←back to thread

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

(www.zdnet.com)
428 points coronadisaster | 3 comments | 29 Jun 20 10:16 UTC | HN request time: 0.158s | source
Show context
thayne ◴[29 Jun 20 18:40 UTC] No.23680835[source]
There may be some legitimate fingerprinting concenrs. But given the list of API's it's hard not to see this as Apple crippling PWAs to prevent them from replacing native iOS apps (and hurting Apple's revenue from the Apple tax).

And maybe I'm missing something, but wouldn't the fingerprinting concern be mitigated by the fact the app has to ask for permission before using the API? If an app that doesn't have to do with MIDI asks for permission to use my MIDI device, I'm going to be instantly suspicious.

replies(12): >>23681559 #>>23681597 #>>23681685 #>>23681721 #>>23681779 #>>23682128 #>>23683342 #>>23683760 #>>23684141 #>>23684143 #>>23684588 #>>23685716 #
bartread ◴[29 Jun 20 19:43 UTC] No.23681721[source]
> If an app that doesn't have to do with MIDI asks for permission to use my MIDI device, I'm going to be instantly suspicious.

Sure, you'll be suspicious, but I seriously doubt you're the average user. I bet a very large proportion of Safari users have no idea what a MIDI device is and some significant portion of them wouldn't think twice about granting those permissions.

replies(1): >>23682591 #
mavhc ◴[29 Jun 20 20:36 UTC] No.23682591[source]
I'd assume the small percentage with a midi device who are going to music app websites would be more likely to know
replies(1): >>23683049 #
mynameisvlad ◴[29 Jun 20 21:05 UTC] No.23683049[source]
Anyone can request MIDI permissions.

The parent comment implies a bad actor using the API for something like fingerprinting, and a common user who may have never even heard of MIDI, let alone have a device.

replies(1): >>23699410 #
1. mavhc ◴[01 Jul 20 09:01 UTC] No.23699410[source]
But won't the user then go "why would I allow this website to access something I don't know about?" or, if they clicked yes anyway, the entropy would be ~0 as they have no midi devices.

This is assuming we moved to a model where more permissions had to be requested rather than just allowed

replies(1): >>23719940 #
2. mynameisvlad ◴[03 Jul 20 01:00 UTC] No.23719940[source]
No, of course they wouldn't. You or I would, sure, but a regular user is pretty much conditioned to accept whatever to make the page load.
replies(1): >>23748425 #
3. mavhc ◴[06 Jul 20 14:43 UTC] No.23748425[source]
If they don't care about privacy enough to learn about it, that's fair, no point wasting your time to avoid a problem that isn't affecting you much.