The last thing I want is a webpage being able to access bluetooth, notifications or any sensor data. No, more permission dialogs is also not what I want.
> The last thing I want is a webpage being able to access bluetooth, notifications or any sensor data. No, more permission dialogs is also not what I want.
And how is having the same developer do it via a native application any different?
Permission controls for browser can be managed the same way they are being managed for native apps.
In fact, once a web app is allowed to register itself as an app, you will be able to centrally view permissions from your existing permission manager settings in your respective operating system.
I don't think they're advocating that any random page you happen to land on has the capability or permissions of an app. I think they're saying that the web app experience should be more aligned and integrated with the native app experience, including installation and granting of permissions.
> Privacy is worse on native, and we shouldn’t copy that.
When I create a document locally, or copy a photo from my camera to my computer, I'm responsible for how far it leaks, and it's fairly easy to manage and understand.
When I create similar data in a web app, I have no control over what happens to it.
You're comparing apples to oranges. Trusted local software and trusted web software aren't the issue. The issue is untrusted software. If you run untrusted native software on a (either non-mobile or non-updated) system, it can usually read and potentially exfiltrate all your files. On the other hand, an untrusted web pages can only access and exfiltrate the files you choose to let them access.
> Permission controls for browser can be managed the same way they are being managed for native apps.
They can't evolve the way the latter did. "New API every year or we break your app" is not an option for the web.
As a user, what drives me crazy is the absence of "human interface guidelines" and sane local storage. On the other hand, I insist on the freedom to sideload.
As a developer, I pine for an application platform that is not a 30-year-old messy abstraction over a 50-year-old operating system. If it can help my layouts on a 5" vs 50" screen, all the better.
Permission dialogs are a small price to pay for enabling entire categories of applications! For example, consider WebMIDI: there are huge number of web apps that use the new standard, ranging from online DAWs to hardware device management tools (like the new Noise Engineering Imitor Versio firmware tool). It's clear as day that Apple declining to implement these standards is holding back the web, and leading to platform fragmentation.
Yes, let's prevent fingerprinting with privacy-protecting implementations, but apps should be able to use these awesome features with permission.
It's huge price to pay considering the number of permissions required, complexity of it all, and potential consequences when a frustrated user just clicks "yes" to all
Counter point. It would be really great if the web app I work on was able to connect to Bluetooth enabled wands and directly read the RFID tag in the ear of cows as the farmer did things to them (like check if they are pregnant) and record that information in the web app.
I would agree that permission dialogs are not what we want, on page load, as so many websites do.
A web app should wait until it needs Geolocation or whatever, before prompting you. It should always follow a user interaction. When you click to use some feature, then it prompts you for the permission.
Or an app could have some kind of introductory page where it lists the permissions that it will need, and you click each one that you want to give. Again you do this at your leisure, not upon page load.
yup, I'd pay Apple an additional 20% per iPhone if they promise never to implement this horrible shit for website devs to endlessly badger users about to the end of time.
As long as the feature doesn't exist, people have to make websites that work without it. As soon as it does, people will instead switch to obnoxious interstitial screens telling and/or insisting that you enable push notifications or whatever to continue using the thing.
And how is having the same developer do it via a native application any different? Permission controls for browser can be managed the same way they are being managed for native apps. In fact, once a web app is allowed to register itself as an app, you will be able to centrally view permissions from your existing permission manager settings in your respective operating system.