[rektide]

Like 18 months ago Safari launched a "look at us we are so great, we don't support these long list of web apis; isn't chrome evil" and Moz joined in like two days latter repeating the exact same claims in an obviously coordinated negativity-campaign. Web USB, web Bluetooth, web midi, ambient light sensor, bunch of other sensors.

I'm sorry I really want to find the links & show this off more. It was the most boldfaced & honest admission that basic useful interesting things were not welcome, profiteering off suspicion & hostility while telling users that the anti-feature was undecidedly the only acceptable way.

One can also review moz's standards positions. It's a great effort & I applaud Moz for their transparency & don't want to hurt the effort. There's aot of good too. But there's such a long sordid history of Moz saying no absolutely not this is awful, then eventually having to circle back around & at least make some effort to not be a huge stick in the mud, to at least help figure out at some degree what would fit if this was a goal. And often deciding yeah, we will do it https://mozilla.github.io/standards-positions/

They just don't seem to have any ability to differentiate between what a privileged/permission-ed site should be granted versus what the baseline security model should be. Any potential information leak anywhere seems like cause to terminate effort.

[illiarian]

That's a lot of demagoguery mascarading as fact.

What really happens is that Mozilla brings multiple well-argued objections (Safari, too) that span both technical and non-technical reasons, but Chrome just releases its half-baked non-standards and calls it a day.

[rektide]

I see the demagoguery going the other way.

Fear Uncertainty & Doubt are being used again and again to obstruct basic sensible user asks like being able to use Arduino Web Editor or work with their midi keyboard. Fear is the worst demagoguery of all.

Put it behind a permission! Only turn it on if the user installs a PWA! The idea that Moz/Safari know better than to give users what they want, to deny the web basic possibilities: that is demagoguery. It was never based in sound perspective.

[pjmlp]

Basically the ultimate goal is that Chrome turns into a kernel agnostic version of ChromeOS.

[zarzavat]

I completely agree. The amount of FUD Mozilla spread about Web MIDI was truly distasteful. People say that Google is the enemy, and perhaps they are. But at least Google does not write off entire groups of users (like musicians) because of a swivel-eyed security paranoia.

If I wanted a paternalistic entity telling me what I can and can’t do with my device, I’d use an iPad.

[illiarian]

> The amount of FUD Mozilla spread about Web MIDI was truly distasteful.

As in: everything they said is true, and the moment they launched it they found it's used for fingerprinting (and Google doesn't even hide it behind a permission prompt)

[zarzavat]

Anything can be used for fingerprinting. Your GPU can be used for fingerprinting. Your fonts can be used for fingerprinting. MIDI is so far down the list of fingerprinting threats.

If Mozilla are really serious about fingerprinting then they need to remove <canvas> right now and make every website render in Times New Roman.

Fingerprinting cannot be solved by disabling browser features in a standard browser. It can be mitigated by using content blockers such that the fingerprinting code never runs, or by using a specialist browser like the Tor browser.

[ta8903]

Pretty sure canvas is blocked by setting resistFingerprinting to true.

[illiarian]

> Anything can be used for fingerprinting.

Yes and that's a major issue

> If Mozilla are really serious about fingerprinting then they need to remove <canvas> right now

Ad absurdum is not as great an argument as you think it is

> Fingerprinting cannot be solved by disabling browser features in a standard browser.

It also shouldn't be facilitated by just blindly turning them on without propert mitigation. And proper mitigation is complex

> It can be mitigated by using content blockers

So now you're shifting the responsibility onto the user. Even though it's been shown time and again that users can't really understand all the complexities of modern systems, their capabilities and the far-reaching results of what these systems can and do.

[rektide]

But putting capabilities behind permission isn't what Apple or Moz considered.

> Finally, if we find that features and web APIs increase fingerprintability and offer no safe way to protect our users, we will not implement them

https://webkit.org/tracking-prevention/ https://www.infoq.com/news/2020/07/apple-fingerprinting-priv...

Strangling the web platform to keep users safe, forcing them onto much less secure much more invasive apps is not justified nor reasonable. Watching Mozilla adopt the same condescending paternalistic platform murdering "protect the children" absolutist authoritarianism with no possible consideration or affordances was a sad sad sad week. It's extremely reckless & hostile behavior, at deep deep deep injury to making so many great futures possible.