[fron]

If the Safari team could get their shit together and ship all the features they're missing that other browsers have supported for years, then perhaps I'd have more sympathy.

All I see here is that Safari still sucks in terms of feature support and developer experience.

[robertoandred]

What you're actually seeing is people who want Chrome to control the web and expect all other browsers to blindly follow whatever features they add to suit their business model.

[rp1]

I don't think this is true. Safari has terrible audio and video support, including for WebRTC. The reason is clear: they want people to use apps instead of webpages.

[azinman2]

And that would be a conspiracy theory. I wouldn’t make such assumptions about why Safari goes in one way or another. Priorities, patents, security, privacy, marketing… there’s all kinds of motivations that drive a team.

[rp1]

It’s not really a conspiracy because it’s a single company acting in its best interests. They came up a lot in Epic’s lawsuit against Apple.

https://www.theverge.com/2021/5/6/22421912/iphone-web-app-pw...

[freejazz]

I think you mean 'ulterior motive' except its probably not even very ulterior here and it's really just a 'motive'

[ocdtrekkie]

So much this. Most of the new "features" Google keeps introducing and expressing irritation aren't supported in Safari offer significant privacy risk and dubious real world benefit.

And herein again, Google does an "Oops" like they so often did to Firefox. https://www.zdnet.com/article/former-mozilla-exec-google-has...

Chrome team no longer gets the benefit of the doubt. They are a monopoly with a history of aggressive harms to competing browsers.

[lghh]

I ran into issues needing OffscreenCanvas [1] recently. What privacy issues would that present? We were creating real world benefit with it and had to do some major over-architecting to get around it not working.

I would like to say, Firefox doesn't support it either.

[1] https://developer.mozilla.org/en-US/docs/Web/API/OffscreenCa...

[sefrost]

Which features are you thinking about that would present a privacy risk?

I am aware of the File System Access API. What else is there?

[ocdtrekkie]

Much of the Chrome-introduced API surfaces which aren't supported in Safari tend to be about direct access to hardware. WebUSB, WebSerial, Bluetooth API, WebXR API, etc. etc. etc.

I would generally consider the introduction of these APIs to be hostile to average users: Each one adds a new fingerprinting vector, an extremely easy malware vector, and the protections Chrome team and standards folks have designated are woefully inadequate: Average users accept basically anything, and nobody on the Chrome development team has learned that yet.

[cromwellian]

They don't introduce a fingerprinting risk if there's no permanent acceptance, only session based acceptance locked to the origin domain. And you're bashing WebXR? Without WebXR, we couldn't even have VR/AR displays work on the Web. The lack of WebXR would be hostile to any user who owns a VR headset these days.

So what, you want VR/AR to be centralized to app stores only, or to a Facebook metaverse? Because that's what's going to happen if there's no way to author and host your own VR software.

And most of the fingerprinting risk being used in the field hasn't even come from these newer APIs, but from much older APIs which surfaced versioning information or HW specific limits, or rasterization differences, without requiring any permission dialog. For example, canvas fingerprinting. Even plain old CSS could be used to detect previously visited links by styling a button and measuring it (before the bug was fixed) None of those were behind any kind of permisson dialog or container.

Can you provide an example of some ad network using WebUSB or WebSerial or Bluetooth in the wild?

[ocdtrekkie]

> And you're bashing WebXR? Without WebXR, we couldn't even have VR/AR displays work on the Web. The lack of WebXR would be hostile to any user who owns a VR headset these days.

So, this is actually a huge part of my point, thanks for bringing it up. Nobody has a VR headset. I actually do have a very expensive VR headset, and it's sat in the box for a few years since I initially played with it. There was a craze three years back where everyone got one of those stupid Cardboards or a knockoff of it for Christmas, everyone hated it, and Google doesn't even support them anymore. I think Dell sent me one to promote one of their product lines once.

The problem here is Googlers have a completely unrealistic worldview, where stuff like having VR/AR displays work is something anyone actually cares about today. Go to a senior living complex, sit down with someone who is not in the tech industry, and see if you can help them figure out how to clean all the notifications permissions and sleezy browser extensions out of their Chrome install. Tonight I'm stopping by my parents' because my mother thinks a pinned site on her new tab page is something installed on her PC, and she wants it gone.

There are real world things Google could do to make their web browser help real human beings, but piling in new hardware APIs and then complaining other browser vendors aren't doing the same isn't what that looks like.

You should not be compromising your browser's core surface for something that at best applies to 1% of the population. Maybe these APIs have a use... as a separately installable plugin to add the functionality to the browser for the extremely niche crowd that needs them. This is true of connecting your serial device or your MIDI music interface to your browser too: It's just not something that belongs in a standard web browser toolset, and it's yet another thing I have to shut off to keep people safe on the web.

[mtomweb]

Explain the fingerprinting vector of Web-Bluetooth and how it compares with CoreBluetooth? No one else has been able too

[smoldesu]

Then leave them disabled by default and prompt users to hand over control if a website wants it?

[threeseed]

We have decades of experience about how this works in the real world. Which is that most people will blindly click whatever button is there in order to get the site to work.

For features which compromise privacy or security it’s not an acceptable approach.

[sangnoir]

That would lead to web apps being as useful as some App Store apps, and that is harmful to App^w the users.

[GeekyBear]

> Which features are you thinking about that would present a privacy risk?

From this week?

>Since most of us keep our phones in our pocket or on our person, there is a lot of motion data generated on the device throughout the day. Google Chrome, by design, allows any website you click on to request that motion data, and hands it over with gusto. Researchers have found that these sites use accelerometer data to monitor ad interactions, check ad impressions, and to track your device.

https://lifehacker.com/you-need-to-stop-chrome-from-sharing-...

[soperj]

Except Brave/Firefox/Opera all seem to support it, and it's just Safari that's fucking us.

[kitsunesoba]

Brave and Opera are just Chrome in a different skin, so of course they’re going to align with Chrome.

There have been a number of issues where Mozilla has been more aligned with Apple than with Google, usually wherever there’s privacy concerns.

[cromwellian]

Or where they just don't have the resources. None of this explains why Safari's WebRTC implementation was busted, or why a lot of their CSS was lagging.

[asddubs]

it's a bit of both. safari often also fails to implement sensible features in a reasonable timeframe (my personal grudge example is webp), but I do agree that chrome/google is also doing its best to choke out all other engines via API attrition

[jonny_eh]

To be clear, Safari does now support webp.

[asddubs]

Yes, my point was that it took them a really long time to add support. Sorry if that was not clear. Let's hope they don't take as long for avif

[heavyset_go]

It took them until the middle of 2020 to support WebP.

[heavyset_go]

Weird, I just want feature parity with Firefox.

[Shadonototra]

There is a reason why Safari is the most efficient browser on the planet

Asking for more bloat is not a good idea