[desikoder]

> The last thing I want is a webpage being able to access bluetooth, notifications or any sensor data. No, more permission dialogs is also not what I want.

And how is having the same developer do it via a native application any different? Permission controls for browser can be managed the same way they are being managed for native apps. In fact, once a web app is allowed to register itself as an app, you will be able to centrally view permissions from your existing permission manager settings in your respective operating system.

[merlinscholz]

I get your point, but in my experience it is more common to land on a website with a malicious ad than intentionally download an untrusted app.

[mpalmer]

I don't think they're advocating that any random page you happen to land on has the capability or permissions of an app. I think they're saying that the web app experience should be more aligned and integrated with the native app experience, including installation and granting of permissions.

[mtomweb]

Privacy is worse on native, and we shouldn’t copy that.

If others read the section on Bluetooth it outlines how poor native protections are.

Full integration of web app settings into the OS is essential for users to be able to control their privacy.

[the_other]

> Privacy is worse on native, and we shouldn’t copy that.

When I create a document locally, or copy a photo from my camera to my computer, I'm responsible for how far it leaks, and it's fairly easy to manage and understand.

When I create similar data in a web app, I have no control over what happens to it.

How is "privacy worse on native"?

[easrng]

You're comparing apples to oranges. Trusted local software and trusted web software aren't the issue. The issue is untrusted software. If you run untrusted native software on a (either non-mobile or non-updated) system, it can usually read and potentially exfiltrate all your files. On the other hand, an untrusted web pages can only access and exfiltrate the files you choose to let them access.

[the_other]

I understand. Thanks.

I think the key here is "trusted". That's the bit that needs work. Vendors need to work on their trust; our industry needs to work on its architectures and business models.

[6figurelenins]

> Permission controls for browser can be managed the same way they are being managed for native apps.

They can't evolve the way the latter did. "New API every year or we break your app" is not an option for the web.

As a user, what drives me crazy is the absence of "human interface guidelines" and sane local storage. On the other hand, I insist on the freedom to sideload.

As a developer, I pine for an application platform that is not a 30-year-old messy abstraction over a 50-year-old operating system. If it can help my layouts on a 5" vs 50" screen, all the better.