[joerobot]

What data do you collect that "driv[es] the experience forward"? How are we to know you aren't a bad actor?

People just want privacy. App developers are not entitled to every piece of information on a user. If I have sensitive information in my pasteboard, you're not entitled to it. I just want an app to serve a singular purpose then I want to close it and go about my day. I don't need an app to glean my personal info in order to show me ads.

[echelon]

> How are we to know you aren't a bad actor?

Apple has turned popular opinion against startups and the little guy so much that we're saying these things out loud to one another. Seriously?

Apple has too much power. Just like Google on the web.

Dealing with a little more pain and friction from marketing, in exchange for freedom for our devices and a healthy distribution of power, would be worth it.

We're being told to be afraid of "marketers", when we're actively being put into computing straightjackets by the biggest thugs of them all. Every move these gigantic companies make is to make you further reliant upon them.

We're moving to a world where Apple and Google decide who can execute what, and where there is no hope of leaving. And that's terrifying.

[eropple]

Why would you ever trust a "startup"? "The little guy" doesn't have data protection practices and can't prove their existence even if he does. Cavalier practices all over the place--I know, I've both created those practices in a "we need to ship" crunch and I've also lobbied (sometimes even successfully) to fix them later. Google has a lot of practices that absolutely suck, but their privacy and data protection functions have teeth.

As to the rest of your post: the app developer in this thread is saying Apple should give him and his friendos special permissions ("trusted certificates") to not ask the user whether the user trusts them, and you're saying it's Apple's decision to require a user to affirmatively consent to having their pasteboard read by an app that is thuggish?

One of these is actually on my side as a user, and it's not the marketer and it's not you.

[asow92]

Apple may revoke my certificate whenever it’s abused beyond its intended purpose. Hell, they could go further than that and only allow pasteboard access without a prompt iff the data matches a certain predicate that they approve. That would be fine by me.

[gls2ro]

Revoking the certificate _after_ an app developer already gathered and sold PI is a good action. But it is reactive. The user damage is already done.

But trying to deter such app developer to gather as much PI as possible is even better as it is preventive.

[asow92]

Honestly, I’d prefer if we didn’t need the paste prompt all together. I just want a way to universal link into my app on the very first launch. The pasteboard and fingerprinting gave us that, but apple has given us no feasible alternative.

This is like chrome saying you can’t go to anything other than the root path of a site the first time you go there.

[ImPostingOnHN]

the same goes for punishing criminals, but the idea of pre-crime is worse

[eropple]

Punishing criminals before they offend and setting clear boundaries beyond which you need user permission to act? Totally the same thing.

[joerobot]

So startups and the little guy deserve my data more than the big guys? No one deserves my data. Not everything in this world needs to be a marketing opportunity. How does "more pain and friction from marketing" allow for freedom on my devices?

[scarface_74]

This also parallels with developers complaining that they can’t have a direct relationship with customers.

I don’t want a direct relationship with developers. I don’t want to go to their website to subscribe or to cancel my subscription and I don’t want to give them my credit card information.

I want to be able to use “Sign in with Apple” and not give them my real email address.

[joerobot]

I absolutely agree. It seems like some developers are under the impression that everything needs to be a social experience. It doesn't.

[bdavbdav]

100%. It really hacks me off when I can’t “sign in with (Apple/google)”

[Affric]

The problem is that VC doesn't want to build a successful business, they want to build a profitable exit strategy. They want an IPO or acquisition that nets huge amounts of cash.

Diligently creating a business which turns a healthy profit for a fair exchange with the customer is less profitable than developing a large customer base that could be sold to someone.

Say what you will about the big players... there is no exit strategy. They are in the endgame.

[asow92]

Why else would the VC give you money to build anything in the first place? We couldn’t even be having this discussion without the decades of VC spending that’s gone into technology.

[Affric]

> We couldn’t even be having this discussion without the decades of VC spending that’s gone into technology.

Unless this is a reference to the fact we are having the conversation on the Y Combinator website specifically, it's is a fallacious argument to suppose that the only way any of our current technology could happen through the historical accidents that have occurred.

The nature of complex systems mean that larger systems process more information relevant to their continuance are more successful.

I do agree with the point underlying your rhetorical question. I am just not so certain we should be grateful for naked self interest.

[asow92]

To be honest with you, my whole point is not even missing out on a marketing opportunity. It's way more banal than that. It's more like routing to a specific experience on first app launch based on where you came from on the web.

[joerobot]

I'm ok not having a unique or customized first startup experience if it means I get to safeguard my privacy.

[asow92]

I mean, there are other ways around this. We could create an App Clip that essentially does the same thing. It's just harder for the user to get through.

Surely there's a compromise solution here? I don't see why Apple couldn't grant trusted certificates to good actors and revoke certificates from bad actors in regards to pasteboard access?

[eropple]

As I have said elsewhere, this is the compromise position. The extreme position is "there is no option for pasteboard access at all and all pasteboard interactions must happen through OS-provided, fully disintermediated controls."

You already have a compromise: you can, if you insist and if your user consents--not Apple through some "trusted certificate" granting process but the user themselves--choose to not follow standard system flows. Or you can follow standard system flows and receive implicit consent by the user when they click 'Copy' in the share sheet.

Why is seeking consent so terrifying a prospect? And why should anyone privilege "your flows" over that consent?

[jrmg]

Why not encode the data you want to pass in the link, like you would on the web, rather Han require an extra pasteboard-based payload?

[asow92]

We won't get the data from the link without the pasteboard or fingerprinting. The app is a blank slate on first open after installing: we lose the context from which we came.

It's important to note that this is not an issue for apps that are already installed: we get those links and their data; this is just a first-ever launch issue.

[adamwk]

It’s been a while since I’ve worked with universal linking, but doesn’t Apple’s APIs allow you to carry context? Or at least preserve the URL so you can take the user to where they were? I don’t think you need to hijack the pasteboard just to continue the users flow.

[asow92]

So you just trust that apple has your best interests in mind and fully believe them?

[isbvhodnvemrwvn]

Apple has more at stake than a rando like you.

[asow92]

what does that even mean in this context?

[meindnoch]

>We're being told to be afraid of "marketers"

We're not afraid of marketers at all. We simply despise them.

The more roadblocks Apple puts between us and the marketers, the better it is. You have no right for our eyeballs.

[xp84]

Yes, you and everyone else despises advertising, and also despises subscription fees even more. Eventually this will reach an equilibrium point. It’s one or the other.

People were spoiled on the old Internet, like pre-2010, where a simple adblocker meant you could just see all content, ad-free, with virtually no paywalls. It seems like because that’s changed now, they feel they have been robbed of their birthright.

[j16sdiz]

You wpuld be surprised to see how people abused these functions.

If you don't trust me, just look at the web. How it lost the cache for static asset; visited link css; popup window, etc

[comte7092]

>Apple has turned popular opinion against startups and the little guy so much that we're saying these things out loud to one another. Seriously?

By “start up” and “little guy” you of course are referring to complete strangers with close to zero reputational risk at stake who are handling my private data? Those people?

Apple had nothing to do with my distrust. Plenty of bad actors just like them have done that all on their own.