Apple declined to implement 16 Web APIs in Safari due to privacy concerns

All applications that want to interact with system level hardware needs to go through the system vendor. Get proper driver cert, developer account with their physical company address.

I have a special distaste for plugins, extensions, PWAs, and even <canvas> tag. Browsers ditched system UI and favor of CSS driven UI elements which created the soup of unimaginable mess, inconsistency and lack of quality of UI in the browser. And this is just UI, the level of scrutiny given to a browser extention is insanely passive. Extensions get bought and sold like a hot commodity and no one bats an eye.

I can't use a system level blocker (such a Little Snitch) to stop an extension from communicating to the internet without blocking the browser itself rendering it useless. I need to resort to a horrifying mess of blocklists and a Raspberry pi hoping to catch one of these domains in its hole.

I personally want a browser to display HTML, may be some interaction with the DOM to help out (check all boxes using jQuery for example) and that's all. I don't want anything more.

Browsers bring friction-free exploration, literally "surfing". Hit the back button, or clear all your caches, and you're done, but otherwise, it's fire and forget.

The installable App model creates "shit work". Everytime I install something, it permanently takes up both screen real estate, and storage, and creates a cleanup task for me to delete it at a later date. Steve Jobs said "don't give your users shit work", well, app install and uninstall is shit work.

I don't want to install stuff, I want to use stuff and get work done, and want things to go away if I don't want them without having to become a System Janitor.

You complain about notification janitor work, which is fair, but native apps have the same problem, my iphone is deluded with notification spam.

The whole app model is a complete reversal of decades of movement to thinner clients, back to the Windows model.

Every time I go to a new restaurant, a new milk tea place, a new airport, or a new airline, they're asking me to install their native app. How many god damned United/American/SFO/InAndOut/FiveGuys/Chipotle/Starbucks/et al apps do I need on my device?

And no, "Instant Apps" are a worse solution to this. Why do I need to download a friggin 5mb iOS executable, even if it isn't perma-installed, just to display a form with 4 boxes on it to pay for a parking meter.

Form-filling is literally the use case for SGML from the beginning.

No, we don't need a native-locked-down-walled garden for every physical point of sale in the real world. And since Apple will never own 100% of the market, this means developers will end up needing to write, x2, silly little point of sale apps which clog up people's phones.

Ephemerality, transparency, portability, are desirable properties in addition to security and privacy. Apple leans too much on the latter at the expense of the former with relatively dubious justifications that could be fixed with better design, instead of refusing to participate in improving the specs to meet the desired properties.

I can use BigBlueButton to participate in lectures, talk, share my webcam, even my screen. And why I should I care, if I can at any time, revoke that permission?

I use many web apps, which are incredibly sophisticated, from TickTick for todo lists, to LucidChart for creating diagrams, to google docs do collaborate on documents, to notion for creating documentation. I could go on for days.

I am happy, that the browser is as feature packed as it is, because it allows for so many wonderful apps, that wouldn't have been made otherwise, if they had to be made with any other technology, that is not as easy to develop cross platform applications for.

And once you acknowledge that asking for access to spend your credit card is ok on the Web (and it is, because Apple supports the W3C Payment Request API), why do you think it is far worse to plug into a USB device, and be prompted to ask if your Web page can access it. There are any number of reasons to do this, like Arduino projects, IoT devices, etc.

I use a Chrome app that lets me install APKs over USB thanks to this API. Super helpful for installing built artifacts from a Continuous Integration result page for example.

Or maybe you're at an airport, or your company, and you want interact with a vending machine through NFC or BlueTooth. Why is a one-off permission tied to that one use any worse than the previous example of payment approval.

Most of the people responding on HackerNews seem to think Web apps can use these APIs without requesting user permission.

But the payment stack is also very complicated. It touches everything from the secure enclave up to the Merchant over the network.

And if accessing the USB stack is bad, then doing it from a native app is too bad. The Web execution environment is more isolated and abstracted than the native app SDK, see https://blog.zimperium.com/dr-jekyll-and-mr-hide-how-covert-... for example of live malware getting past the app review process and accessing geo location and other things to fingerprint.

