[graham1776]

I've meant to write a blog post about this, but here goes: In-app browsers allow users to view inappropriate content, often against the wishes of sensitive individuals. People especially at risk for this include addicts and children.

Nearly every app, even "safe apps" including children-rated apps, allow access to an in app browser. Even when iOs has locked down all access to Safari, a parent has removed access to all the "apparent" unsafe sites, there are still ways to access the unfiltered internet inside of these safe apps.

How? Usually buried in App Settings. Almost all apps use some instance of an in-app browser to (lazily) reference thier privacy policies, EULAs, or TOCs. A buried link leads to a homepage, leads to an instagram link, leads to an unfiltered internet. Yes they are long, inefficient paths to reach the internet, but curious (or motivated) individuals or children will use almost any app to reach the internet. Even boring apps like MS Teams or adding a Gmail account to iOS mail uses a secret in-app browser.

This obviously presents a problem: should developers restrict any and all app access to in-app browsers, or leave policing to individuals/parents? An easy approach is to disable the in-app browser functionality in iOs, but obviously with grave cost to developers. At the same time, at what cost is in-app browser functionality being implemented.

[wepple]

Tangential, but these same links have always been a great way to break out of poorly designed kiosk systems.

I recall noodling with a huge interactive display on the side of a bus stop that had an embedded map, and surely enough the TOS link launched a browser, and from there you could use the Save As dialog to get to anything to execute

[orlp]

As a kid I loved doing this in every museum/library/other place that always had 'locked down' interactive Windows systems back in my youth.

One of my favorite ones was in a museum where I was with a friend, and there was a PC. We were bored and wanted to play some flash game, but we only had access to a mouse, and clicking links inside the locked fullscreen browser. With enough clicks we got to google and managed to copy/paste letter by letter the name of a game site in the search field and play some games.

[pricci]

Although using the on-screen keyboard in accessibility settings would have been easier (if that existed back then), I like your creative young mind.

[orlp]

We couldn't access anything but the browser window in fullscreen, only using the mouse. No start menu, tray icons, keyboard shortcuts, etc.

I'm sure there's like 100 different ways to break these bad Windows kiosks so that you'd eventually end up being able to access the accessibility settings, but it wasn't directly accessible to us.

[dbtc]

And I'm just excited to be able to 'visit' a museum from the internet :-)

[grishka]

Also on Android-based kiosks, you can get into the OS through the on-screen keyboard if they're using it. Try long tapping the buttons around the spacebar, one of them would usually get you into system settings. From there you can as much as completely take over the device if you wish.

[sirsinsalot]

Novell Netware had a similar bug circa 1998 whereby pressing `F1` at the login screen of the terminal opened the help dialog, which opened links in IE ... from there the main Windows shell could be ran and bingo ... you're in.

[TedDoesntTalk]

I never saw IE or Windows running on Novell Netware. It was a server operating system. What you’re saying is akin to saying you can create a windows shell from inside linux.

[brk]

The Netware backend server was it's own OS, IIRC. However on the client side, you had MS-DOS and Windows Netware clients to login to the Novell server and access the associated shared resources.

[TedDoesntTalk]

Right, but those clients weren’t “Novell netware”.

[sirsinsalot]

The windows client login and resource control was branded as such tho

[yesbabyyes]

I think what they mean is the Netware login dialogue, on Windows. My classmate hacked our high school's network, getting him thrown out of class. I'm pretty sure he used a different method, though. He got a job working for the school. This was in the mid 90s.

[mandevil]

Colonial? (This definitely happened at my school, wondering how common this was.)

[yesbabyyes]

This was in Stockholm, Sweden. I'm not sure how it was done, but I imagine it involved the SAM file and Jack the Ripper or something along those lines.

[bparsons]

This brought back many fond memories of using this hack to play Soldier of Fortune 2 on the school network.

[ghayes]

This is how I get to web videos on my Peloton. Viewing the mandatory software licenses leads to web links and then you can visit anything in that Chrome browser window.

[password4321]

Risky share -- the statute of limitations is not up on that one!

[CodeSgt]

I'm glad to see someone mention addicts. I feel as if internet addiction, and especially subsets of it such as porn addiction, aren't given enough weight by either the addiction treatment community or the technical community.

Before someone accuses me of being a conservative religious zealot as tends to happen when anyone denounces porn, I'll say that I'm far from a puritan and am extremely liberal in my social views. That said, I firmly believe that easy access porn is one of the worst things happening to the young men and women today. I (23) know many men around my age who suffer from chronic porn addictions to the point that it severely impacts their ability for form real relationships and median age of first exposure is getting lower and lower.

