- cross-posted to:
- javascript@programming.dev
- webdev@programming.dev
- cross-posted to:
- javascript@programming.dev
- webdev@programming.dev
Apple has decided to remove Progressive web apps from iOS in EU. If you have a business in the EU or serve EU users via Web App/PWA, we must hear from you in the next 48 hours!
Okay, now you have a separate cache that defeats the os’ cache rotation policies and all that entails.
I genuinely don’t like apple or google or any company but the position they’ve taken of breaking the new hotness fast and dirty skirt the rules development process in the name of keeping things normal is about the most correct decision any company can possibly make.
You can be upset that it breaks stuff you use or that they’re making money but if I had control over a bigass platform like ios and wanted to maintain security while implementing a bunch of legally mandated changes it’s exactly what I’d do.
No, they could solve this “problem” if they wanted too.
They just want to be assholes like usual.
What’s a good solution that preserves cache rotation but doesn’t require the developer to make a “real” app and offer it through official channels?
I can’t think of one.
there’s another post in this thread comparing pwas to flash. I think I it’s an apt comparison. Both were able to exist because of a bunch of little insecure ideas that became nooks and crannies of the browser as a platform. Spackling up those problems broke flash and eventually it died. Users expecting secure browsers will eventually kill pwas and then someone will come up with a new way to get hooks into the browser and build programs that don’t rely on users installing them on the os itself and that’ll take off and we’ll be in the same boat again.
Of course if things keep going the way they’re going, rendering engines will be so deeply embedded in the operating system that insecure applications running in the browser will be an even more serious risk than it is now.
Why do you even need “cache” rotation?
Maybe they could do it in the same way it’s done in safari?
One of the reasons it’s a good idea to clear the web cache is to prevent a few kinds of tracking and fingerprinting. That’s much more important on mobile than on a laptop or pc because phones go more places and can return and store information used to infer identities and locations very easily.
There’s a lot of good reasons but that’s just what popped into my head waiting in line.
Name resolution too. Can’t believe I forgot that.
There’s no limit to what browsers you can use on osx so pwa developers will just send over the payload that includes a custom version of chromium that they know to work with their package when someone with a safari/osx user agent tries to dl it.
If that sounds bad to you, it is.
There’s nothing but webkit on ios so pwas can’t do what they do on the desktop to avoid how the browser treats their data (and how the browser might work with the os to keep them from accessing other system files or doing weird crap).
Works fine on Android.
Forgive me for taking the easy layup:
Me: pwas are insecure and generally a bad idea. It’s easy to believe that apple is breaking the stuff that makes them possible in order to enhance security and I think it’s a good thing.
You: well they work fine on famously secure and privacy respecting platform android, did you ever think of that?
In all seriousness I do think pwas are gonna be put in users choice of browser jail on all platforms including the desktop eventually and as different aspects of their operation start making the news in bad ways they’ll get pruned away. Apple is ahead of the curve on this one.
I’m not sure if pwas will continue to exist once the stuff that allows them to function the way they do is taken away. Once you take away persistent cache, notifications, unique browser engines and probably some other stuff I’m forgetting they start to look a lot less enticing when compared to just having a website or making an application that’s distributed through normal channels.
Users should be allowed to use whatever they want and not be restricted by an asshole company that “respects privacy” when in reality it’s just about control.
That sounds a lot like the old windows 95 and dos days where the expectation was that the os would never stand in the way of even the most obviously malicious software.
I don’t want to go back to those days and even the most freedom loving environments have dropped support for operations like direct memory mapped io and more pertinent to the topic of our discussion, web technologies like flash and inline pdf rendering.
I get that it feels like someone is trying to take something away from you, but you gotta recognize that the thing they’re taking away is basically a gun pointed at your own foot.
I run a lot of systems that allow you to screw up, but I don’t have any complaints about one that doesn’t, especially when it’s on mobile: a platform with a much higher risk, reward for compromise, higher user trust and higher level of obfuscation regarding what’s happening under the hood.