[concinds]

Why should websites, which are the least trusted form of code, be allowed to get filesystem access or contacts?

We all know that nontechnical users click through those and won’t understand the risks. So how do browser devs deal with the ethics? “Our browser presented them a dialog, not our fault, they should have read it?” We know many won’t, I don’t care whose fault it is if I’m in that address book.

If we want to imagine a world where websites have equivalent capabilities to native apps, first imagine a world where people install hundreds of new random native apps every day, both unreviewed and unsigned. Or, accept Microsoft requiring each website publisher to verify their identity with MS and sign their sites, like app developers? What’s the solution to avoid rolling back the security model 10-15 years?

[ikekkdcjkfke]

It's on demand contact pickers and file pickers, not indiscriminate access to all your contacts and files, where do you have that from?

[szasamasa]

technically nothing is installed, it is just bad wording and bad decision to call it install... just standalone mode with an app button

what is "installed" is js, css, html etc. files downloaded the second you go to a web site, service workers are silently "installed" before and without "install web app"...

so if your device survived the last 10-30 years having "installed" thousands of websites already then you will stay safe if your favourite monopoly after 3 years of prolonging app store revenue hit finally lets you run your website standalone and with the push of a button

you can run LastPass native clones on ios store but really, you should not run a chrome/firefox native code (from Google, Mozilla) that is governed by an open source readable js code that a service worker is?

the whole web app is a website run in standalone by the browser without browser UI and with access to some things IF you say so... and of course competition is that safari will not let web bluetooth or file picker or whatever and if people learn that another chrome feature led to this big security issue they will use safari...

[sfryxell]

I'm happy to earn your trust. Apple makes that impossible for me to do.

[thisislife2]

This argument is not new - "they don't know any better than us" is what was used to deny the poor, the minorities and woman their right to vote for a long time. And these rights were won after a hard struggle. Apple also shouldn't be allowed to take away our consumer right with similar fear mongering. A balance where the user is in control of the device they rightfully own versus protecting the technologically illiterate from their own ignorance is possible. Just because some alcoholics ruin their own lives or even others with their addiction isn't a good excuse to ban alcohol for everyone. Just because terrorists are able to exploit a weakness in internal security, and cause harm to the State doesn't mean that the State can demand that everyone should blindly give up all their rights to a nanny state for "security". It's all about finding the right balance.

Right now Apple devices don't offer that and violate our consumer rights by limiting and dictating what software we can run on it. It also uses this control to exploit us - by forcing us to install software only from the app store, we are unnecessarily forced to pay extra for every paid software because Apple expects a hefty app store commission on it.

[stephenr]

> Just because terrorists are able to exploit a weakness in internal security, and cause harm to the State doesn't mean that the State can demand that everyone should blindly give up all their rights to a nanny state for "security".

Tell me you haven't been through an airport post-2001 without telling me.

[zappb]

The right for entrepreneurs to make a profit trumps users’ rights to privacy and security.