It's an absolutely crucial issue that no one seems to be talking about or taking seriously.

[d110af5ccf]

You claim to be extremely liberal in your social views but then in the next breath make the assumptions that difficulty forming relationships today is significantly greater than in the past and further that this fact is due to effects that are caused (ultimately) by viewing porn. Those are both very socially conservative viewpoints and I have yet to find scientific data (or anything else I'd consider even remotely reliable) that back either of them up, particularly the second one.

If I were to accept (purely hypothetically) that it is significantly more difficult for many people to form relationships today then how do you suppose to show that this change is due to porn instead of, say, the prevalence of dating apps such as Tinder? Or any number of other factors including things like job stability, housing prices (and thus perceived security of living situation), and where people choose to spend their free time (for example going out on the town in the past versus perhaps doomscrolling twitter and watching netflix).

[CodeSgt]

Where did I say that it's harder to form relationships today than it was in the past? I didn't. I said nothing of the sort nor did anything I say imply as much, if that was your takeaway then it exposes your implicit biases more than it does anything about myself.

[rowanG077]

You say this:

> I firmly believe that easy access porn is one of the worst things happening to the young men and women today. I (23) know many men around my age who suffer from chronic porn addictions to the point that it severely impacts their ability for form real relationships and median age of first exposure is getting lower and lower.

Porn(at least in it's current, easily accessible, form) didn't exist in the past. Since you claim that porn use severely impacts the ability to form real relationships it follows naturally that in the past it must have been easier. Since you don't mention any factors that impacted the ability to form real relationships in the past it follows quite directly that your claim is also that it was easier to form real relationships in the past.

In addition if it wasn't easier in the past how can you even know porn use is to blame? Essentially a variable is introduced which you claim has an extreme impact, yet you also don't claim there is change between pre- and post introduction. That makes no sense. Either it has an extreme impact which means it should be trivial to see a pre- and post introduction difference, unless there are other extreme factors that weigh in the other direction. Or there is no (extreme) impact.

[CodeSgt]

No. I know specific people that use porn, and among those that I know who use it excessively, they have a hard time forming relationships. No where does that say or imply that "It's harder for everyone to form relationships today than it was in the past" as you for some reason are consistent on believing I said. Those are two very different statements with very different meanings.

[rowanG077]

I'm not the person that originally replied to you. Besides that's not what that person said. You just conjured the everyone out of thin air. That was not mentioned in your post and neither was it in theirs.

[d110af5ccf]

> Where did I say that it's harder to form relationships today than it was in the past?

> I firmly believe that easy access porn is one of the worst things happening to the young men and women today.

"one of the worst things happening" is clear enough on its own. "young men and women" refers to the population at large. "today" is in contrast to historically

> I (23) know many men around my age who suffer from chronic porn addictions to the point that it severely impacts their ability for form real relationships

"many men" is not describing a rare phenomenon. "to the point that it severely impacts" is a clear attribution of cause and effect.

> median age of first exposure is getting lower and lower

Obvious meaning in context: things are getting worse over time.

> it exposes your implicit biases more than it does anything about myself

No, you are resorting to disingenuous semantic games because I pointed out the inconsistencies in what you wrote. Namely that you have provided absolutely no evidence for the things you are claiming and I see no obvious reason that they should be the case.

[freedomben]

I'm not GP, but you first say:

> Those are both very socially conservative viewpoints and I have yet to find scientific data (or anything else I'd consider even remotely reliable) that back either of them up, particularly the second one.

but then go on to yourself list many probably reasons why that's the case:

> how do you suppose to show that this change is due to porn instead of, say, the prevalence of dating apps such as Tinder? Or any number of other factors including things like job stability, housing prices (and thus perceived security of living situation), and where people choose to spend their free time (for example going out on the town in the past versus perhaps doomscrolling twitter and watching netflix).

Completing a study to prove GP's claims is a herculean effort that may not even be possible due to ethical concerns. (i.e. you'll have to take a person who has never been exposed to porn and then get them addicted, so you can see if it ruins their life).

Any claim without data should definitely be looked at skeptically (including in this case), but it's also important to remember that absence of evidence is not evidence of absence.

Also there's a lot of life experience out there of people who will tell you that they have a porn addiction that is causing them problems with relationships. One of my friends just got divorced from his wife of 20 years because he has developed a porn addiction and won't give it up or get any treatment (his wife is not ok with it).

