←back to thread

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

(www.zdnet.com)
428 points coronadisaster | 1 comments | 29 Jun 20 10:16 UTC | HN request time: 0s | source
Show context
systemvoltage ◴[29 Jun 20 20:53 UTC] No.23682879[source]
IMO we need to stop giving more permissions to browsers. Everytime I install a new browser (I am intentionally not taking sides about which browser), the first thing I do is disable notification, microphone access, webcam, and location access.

All applications that want to interact with system level hardware needs to go through the system vendor. Get proper driver cert, developer account with their physical company address.

I have a special distaste for plugins, extensions, PWAs, and even <canvas> tag. Browsers ditched system UI and favor of CSS driven UI elements which created the soup of unimaginable mess, inconsistency and lack of quality of UI in the browser. And this is just UI, the level of scrutiny given to a browser extention is insanely passive. Extensions get bought and sold like a hot commodity and no one bats an eye.

I can't use a system level blocker (such a Little Snitch) to stop an extension from communicating to the internet without blocking the browser itself rendering it useless. I need to resort to a horrifying mess of blocklists and a Raspberry pi hoping to catch one of these domains in its hole.

I personally want a browser to display HTML, may be some interaction with the DOM to help out (check all boxes using jQuery for example) and that's all. I don't want anything more.

replies(2): >>23683480 #>>23683567 #
cromwellian ◴[29 Jun 20 21:38 UTC] No.23683480[source]
Prior to canvas, you had Flash and server-side rendered round-tripped graphs. You really think this was better?

Browsers bring friction-free exploration, literally "surfing". Hit the back button, or clear all your caches, and you're done, but otherwise, it's fire and forget.

The installable App model creates "shit work". Everytime I install something, it permanently takes up both screen real estate, and storage, and creates a cleanup task for me to delete it at a later date. Steve Jobs said "don't give your users shit work", well, app install and uninstall is shit work.

I don't want to install stuff, I want to use stuff and get work done, and want things to go away if I don't want them without having to become a System Janitor.

You complain about notification janitor work, which is fair, but native apps have the same problem, my iphone is deluded with notification spam.

The whole app model is a complete reversal of decades of movement to thinner clients, back to the Windows model.

Every time I go to a new restaurant, a new milk tea place, a new airport, or a new airline, they're asking me to install their native app. How many god damned United/American/SFO/InAndOut/FiveGuys/Chipotle/Starbucks/et al apps do I need on my device?

And no, "Instant Apps" are a worse solution to this. Why do I need to download a friggin 5mb iOS executable, even if it isn't perma-installed, just to display a form with 4 boxes on it to pay for a parking meter.

Form-filling is literally the use case for SGML from the beginning.

No, we don't need a native-locked-down-walled garden for every physical point of sale in the real world. And since Apple will never own 100% of the market, this means developers will end up needing to write, x2, silly little point of sale apps which clog up people's phones.

Ephemerality, transparency, portability, are desirable properties in addition to security and privacy. Apple leans too much on the latter at the expense of the former with relatively dubious justifications that could be fixed with better design, instead of refusing to participate in improving the specs to meet the desired properties.

replies(2): >>23684990 #>>23688967 #
saagarjha ◴[30 Jun 20 00:03 UTC] No.23684990[source]
I don't entirely understand your argument: I would love to use those things in the browser; in fact I do. But those are precisely the things I don't want to give random web API access to!
replies(1): >>23685428 #
cromwellian ◴[30 Jun 20 01:08 UTC] No.23685428[source]
Then don't. But if a web form at a coffee place wants to ask you for payment, it should be able to call up the WebPayment API to ask for one time permission, to which you can acknowledge. I shouldn't need a native app to do it.

And once you acknowledge that asking for access to spend your credit card is ok on the Web (and it is, because Apple supports the W3C Payment Request API), why do you think it is far worse to plug into a USB device, and be prompted to ask if your Web page can access it. There are any number of reasons to do this, like Arduino projects, IoT devices, etc.

I use a Chrome app that lets me install APKs over USB thanks to this API. Super helpful for installing built artifacts from a Continuous Integration result page for example.

Or maybe you're at an airport, or your company, and you want interact with a vending machine through NFC or BlueTooth. Why is a one-off permission tied to that one use any worse than the previous example of payment approval.

Most of the people responding on HackerNews seem to think Web apps can use these APIs without requesting user permission.

replies(2): >>23685453 #>>23686282 #
saagarjha ◴[30 Jun 20 01:12 UTC] No.23685453{4}[source]
Because then the web process needs access to the USB stack in some way, which is a lot more complicated than simply providing credit card information…
replies(1): >>23685857 #
cromwellian ◴[30 Jun 20 02:24 UTC] No.23685857{5}[source]
That's that's an argument for security, less so for privacy, in the sense that the surface area may yield points for exploits.

But the payment stack is also very complicated. It touches everything from the secure enclave up to the Merchant over the network.

And if accessing the USB stack is bad, then doing it from a native app is too bad. The Web execution environment is more isolated and abstracted than the native app SDK, see https://blog.zimperium.com/dr-jekyll-and-mr-hide-how-covert-... for example of live malware getting past the app review process and accessing geo location and other things to fingerprint.

My computer has never, in at least the last 15 years, been infested by usage of Web APIs. Since the time of Firefox and Chrome taking over from IE4-IE6, I have been free of exploits. It's fair to say that the web is used by billions of people, and for the most part, large scale carnage using browser vectors has been limited.

I don't think your conclusions are based on actual security researcher threat modeling, but more about an implicit bias against Web apps and towards native.

replies(2): >>23699406 #>>23704014 #
1. ocdtrekkie ◴[01 Jul 20 17:22 UTC] No.23704014{6}[source]
Go to a senior living facility and check out the permissions on each user's Chrome install. Web API abuse is rampant, the notifications API will be full of spammers. Ten malicious Chrome extensions are installed that are for "maps and directions" but hijack your home page and search default.

Chrome team has done a terrible job at understanding how less technical users interact with their browser and how to keep them secure.

My senior citizen support checklist is editing their Chrome shortcut to always launch without extensions, and block all new requests for notifications, location, camera, microphone, etc. (Switching browsers is better, but generally seniors prefer their computers don't change much, so I'll usually carry forward the browser they already have.)