[zp33]

How can you give every subdomain in *.shopify.com their own entropy pool without also giving domains the ability to serve a distinct subdomain for each user (eg, user-1.example.com & user-2.example.com) and therefore bypassing the restrictions Apple is seeking to implement?

[fshbbdssbbgdd]

That’s the debate happening in the GitHub issue. I think a natural answer is with carrots and sticks. Shopify will police their platform if that is what’s necessary to prevent Apple from destroying its business by cutting them all off.

There aren’t that many “build your own store” SaaS platforms, so it is feasible to maintain a whitelist.

It may sound strange at first to propose that Apple should be essentially auditing the behavior of other companies, but they have shown a willingness to pick up that mantle. Apple has already undertaken the huge effort of regulating the business practices of anyone on the App Store with the privacy label and other areas such as payments for digital goods. In this case, they’ve sort of delegated responsibility to a volunteer effort, which is understandable given how the situation evolved, but doesn’t seem sustainable.