I'm about as socially liberal as they come, (and I would never support a ban on porn nor pretty much anything, but that's a topic for another day), but I've seen and heard way too many anecdotes about the devastation that porn can have on a person to ignore it.

I don't think there's a big difference between a social conservative (who typically want to use government force to restrict access to "bad things") and someone who sides with liberty and tolerance but would advise friends and family not to do "bad thing."

[lrvick]

> Also there's a lot of life experience out there of people who will tell you that they have a porn addiction that is causing them problems with relationships. One of my friends just got divorced from his wife of 20 years because he has developed a porn addiction and won't give it up or get any treatment (his wife is not ok with it).

I have the opposite life experience.

His wife not being okay with it is her right, but speaking personally I would never want to be in a relationship so fragile that one or both partners looking at legal pixels on a screen could compromise it.

I have been in relationships in a conservative universe where adult content was consumed in secret or restricted... and it is toxic. Not everyone is in the mood all the time and other outlets can be healthy when paired with honesty and moderation.

Way better for all to learn to be honest about their needs and curiosities without judgement. That is how stronger relationships are built. Happily married to my best friend for a decade.

[_carbyau_]

You rightly point out that absence of evidence is not evidence of absence. But then neither is it evidence. Which leaves both sides at: we don't really know.

Anecdotes are worth crap all, because people will bring up examples for either side thus cancelling each other out.

But your last sentence irked me.

If you side with liberty and tolerance and advise friends and family not to do "bad thing", they can say they appreciate your advice, tell you to GTFO and do it anyway.

Once government steps in and makes such things illegal, there are much bigger stakes at play.

To me, that is a big difference.

[freedomben]

OH NO!!!! I couldn't figure out why it irked you because I totally agreed with what you said, and then I realized I typo'ed in the worst place. It would have irked me too. I said:

> I don't think there's a big difference between

But I meant:

> *I DO think there's a big difference between

[_carbyau_]

A minor misunderstanding easily cleared up then.

It gives me a little bit more faith in humanity when I agree with a random stranger on the internet. :-)

[d110af5ccf]

Yes, this is precisely my point. I see no obvious reason to believe the claims that were being made and no evidence for them is provided. I'm not saying "that's not the case" I'm saying "you couldn't possibly know that".

> I don't think there's a big difference between a social conservative (who typically want to use government force to restrict access to "bad things") and someone who sides with liberty and tolerance but would advise friends and family not to do "bad thing."

The socially conservative part is baselessly attributing various ills to porn. Admittedly anyone can commit such an error in logical reasoning but (in my personal experience) this particular one exhibits a very high correlation with being socially conservative.

[freedomben]

Apologies, I typo'ed in the worst place. I said:

> I don't think there's a big difference between

But I meant:

> I do think there's a big difference between

[semiquaver]

No true Scotsman would claim to be liberal!

[MomoXenosaga]

Yeah it was so much easier for a homosexual in 1950s Nebraska I'm sure.

[Zababa]

> It's an absolutely crucial issue that no one seems to be talking about or taking seriously.

Most men communities talk about it in one form or the other. However, most men communities on the internet are usually close in one form or another to the right politically.

[CodeSgt]

I suppose I should have said it's not being talked about by any mainstream authorities or outlets in the same way a lot of women's or equity issues are (not to say porn isn't also a women's issue, it very much is, but seems to disproportionately impact men).

It is a shame that any group which advocates men's issues tends to get labeled as right-wing or incelish, which then attracts those types and makes those labels a reality. And of course many were admitedly that way from the start.

Edit: And to add to this, being right or left leaning isn't inherently bad. And maybe this is my personal bias coming into play here, but I find that people are much quicker to associate right-leaning movements/communities as "bad" than they are left-leaning ones. Again I accept that could be personal bias and it isn't a hill I'd die on.

[Zababa]

I share the same view of the situation as you. A consequence of the increase in demands for justice, political correctness, and stuff like that seems to be that every community has to be focused on a oppressed group or it will be considered right-wing and thus attract people like you said.

The incel label is a good example of how bad men are treated sometimes. If you treated poor people like this by saying they're involuntarly not rich and then proceeded to say that it's mostly their fault because they don't work enough, think they can just show up to work, do their job and become rich, shouldn't expect money to be given to them, most people would react by saying that you're wrong. And when some parts of the population have trouble having sex/companionship like some trans people, it's called discrimination. But the same rules don't apply to incels it semms.

