[Blinks-]

It seems like a user side configurable app permission such as "allow this application to use PushKit for non VOIP related functions" would take care of this without breaking functionality. However if the author of this article is correct it seems like this is more a jab at Facebook messenger than anything.

[reaperducer]

"allow this application to use PushKit for non VOIP related functions"

The number of users who would understand that phrase and find it useful in making a decision is roughly .000000001%. Maybe.

[Wowfunhappy]

Nitpick: I'd think it's significantly more than that, not because the number of users is large, but because .000000001% is mindbogglingly small. Remove a few zeros!

[dave5104]

I don't think they were going for an accurate number. I actually think the hyperbole helps make the point they're making in this case.

[Daniel_sk]

That doesn't work with average users. Basically Android did that - apps started to ask for admin permissions, accessibility features and other dangerous stuff and users just click Allow on anything.

[saurik]

This is exactly correct: because average users are dumb, it is our duty as software developers to make decisions for them, and to use whatever practical encryption or legal copyright means available to us to ensure that users do not have the ability--by any means that could plausibly be under the control of the user--to access and modify (or even see!) the behavior of the software running on the hardware they think they "own"... anything less would be devastating for security and is too scary to contemplate.

[saurik]

So, I really wonder if the reason I am getting so many downvotes (I am only at 0 right now, but I have been as high as 3, so this comment has been pretty controversial so far) is because people are somehow failing to get my over-the-top / so-exaggerated-it-hurts sarcasm (which is a bit sad), or if people so truly agree with the premise that upstream developers are smart and users are dumb that they are angry at my strong characterization of it as categorically evil (which is downright terrifying).

[pseudalopex]

Maybe they just think your sarcasm detracts from the conversation.

[olliej]

The problem is that users can’t meaningfully make that decision. It’s especially bad when the app says “you need this for message notifications”, but then uses it for tracking.

I feel like an API that let you provide an XPC service to handle incoming messages, but restricted that service’s access to any device info, would be the best solution.

I have no idea how feasible it would be to make such an API.

[pwinnski]

If there is a need for an API, then I'd rather that API exist, rather than a VOIP API being used for non-VOIP things.