← Back to context

Comment by j-pb

5 years ago

So basically everything that would allow web apps to become capable enough to provide a viable alternative to their App store.

If they really cared about privacy they'd auto-generate their new privacy labels based on a websites api access pattern, and put them in an easy to access place.

They should also simply ask the user for permission if a privacy critical api is being accessed, same as we do with the microphone and gps. Or if they want to prevent users from being bothered, they could make them opt in as others have pointed out. So you have to manually go to the privacy label, and select the stuff you want to allow.

I'd love to be able to plug midi devices into my phone. Implement pwa games that use local bluetooth connections for gameplay with friends in the train. Or be able to access my 3d printer from my phone without having to release a ridiculous App store app.

37 comments

j-pb

Reply
girst  5 years ago

nearly all of those APIs are also considered 'harmful' by Mozilla[1]. Some have even been disabled after implementation because of this[2]. These were developed by Google for Chrome OS, and besides the privacy issues, they substantially increase attack surface for security vulnerabilities.

[1]: https://mozilla.github.io/standards-positions/

[2]: https://developer.mozilla.org/en-US/docs/Web/API/Battery_Sta...

  • j-pb  5 years ago

    Mozilla also killed WebSQL because the existing implementation was too mature...

    I don't know what they're driven by, but it's not pragmatism.

    • sitkack  5 years ago

      There is too much opinion in your statement.

      Mozilla opposed it, rightfully so, in that it would dictate that SQLite be the implementation used everywhere. Mandating the inclusion of SQLite is not a spec.

      As much as I like SQLite and looked forward to it being in 2/3 of browsers, Mozilla made the right call. The web should be implementable entirely by the specification.

      Google likes to define the spec as the identity function of the implementation. Popeye specs, "I yam what I yam and dats all that I yam".

      16 replies →

    • girst  5 years ago

      >because the existing implementation was too mature.

      That's not what I gathered from their official response to the deprecation[1]. But the major problem with WebSQL for Mozilla seems to be this:

      >We don’t think it is the right basis for an API exposed to general web content, not least of all because there isn’t a credible, widely accepted standard that subsets SQL in a useful way. Additionally, we don’t want changes to SQLite to affect the web later

      edit: and once again: security might have been a deciding factor, too[2].

      [1]: https://news.ycombinator.com/item?id=18685296

      9 replies →

buran77  5 years ago

I don't like that Apple has this tight-fisted control over the app store but I'd hate it even more if websites got the same freedoms as apps. For better or worse there is some sort of diligence being done when an app is accepted in the app store and there is a chance it gets booted out if it abuses power. There is no such mechanism for web sites. Once this is out there there's no taking it back, there's no reigning it in, we're stuck with it. Deprecating these APIs is harder than just not implementing them in the first place.

Each of these APIs is sold as a life improving feature but put together you basically end up giving way too much access to any website. Because you know most users will not understand the problem and will just accept which is like sideloading APKs from random corners of the internet. And it's not their fault, you can't be literate in every field. Even as an expert you'd have a hard time deciding if a certain feature is used legitimately or the site will piggyback on it to screw you over. That's why you pay $1000 for a phone, so the manufacturer protects you from these risks.

  • jfkebwjsbx  5 years ago

    I agree overall, but:

    > That's why you pay $1000 for a phone, so the manufacturer protects you from these risks.

    is wishful thinking. You pay 1000$ because that is what people is willing to pay.

    • buzzerbetrayed  5 years ago

      > You pay 1000$ because that is what people is willing to pay.

      And they are willing to pay that, at least in part, because

      > the manufacturer protects you from these risks

      Not sure what point you're trying to make. Your logic is circular.

      3 replies →

  • asjw  5 years ago

    > so the manufacturer protects you from these risks.

    Gigabytes of pictures in an archive called "the fappening" say a different story.