[Aurornis]

> We should be allowed to create and use whatever UI we want for the public endpoints that are exposed

Having been at a company that tried this: The number of poorly-behaved or outright abusive clients is a huge problem. Having a client become popular with a small group of people and then receive some update that turned it into a DDoS machine because someone made a mistake in a loop or forgot to sleep after an error was a frequent occurrence.

The secondary problem is that when it breaks, the customers blame the company providing the service, not the team providing the client. The volume of support requests due to third party clients became unbearable.

These days there’s also a problem of scraping and botting. The more open the API, the more abuse you get. You can’t have security through obscurity be your only protection, but having a closed API makes a huge difference even though the bad actors can technically constantly reverse engineer it if they really want. In practice, they get tired and can’t keep up.

I doubt this will be a popular anecdote on HN, but after walking the walk I understand why this idealistic concept is much harder in reality.

[shivasaxena]

Thanks for your comment and for sharing your experience.

> Having been at a company that tried this: The number of poorly-behaved or outright abusive clients is a huge problem. Having a client become popular with a small group of people and then receive some update that turned it into a DDoS machine because someone made a mistake in a loop or forgot to sleep after an error was a frequent occurrence.

Ok, but this could be easily solved by having rate limits on api?

> The secondary problem is that when it breaks, the customers blame the company providing the service, not the team providing the client. The volume of support requests due to third party clients became unbearable.

I would say this is subjective/arguable in general.

[qcnguy]

It's what happens, it's almost by definition not subjective. The world is full of people geeky enough to use third party clients but not geeky enough to understand the nuances of service evolution. Their reasoning goes like this: yesterday it worked, today it doesn't. I didn't change my client, so it must have been the service that changed. Therefore, it's the service's fault.

This type of reasoning is typically reinforced by the third party app developers themselves, who will tweet "XXX broke their APIs today, really sorry, working hard to get you an update that works around their $@!%#! engineering" and other stuff that not-so-subtly encourages people to blame the service.

Also, don't discount the abuse aspect. Closing clients and out-iterating them is a proven strategy for winning the abuse war, and as all users care about abuse but very few care about third party clients, losing the latter to please the rest of the user base is an easy decision to make.

[LocalH]

To be fair, the chances of a breaking server change being unintentional or a natural evolution versus being a hostile move from the provider are about 50/50. AOL was known back in the day for making actively hostile changes to AIM for the sole purpose of breaking third party clients.

Today I'd say the chances of it being a hostile move are more like 75/25.

[afiori]

There is no limit that avoid both false nevative and false postives

[johnnyanmac]

Something being hard shouldn't be a reason to not do it. Put the features in and punish those who abuse the system. That's what regulation should be for. I think in general we need a wider solution to rampant botting as AI makes it even easier to bot.

[HPsquared]

If the cost exceeds the benefit, that's a reason to not do something.

[tremon]

But no one is forcing you to myopically express that benefit as solely "increase shareholder value", that's a choice.

[hobs]

If you want to operate at "dominant player in the industry" there's a lot of reasons you have to do stuff that has reasons not to be done, saying "its hard" isn't a good enough excuse if you want to get the lions share of the market.

[HPsquared]

Dominant players can also afford to do a lot of things without immediate payoff, e.g. Google, Bell Labs.

[johnnyanmac]

Somehow I don't think the billion dollar monopoly on video hosting is worried about doing anything more than serving adverts at this point. So let's just enshittify the product until we get broken up or a competitor somehow rises.

[conartist6]

You've described the problems.

But this is where all the value of the future is locked up.

We can't do better at serving people's individual needs until we give up on "one size MUST FIT ALL"

[ToucanLoucan]

Also Google raked in about 100 bil based on a quick search last year.

Surely some of that could be redirected to an engineering team to do what's listed here, and while they're at it, maybe make the Apple TV YouTube app not suck industrial quantities of ass.

I think the only one I've used that's worse than YouTube's is Nebula but it's not a direct comparison, Nebula just lags quite a bit, it does function. The YouTube app in comparison frequently just... breaks in incredibly bizarre ways.

[exe34]

> The volume of support requests due to third party clients

It's not like Google provides any support to their consumers though. They barely provide any to their customers.

[b112]

But it would mean they'd have to scale up from one, to two support staff.