[majormajor]

My recollection of the term incel is that it was a self-applied label, not one created from outside the group like your "involuntarily not rich" hypothetical. (Even in that example, though... who's going to tell you you're wrong if your theory is "nobody should simply expect to get rich for showing up and not putting in the work", exactly?)

As to whether or not that group is popular... this is an interesting one since the bonding factor is a lack of relationship success (which is closely related to, but not the same as, popularity) in the first place. But if you look at a lot of how the group that has gathered under that label interacts with the rest of the population... it's hard to say it's just something like mocking them for not being able to get laid. There are a lot of frankly offensive and violent theories pushed by people out there.

It's deeply ironic actually - "I'm not having sexual success, I'm going to start listening more to other men who also have the same problem, they're the ones who will be able to tell me about women." Back when it was a more ironic, non-violent "foreveralone" meme I was in the club... it wasn't increasing my exposure to men that eventually got me out of it.

[flappyeagle]

What does it mean to be addicted to porn? Daily viewing? Hourly? Constant?

[CodeSgt]

Typically viewing to the detriment of your emotional/mental/physical health. If you consistently choose porn over real intimacy or if you overly desensitize yourself (porn-induced ED is a real, and quite common thing). The biggest concern is choosing porn over physical intimacy/attempts at physical intimacy. It's super easy for someone who maybe already isn't a social superstar to just find themselves choosing the easy option of porn rather than forcing themselves to go out and put effort into meeting people.

[smsm42]

You yourself recognize porn is an "easy option". Then no wonder people for whom it is hard to successfully form relationship that would lead to sex use it. It's like saying "cars are bad because it's too easy to just drive 100km instead of walking the same distance", ignoring the fact that for many people walking 100 km is either completely impossible or massively harder. That doesn't mean cars make you unable to walk (though in some very extreme cases it could happen). It means some people that previously had no options, now at least have this inferior one.

[CodeSgt]

Very, very few people truly have no options other than porn. But I'm sure many people have convinced themselves they don't since they can content themselves with porn.

Regardless, it's a feedback loop. People who deal with depression/anxiety are more likely to develop drug addictions. A "normal" person can usually try a given drug once and be fine. Someone with a predisposition to addiction can't do the same.

Likewise a lot of people can casually use porn without much of an issue, but some people allow their consumption to develop into an addiction that negatively impact their life.

[freedomben]

Just my opinion of course, but (like drugs and alcohol) putting a reasonable and generic metric on it is really hard, so I would instead ask generic questions that I would ask about other things like:

1. Do you find yourself craving it?

2. Do you continually feel the need to increase your intake? (i.e. developing a tolerance)

3. Would you be embarrassed if a like-minded friend knew about your habit?

4. If you were suddenly cut off from it for a few days, how would it make you feel?

[smsm42]

3 is really a societal measure - many addictions, like tobacco addiction and to some measure alcohol addiction, or caffeine addiction, are well accepted by the society and usually carry little shame to the addict.

[elwell]

I feel like addiction is a complicated label; this is a natural[0] desire. If it is agreed to be destructive to the pursuit of forming healthy relationships: any amount is harmful, or at least the start of something that will be more and more harmful.

[0] - natural like how we crave sugar for our health, yet harmful like I eat candy all day

[b3morales]

Granting the facts, your hypothesis is equally plausible if reversed, to wit:

People who have difficulty forming intimate relationships will often turn to habitual pornography viewing.

[jasonfarnon]

Not really. Unless you want to claim that the # of people having difficulty forming intimate relationships is spiking.

[michannne]

We used to exploit these types of paths when school IT admins didn't know how to filter traffic properly but knew to block proxies.

[LegitShady]

There was a period of time at my high school where we would compile a default browser app in Borland c++ and it would let you access whatever it wanted. They noticed because they got proper filtering after that...

[smoldesu]

Or maybe... just don't give your kids an iPhone?

Seriously, using the internet/computers should be treated with the same level of caution as grown-up scissors or fillet knives; powerful tools, but they need training to avoid hurting yourself with them. If this is what you're worried about, why are you even giving them a small computer in the first place? Your kids will always be more cunning than your security policy (a hard pill to swallow for HN users), so control their access to technology unless you're ready to have a serious sit-down discussion about the internet, personal privacy, and all that jazz. Put yourself in their shoes; if you're given a small black brick with an indeterminate number of capabilities, wouldn't your response be pushing it as far as it can go? I know that was my reaction when I was a kid, after buying a Pentium desktop at a garage sale.

[bigfudge]

Says someone who doesn’t have kids. I really don’t think it’s a big empathetic leap to imagine that young teens would want to take part in the modern world, and that includes some access to the internet.