My computer has never, in at least the last 15 years, been infested by usage of Web APIs. Since the time of Firefox and Chrome taking over from IE4-IE6, I have been free of exploits. It's fair to say that the web is used by billions of people, and for the most part, large scale carnage using browser vectors has been limited.

I don't think your conclusions are based on actual security researcher threat modeling, but more about an implicit bias against Web apps and towards native.

What the fuck.

> Most of the people responding on HackerNews seem to think Web apps can use these APIs without requesting user permission.

Nobody will have malware sideloaded because it requires clicking an OK button?

Most of the web is scams. Search for anything and most links will be scams. From that perspective, these APIs are profoundly reckless.

Bringing up flash here is like responding to an argument against capital punishment with "prior to lethal injection, you had firing squads, which do you think is better?"

> Hit the back button, or clear all your caches, and you're done, but otherwise, it's fire and forget.

Then of course websites can override the behavior of the navigation buttons...

> The installable App model creates "shit work". Everytime I install something, it permanently takes up both screen real estate, and storage, and creates a cleanup task for me to delete it at a later date. Steve Jobs said "don't give your users shit work", well, app install and uninstall is shit work.

Steve Jobs also thought he could cure his pancreatic cancer with a vegan diet. Perhaps shit work is a necessity if you don't shit laying around in inconvenient places, and this was one of Jobs' neuroticisms that didn't contribute to his genius.

That an app takes up permanent screen real estate is a matter of designing the operating system interface. On my computer, apps certainly don't take up permanent screen real estate.

> I want to use stuff and get work done, and want things to go away if I don't want them without having to become a System Janitor.

I feel the same way and my apartment is currently an absolute mess for this reason.

> The whole app model is a complete reversal of decades of movement to thinner clients, back to the Windows model.

So is the direction of the web, where clients are expected to do more and more work to make the server side application work. This is why computers that were sold as "thin clients" back when this concept was actually considered relevant are now pretty much useless for browsing the web. We're now working towards rich clients for better or for worse.

> Every time I go to a new restaurant, a new milk tea place, a new airport, or a new airline, they're asking me to install their native app. How many god damned United/American/SFO/InAndOut/FiveGuys/Chipotle/Starbucks/et al apps do I need on my device?

In my experience, none. I pay cash, debit card or in some cases using a single phone number based bank transfer app that's ubiquitous in my home country. In no cases have I needed a vendor-specific app to do this. Are you telling me that you can't go to Starbucks and buy coffee without installing their crapware?

> And no, "Instant Apps" are a worse solution to this.

No one mentioned "instant apps" and I've never heard of the concept until now. I agree that it's a stupid and pointless idea. This is not a problem that needs a solution in the first place, and "instant apps"/webapps/whatever are just part of a spectrum of stupid solutions to a stupid and incorrectly posed problem.

The problem they want to solve which is not as stupid, but all the more privacy invasive and manipulative to make up for it, is that of knowing as much about their customers as possible and to be able to push marketing information to them on that basis. To the credit of "instant apps" it only partially solves that problem.

> Form-filling is literally the use case for SGML from the beginning.

Yes, and if you limit your web app to the simple task of letting a user fill a form and submit it you don't need any of the stuff added to browsers in the last 25 years.

> No, we don't need a native-locked-down-walled garden for every physical point of sale in the real world. And since Apple will never own 100% of the market, this means developers will end up needing to write, x2, silly little point of sale apps which clog up people's phones.

No one needs to do that. If you mean that a big web API surface is necessary to create proprietary point of sale systems in a way that's more convenient to the vendor, I consider it only appropriate to limit the API surface to prevent them from doing so.

> Ephemerality, transparency, portability, are desirable properties in addition to security and privacy. Apple leans too much on the latter at the expense of the former with relatively dubious justifications that could be fixed with better design, instead of refusing to participate in improving the specs to meet the desired properties.

