Comment by phkahler
5 years ago
Those APIs should not exist. Web site creators need to stop acting like they are entitled to access whatever they want on someone's computer.
I dont care about your unique SaS usecase, these are invasive. Make a native app if that's what you need.
Why is accessing this via a native app better than accessing it via web browser?
I am less likely to accidentally give you permission over my computer to do shady shit if I am forced to install an app vs happen to click the wrong link on my browser.
The difference is intent. By installing Chrome I do not intend on giving up every last bit of privacy and control over my computer, they just want to trick me into doing so by stuffing functionality into web APIs that should never have been web APIs in the first place.
I don't follow this line of thinking at all.
If you're questioning whether they're trustworthy, you should be going out of your way to avoid installing their native app, preferring a web-based solution instead.
> By installing Chrome I do not intend on giving up every last bit of privacy and control over my computer, they just want to trick me into doing so by stuffing functionality into web APIs that should never have been web APIs in the first place.
Is Chrome really so bad about accidentally granting privileges (webcam, say) to websites?
Perhaps there's a more privacy-oriented browser that lacks such functionality entirely? Sounds like a good idea, come to think of it.
4 replies →
> The difference is intent. By installing Chrome I do not intend on giving up every last bit of privacy and control over my computer
You make it sound as if Chrome will expose your private data and the control over your computer to everyone who cares to use it.
Aren't you in control over what you allow to access on the per-site basis?
3 replies →
A native app, once installed, basically owns you. With a web app you have to explicitly grant permission for each and every API (of the kinds listed in TFA at least). Are you in the habit of accidentally clicking "accept" in a series of permission prompts? Even if the answer is yes, it's ok, as it's very easy to revoke the permissions in your browser.
There's no way you can argue that a single "grant all permissions" step is more privacy friendly than fine grained permissions.
I wouldn't have any problems giving these APIs access via the web, but one challenge with the websites is that I'm never 100% sure that when I "retract" a permission or say "stop tracking me" that it's done. I think that if access to these API's were wrapped in some sort of Privacy API that superseded each website's privacy and data collection polices I would be more comfortable with this. These changes just seem like something Google threw over the wall to get things working with Chrome and every other browser developer said "no thanks".
Creating these APIs doesn't just grant access to them to well-thought-out PWAs with a clear use case.
It grants access to every shady malware ad that wants to siphon your data and that of everyone around you.
To what degree is this true for App store apps too though? What with the Facebook (sign-in) SDK and all? Honest question.
2 replies →
> It grants access to every shady malware ad that wants to siphon your data and that of everyone around you.
Can't native apps do so as well?
1 reply →
Forcing someone to install a native app not only lets the maker of the app siphon the users web browsing data, it also allows them to siphon all data from their machine, including bank details, passwords etc, and often opens security vulnerabilities that allow people who aren’t the app maker to do the same.
1 reply →
From a tech point of view browsers are switching the roles of client and server. It's getting to be like X windows or something.
IMO, it's not the web-developers, it's the web-site owners. The devs (well, the small sample I know) is not interested in collecting user information to make a better fingerprint.
It's usually marketing teams who aren't thinking about privacy implications, just how to perpetuate or further engagement.
Seemingly innocuous features they devise to streamline engagement often come with huge privacy implications and I've had to shoot down ideas many times in my career that were well into the realm of creepy.
> Make a native app if that's what you need.
i.e. Make binary that includes a web browser just for this one web app.