And no, constant supervision is not an appropriate answer. Teens will want to research some things without their parents’ knowledge. That’s normal.

But it doesn’t mean that we should throw our hands in the air and make no effort to protect the majority of kids from the worst of the internet. Yes some bright sparks may find ways to circumvent the controls, but it at least makes it harder for them to send a disguised goatse link to their friends.

[tablespoon]

> Says someone who doesn’t have kids. I really don’t think it’s a big empathetic leap to imagine that young teens would want to take part in the modern world, and that includes some access to the internet.

At one point, "tak[ing] part in the modern world" included smoking, and lots of kids wanted to do it. Just saying.

[Minor49er]

I wish this was still considered to be common sense

[jacquesm]

Brilliant insight. Could you please convince my children's school that they do not need a smartphone? Because they f'ing mandate it and I have not found a way around this yet.

[mixmastamyk]

What happens if you refuse?

[jacquesm]

Good question, haven't researched that yet, thanks for the idea.

[munk-a]

Flip phones still exist and allow access to call in emergencies as well as text with friends.

[sh4rks]

Not sure if bait but I'll bite. Flip phones in this day and age? Nobody even uses sms to text each other anymore. You'd be isolating your kid by not giving them access to WhatsApp and other messaging apps.

I pray you never have kids because from your other comments it seems like you had painfully low self esteem in school and now you've tricked yourself into believing that that's the norm.

[jacquesm]

Yes, but they specifically mandate a smartphone.

[underwater]

This is such a naive take. I assume you don't have kids or teens?

Children don't exist in a neat subservient bubble. They have peers, social pressures, see advertising, consume television and movies.

Our kid's school had everyone buy an iPad. Already, at pre-phone age, so much socialisation has moved into the digital space. FaceTime, iMessage, Roblox, etc.

I was going to say banning phones would be like a kid in the 80s without television. But really it would be like being a kid in the 80s who wasn't allowed to have a TV, listen to the radio, have a phone line, and wasn't allowed to socialise outside of school.

[sroussey]

Actually, TV was severely limited as were video games. We were told to go outside and not come back until it was getting dark.

[TedDoesntTalk]

They’re given chrome books in school and can’t complete assignments without them. Now what?

[mixmastamyk]

They're just linux, provide your own. There are many options.

[chinchilla2020]

You don't have kids.

Your child would be the only one at school with no phone and probably be pretty embarrassed about it.

[munk-a]

In school I was embarrassed about the clothes I wore... also the calculator I had and my shoes and my lunch and my trapper keeper and my pencils...

Kids being embarrassed at school is unavoidable, being embarrassed is practically the job description of a teenager and younger students often have their own insecurities. There's an interesting debate as to whether these embarrassments are good or bad for us in the long run but we can side step all of that... not having access to a smartphone is important - it's important enough to warrant the slight amount of embarrassment.

[ars]

You can't live in today's world without a phone.

All the mechanisms of the past that were geared for this no longer exist.

For example: Drive on the road, get to a toll, don't have a Transponder to pay the bill? No problem - just call a phone number. Uh, what if I don't have a cell? This literally never even occurred to them, there is no alternative way to pay the bill.

That's life today, and it applies to children as well. Want to go to some sports place that only caters to teens and above? Load this website on your phone and fill out an application. Don't have a phone? Borrow a friends phone.

[Minor49er]

The toll roads I've seen on the east coast will just scan your license plate and mail you a bill if you don't have a transponder

[vanilla_nut]

Frequently at an increased rate. The garden isn’t fully walled yet, but they are closing in. I’ve already had to refuse to participate in social and work events that required me to download an app to my smartphone.

[Broken_Hippo]

This is the common way in Norway. Have the toll thingy or get a bill.

[davet91]

The in-app browsers could use a domain whitelist if parental controls are turned on.

[yowzadave]

Shouldn't an in-app browser whose sole purpose is to read an app EULA/TOC/etc. always employ a domain whitelist, regardless of parental controls?

[adaktix]

It shouldn't be a parental controls thing for IG, it just needs to be made so when you're using an in-app browser, you're using it for one reason, whatever site you clicked on. Leaving the domain ends the process or opens in another browser.

[graham1776]

That could be an "easy" fix where you could disable use of in-app browsers through Screen Time options.

[gowld]

The OS should apply a domain whitelist to apps, in coordination with the app developer and the device "owner". (Like uBlock Matrix)

[xfitm3]

Doesn't the harm of surveillance outweigh the harm of viewing "inappropriate content"?