It is clearly the case now that security and privacy significantly suffers from the browser API surface.

And yes, if you have a continuous integration system building your binaries in the cloud it is helpful to be able to install them without going through a damn store process. You are installing your OWN apks that you compiled with this extension I’m talking about.

>most of the we is scans

Talk about hyperbole. The only time I’ve ever encountered harmful scams is when I searched for pirated content.

The web is the most useful human invention since the PC era. Most of peoples time in apps is spent in social media consumption. I’ll take web content over TikTok and Instagram any day.

Really, in practice how often are you prevented from leaving a website? Except for porn and pirate websites, almost never, and taking over the back button/onWindowExit is now mitigated in most browsers. For the majority of the people on the planet, they browse hundreds of websites, without ever needing to give a cognitive thought of cleaning up their cache. Websites are effectively emphemeral from a cognitive standpoint to most people, whereas app installation is not.

The web surfing is like channel surfing TV, when you change the channel, you're done. App installation eventually creates an environmental cleanup task for you.

The install model is a giant regression to the ease of consumption and low cognitive overhead the web brought.

> In my experience, none. I pay cash, debit card or in some cases using a single phone number based bank transfer app that's ubiquitous in my home country. In no cases have I needed a vendor-specific app to do this. Are you telling me that you can't go to Starbucks and buy coffee without installing their crapware?

The purpose of POS apps is not just payment, but parallelization. A POS is a queue, which means customers have to wait in line to give their order. You've never had to stand in line in front of several indecisive people? POS apps provide the ability for you to conduct the entire transaction without getting in line, and indeed, place your order and then arrive just-in-time when its ready. I routinely order, and then arrive to pick up with zero wait. Hundreds of millions of Chinese who use WeChat for 'O2O' commerce like this and it is the ultimate in convenience.

For people with disabilities, POS apps are a god send. And they're especially great for this pandemic. The only problem is, there's no need they be "apps" that get installed.

> It is clearly the case now that security and privacy significantly suffers from the browser API surface.

Browser security in the Firefox and Chrome world has been more solid than the 'apps' world. I'll take the browser sandbox over the app sandbox any day. And the browser API surface hardly matters when third party cookies, which have been around since 1995, are still widely used for tracking, and the biggest bit of fingerprinting entropy -- your IP address -- is core to the internet itself. And again, these APIs won't matter for fingerprinting if they are behind permission requests, because they can't be automatically used by third party ad networks.

Now excuse me, I have to give back to a meeting on that App Store reviewed Zoom app to conduct my meetings. I have nothing to worry about eh?

Fair, but I hope you agree that both are something we should care about. The privacy argument is generally the fingerprinting one.

> But the payment stack is also very complicated. It touches everything from the secure enclave up to the Merchant over the network.

Yes, but not at the actual level that the we process would have to deal with. There’s a huge difference between “can I have a credit card number” and “can I DMA” from the web process. (I would assume WebUSB does something saner than that, but it would still be copying a lot of bytes around security boundaries with parsing going on.)

> My computer has never, in at least the last 15 years, been infested by usage of Web APIs. Since the time of Firefox and Chrome taking over from IE4-IE6, I have been free of exploits. It's fair to say that the web is used by billions of people, and for the most part, large scale carnage using browser vectors has been limited.

Well yes, but of course such attacks are typically used against a dozen journalists in a repressive country, and not you, a Google engineer in what I would assume is a moderately comfortable situation in comparison ;)

> I don't think your conclusions are based on actual security researcher threat modeling, but more about an implicit bias against Web apps and towards native.

Bias towards native noted, bias towards security research also a thing I think I may have ;)

Chrome team has done a terrible job at understanding how less technical users interact with their browser and how to keep them secure.

My senior citizen support checklist is editing their Chrome shortcut to always launch without extensions, and block all new requests for notifications, location, camera, microphone, etc. (Switching browsers is better, but generally seniors prefer their computers don't change much, so I'll usually carry forward the browser they already have.)