greater degree of control over what apps you install and use.

Now what's the level of control anyone has over a website? In your lifetime you visited many orders of magnitude more websites than apps. How do you plan on validating every link you ever click on? Every redirect? Browsers are the front line on the internet, they face the biggest threats because they can't afford to work in a walled garden with curated content. You are one minor bug away from giving access to your USB connected devices to some random website without even realizing.

I don't think anyone is arguing that you are wrong about what you want. Just that what you want is wrong. Like a kid wanting more sugar, they can't spell diabetes so it can't be a problem. You're selling your privacy for trinkets and that wouldn't be anyone else's concern if there wasn't a critical mass of such users pushing everyone in the same direction. Every questionable decision made by companies was made with the (ignorant) backing of people like you who saw the shiny feature and couldn't see past that. And again, you have every right to want whatever you want no matter how smart or dumb that may be. But don't be so shocked when people call you out on it. It's only because you brought just your own personal preference into the discussion instead of the merits of giving up every shred of control over your stuff in exchange for some marbles.

replies(2): >>23680251 #>>23680636 #
kilburn ◴[29 Jun 20 18:00 UTC] No.23680251[source]
Following your analogy, we should erradicate candy from this world and never allow anyone to produce more. This way surely kids won't get candy-induced diabetes.

There are perfectly valid reasons to want usb/bluetooth support for websites: fingerprint readers, smartcard readers and plenty of special-purpose hardware that would be useful to access through some web apps.

Does this mean every site should have access to all your hardware? Of course not. Let's make sure you have to bless a site to allow such access, make sure that the API can only be used from https-enabled (and trusted) origins, etc..

Your position of "just no because I don't see a need for it today" is a very close-minded one...

replies(2): >>23681580 #>>23681623 #
1. ◴[29 Jun 20 19:34 UTC] No.23681580[source]