Think of the addict is a new one, but I am automatically suspicious any time someone cites child protection.

[goda90]

I think you're seeing this as a "take away this choice from society to protect the children" kind of deal, but to me it seems more like the argument is to give choice to parents and addicts to control their own devices more completely. All other things being equal, why would a consumer want to not be able to control both the browser and in-app browsers as much as possible?

[Fogest]

I have a browser based game I play that makes use of many userscripts and browser extensions to further improve/enhance the game. However mobile users suffer from a problem of not having such extras. There is a very nice app someone made on Android and iOS that uses in-app browsers in order to be able to add a lot of custom things.

There are many useful instances for the in-app browsers and I don't think they should be removed because of some bad actors. It's similar to how Android has had password managers making use of autofill tools via accessibility tools. Android was butchering that access, but luckily started adding some official autofill support.

I don't think removing capabilities in the favour of "safety" is usually the right approach in my opinion.

[celtain]

Most of the usecases mentioned in this thread wouldn't suffer if the in-app browser had to be invoked with a whitelist of approved domains/urls. Perhaps apps could request permission to run an unrestricted in-app browser, and that could be used to facilitate parental controls.

As an aside, is giving parents the option to disable in-app browsers removing a capability or adding one?

[Fogest]

Yes I think in app browsers should still follow parental controls, and I don't see why that wouldn't already be a thing on devices. If I can use a VPN on my phone and have that block sites for me, it seems like it should be pretty trivial for the phone to respect parental controls across all apps, not just specifically web browsers.

That would be an additional capability. But having to force a website to give specific apps permission to display them in-app seems like a removal. Some people are also suggesting removing in-app browsers which also seems silly.

[RainaRelanah]

Mind if I ask what game?

Kiwi on Android is a Chromium fork that re-enables extensions on mobile. Works well for userscripts/extensions, though often times those UIs don't scale well to mobile.

[Fogest]

Yeah, sure! The game is called Torn. It is a text-based MUD style game. People use lots of tools/scripts when playing it to improve things. Some mobile exclusive users do actually make use of apps like Kiwi on their Android phones in order to install userscripts and extensions. However some people have Apple devices (probably regretably) and as such are limited to less powerful solutions. Luckily someone made Torn PDA [1,2] which helps bridge this gap and give you some powerful tools that you can even use on iOS. If Apple was less restrictive with their browser it may be possible to do more in the browser without needing to resort to these in-app "hacks".

[1]: https://apps.apple.com/us/app/torn-pda/id1510138514 [2]: https://play.google.com/store/apps/details?id=com.manuito.to...

[scrollaway]

Woah, Torn as in Torn City?

One of my first freelance jobs was for that game, fixing some bug or other in the website. This must have been 15 years ago ish?

[Fogest]

Yeah most people just call it Torn right now, but yeah the game is still going fairly strong. They released a mobile app which helped drive some more popularity to the game again. The mobile app is really just an in-app browser wrapper for the mobile version of their site, but it helped get them some extra visibility for the game via the app stores. Especially with how popular idle style games are right now on the app stores, Torn kinda fits in well with them.

It's pretty neat how long this game has been going for and how they still keep hiring more devs to work on the site! I'm sure if you checked out the game now it would look a bit different from when you worked on it 15 years ago! Though I'm sure some elements would still be a bit similar.

[aaaaaaaaaaab]

Ok guys, you’ve heard it, there’s an app that uses in-app browser to let you play some browser-based game! I guess we’ll just have to accept the status quo, otherwise the mobile players of this niche browser-based game would be inconvenienced!

[registeredcorn]

Interesting! This reminds me of the classic Windows 95 bypass. You abuse the help screen to gain access to the desktop without having to login.[1]

I'm currently going through HTB Academy and once you mentioned unsecured in-app browsers, the first thing I thought of was either a Web Shell[2], or better yet, directing the in-app browser to a malicious website to download additional software to better exploit the phone. If the in-app browsers aren't filtering explicit content, I have to assume they aren't filter malicious content either.

If this isn't already a well-known route of exploitation, I'm interested to see how that might change in the near future. It sounds surprisingly easy to exploit, provided you can get momentary physical (remote?) access to the phone for a short time.

[1] https://www.youtube.com/watch?v=1UfNlRe-goY [2] https://en.wikipedia.org/wiki/Web_shell

[franga2000]

If someone is knowledgeable and committed enough to dig through all their apps, find any in-app browsers and try to break out onto the web, they will also realize that simply using another device will bypass all your silly blocks.

[amenghra]

In the early 1990s, we used to break out of Macintosh's AtEase at our middle school by writing a two line MacBasic program which launched Finder. We would then bring games on floppies. Everything old is new again!

[Forgeties79]

> Yes they are long, inefficient paths to reach the internet, but curious (or motivated) individuals or children will use almost any app to reach the internet.

I don’t think this can be overstated. How many people tell you stories of watching signal-scrambled porn on TV when their parents are asleep? How many of us waited until our parents are asleep to play video game late at night? How many millions covertly downloaded Napster/Kazaa/etc. and downloaded 30 versions of a song before they finally got the one they wanted?

Being “motivated” as a kid or a teen is a low bar.

[qwertox]

I think on Android they could use Chrome Custom Tabs [0] instead of WebViews. IIRC this also protects the browser content from being accessed by the hosting app, but there is still a limited communication which is possible between the app and the tab.

[0] https://developer.chrome.com/docs/android/custom-tabs/

[nodamage]

> Nearly every app, even "safe apps" including children-rated apps, allow access to an in app browser. Even when iOs has locked down all access to Safari, a parent has removed access to all the "apparent" unsafe sites, there are still ways to access the unfiltered internet inside of these safe apps.

Last time I checked, WKWebView will follow the parental control settings set on the device.

[O__________O]

Reminds me of stories I have heard about users of computer systems with “strong” access controls figuring out ways to make it to unfiltered internet; examples include: student/prisoner computer labs, public libraries, flight entertainment systems, public kiosks, operating system logins, etc.

[rahkiin]

It is interesting how this would apply for custom browser engines in the future of iOS.

[CharlesW]

This class of security problem is also a great reason to never allow custom browser engines.

[smoldesu]

...why wouldn't it be possible? iOS has application sandboxing, just drop all DNS requests for the webview that's outside a developer-defined namespace. I'm sure someone at Apple could find a better way to implement it, but we shouldn't accept lame excuses like this. Apple has 200 billion dollars in cash, this is not an advanced problem space.

[happyopossum]

Then the app can use DOH, or tunnel DNS requests over something else - a non-safari browser engine wouldn’t have to use system DNS by any means…

[jamespo]

I thought non-safari browser engines were banned

[als0]

They are. This is a hypothetical discussion.

[postalrat]

How about services like luna, stadia, etc which can render any sort of interactive content (typically games)?

[t8ty2evj]

This seems like a non-issue. Where's the damage? I'm tired of people using children and a miniscule population of users w/ severe content sensitivities as excuses to justify features that are really just tools for asserting norms. The children are fine. We've been talking about how bad the internet is for children so long that those children grew up, led fufilling lives, had their own children, and now those children are apparently being ruined by the internet. What children need isn't more protection it's an escape hatch from all the forces trying to manipulate them during their most vulnerable years.

[cercatrova]

I have to agree here. "Think of the children" is an excuse as old as time.

[goda90]

>What children need isn't more protection it's an escape hatch from all the forces trying to manipulate them during their most vulnerable years.

Isn't addicting content a force that's trying to manipulate them? Porn, certain kinds of games, online gambling, etc can all get their hooks in someone. Prevention is better than having to fight the addiction in the first place, is it not?

[lrvick]

I would argue TikTok is proving far more toxic to children than access to adult content and no one seems to care.

-Targeting- children with content for profit should be banned, regardless of content. If the content is neutral and presented to all the same way then they get to choose to put in the work to find what they want to consume. When it is not neutral then it is the job of a parent to help tip the scales back to neutral with conversation or partially supervised device use.

Nudity for instance is only taboo in some countries, where others are whatever about it and will see women topless at the beach. Trying to censor things or target things is what does the most harm and creates closeted behavior IMO.

News flash to parents... when your kid is old enough to be horny they -will- find an outlet to see nudity be it in person or on a screen. On a screen is probably the safer default.

[polote]

A feature doesn't become a problem because 1% have an issue with it (people who use parental control).

The internet is the internet if you want to restrict what people can see on the internet the only solution is to not have access to it at all

[bigfudge]

Do you have kids? It’s really not easy to withdraw all internet access without substantially disadvantaging them. But I don’t want them reading 4chan either. Anything which makes that less likely without fundamentally breaking things is welcome to me.

[franga2000]

What do you think is more likely? That your child will stumble upon, correctly identify and successfully exploit an in-app webview, or that they will simply type "4chan" into Google on a school/library/friend's computer/phone?

Unless they are under constant supervision, they will find a way to access what you're hiding from them. And if they are, well then you don't need technical blocks in the first place, do you?

[sgc]

If I can slow my kids down by a year or three, it's well worth it.

[franga2000]

Does it take a year or three to walk to the school library? If they're young enough that that isn't the easier option, then there's no way they're capable enough to execute a relatively complex technical exploit.

I'm not telling not to worry about your kids' safety. I'm telling you not to worry about them dying from a lightning strike because they walk to school next to a 6-lane road full of drunk drivers every day. If they're going to get hurt, it won't be through the most complicated and least-likely way possible.

[chadlavi]

As a child of the 2000s: just let them look at the horrifying underbelly of the internet. One trip down grossout lane isn't going to undo all your parenting and make them some kind of perverted monster.

Children aren't prisoners.

[mschuster91]

Back in the early 2000s we didn't have people actively recruiting young frustrated men into incel and far-right terrorist groups though. We didn't have people thinking it was cool and edgy to make jokes about gassing Jews. Hell even the pedo/grooming problem wasn't much of a thing. Yes there was porn and vile gore floating around and you had to take care to not fall victim to dialers changing your dial-up information to bleed your phone bill... but that was all in all harmless.

These days, the amount of utter idiocy is just unimaginable, "eternal september" style. You join some random online game discord and whoops half the talk is about rape fantasies, n-bombs and other kind of sickening behavior. Let it slip you're a girl and you'll get flooded with wiener pics, "cum tributes", disgusting fantasies, doxxing attempts, or flat out hate for standing in the way of someone. Go on Youtube, watch a couple of videos and your suggestions have antivaxx bullshit or "shocker videos". Games for children are filled with barely disguised pedos and "moderation" doesn't do shit. Not exactly an environment many people want to expose their children to.

[LordDragonfang]

Maybe not in the "early 2000s", but you'd have to be a child of the 90s, not the "2000s", to have missed it, because all of that was around by the second half of the decade (with perhaps the exception of the far-right recruitment, which didn't fully hit its stride until the early 2010s).

It's been out there since the beginning; the problem is not the access to it, it's relationship with the internet. Back in the day, you were told to never give your real name online, now you're expected to type it into forms three times a week, while you have a public profile of all of your picture that anyone can look up while an algorithm serves it to the whole world. And yes, some of it is because kids are getting access to this world as toddlers when we weren't able to get there until early teens or the end of grade school at least. Kids need to be taught digital safety more than we need to continue the losing fight about securing access. Kids are smarter and more motivated than you are, they'll find a way around it.

[filmgirlcw]

> Kids need to be taught digital safety more than we need to continue the losing fight about securing access. Kids are smarter and more motivated than you are, they'll find a way around it.

I totally agree. When the reports of how school-issued Chromebooks will monitor texts from any phone plugged into them came out last week, I was tweeting about how we need to do more to teach kids opsec and digital safety/rights. I got some pushback from people who either think that it’s common sense stuff (it isn’t) or that the solution is to legislate something, but I live in reality and reality, as you say, means fhaf kids are smarter and more motivated and will find ways around things.

We need to teach them to protect themselves from prying eyes and how to circumvent the systems their own way.

We also need to stop holding people hostage to stuff they said/did on the internet as literal children, but that’s a separate issue.

[filmgirlcw]

I don’t disagree that things are more extreme now and that the algorithm reinforces the most toxic stuff, but as someone who has been on the internet for most of my life , I can assure you that being a woman on the internet has always been terrible (I had pedos trying to get photos from me in AOL chat rooms in 1994 when I was 10 years old), there have always been edgy shitlords making Holocaust jokes, and the whole modern grooming discourse literally started with chat rooms in the early to mid 1990s.

Yes, it is absolutely worse in some ways now, not just because some stuff has become desensitized and de-rigeur, as well as the aforementioned algorithm, but let’s not create a hagiography around the halcyon days of “online” that never actually existed.

Like Bane, I grew up in this pit of darkness and was molded by it, and I have true love and affection for it, but like, this element has always been here. Always.

[Zababa]

> But I don’t want them reading 4chan either.

I don't think access to 4chan is going to fundamentally change who your kids are.

[FabHK]

I think you accidentally a word.

[Zababa]

I did, thanks. For the record, my post was missing "change" before.

[j2bax]

Why don't you just make sure there are no unsavory links on whatever page you are using the in-app browser for and disable/hide the address bar so they can't just jump onto the open web? Seems like you can have your cake and eat it!