I’m going to ignore the security angle and post my big fear.
Chrome has dominance similar to IE at the height of its popularity.
Whatever you think of their decisions, Apple is the only thing stopping a 90%+ Chrome web. (Note: not why they’re doing it, just a side effect)
People keep arguing Apple is being anti-competitive. But no one seems to recon with the possible consequences of what they’re asking for. And I fear we may get a pyrrhic victory if these groups/governments keep pushing.
No, I don’t know a good solution. But I don’t think letting Chrome totally own the web is a good outcome.
On the other hand, this denies me from using an actual Mozilla Firefox web browser on iOS.
Imposing an artificial limit on iOS isn't how the web will move forward.
> Whatever you think of their decisions, Apple is the only thing stopping a 90%+ Chrome web.
I don't see Apple making any effort to diversify the browser ecosystem by making their browser available on other operating systems, so their inaction on other fronts isn't going to reverse the trend either.
Of course this is just part of the story. In every country it's different. In some EU countries Firefox is up to 20%. In UK it's almost non-existent. Local markets shape the browser support. If a few major websites are too lazy to support a browser properly, users will leave, and then others can say "there are no users, so we can stop supporting!".
It's more traffic than Safari, but Firefox also runs on platforms like Windows or Linux and has disproportionately large mindshare among open source developers. Give how much higher that number was 10 years ago, I think this counts in support of the original point: Google has poured a ton of effort into promoting Chrome and “accidentally”[1] offering a worse experience for other browsers in their site and nobody other than Apple seems to have been successful at resisting this.
1. Whether this is an overt policy or simply choosing to skimp on testing, it's a choice.
Ran into a fun Google bug today: on the default macOS Safari install, Google Drive refused to download a folder once it had more than about a dozen files. It would go through the entire “zipping the files up” step and then mysteriously fail at the end, blaming cookies (?).
The workarounds are to use Chrome, download files in tiny batches (much fun with 500 photos in the folder), or work out through trial and error that Google wanted the Safari tracking prevention disabled before it would download a file.
> most desktop computer users are able to use Firefox
Desktop-using software engineers can write software for desktop users in a ton of different ways. There's so much freedom and there exist multiple mechanisms and platforms to deploy your code.
Desktop-using software engineers are not free to choose how to deploy software to mobile audiences. They've got to go through Apple to reach 50+% of the US market. Apple sets unreasonable rules.
Unfortunately, Americans spend most of their time computing with mobile devices now. We've been forced into this situation.
Both Apple and Google have made our industry worse and more locked down than Microsoft in the 90's and 00's, and they both deserve to the the target of smartphone and browser antitrust lawsuits.
How? As a user I’m able to do the things I want with reasonable guarantees of privacy and security. Most developers that release iOS software seem to be doing ok with those “unreasonable” rules. And the user benefits. If I wanted Android, I would have bought Android. I bought Apple specifically because I see value as a user to those unreasonable rules.
As a user the harms are invisible to you. If you'd like to find out how it harms consumers, businesses, developers and the web, please read our regulatory submission "Bringing Competition to Walled Gardens":
Why would you post a document refuting your own point?
I explicitly do. not. want. my web browser to have access to the bluetooth and NFC APIs. Nor the screen orientation lock and full screen APIs. I absolutely do not want website notifications.
I don't know how to be more explicit. Those are things developers want. Those are not things users want. And no amount of gaslighting about invisible harms is going to convince us that what you want is what we want.
In the world you're describing, the future of technology is owned by Apple and Google forever. They got there first, and they'll forever be the victors.
They can tax it. They can starve the entire landscape of innovation capital and prevent other companies from ever growing large. They set the rules, and they have enough human and financial capital to keep the game going forever.
That's not good for capitalism, the free market, entrepreneurs, or innovation. In the ten years since smartphones came about, we've seen a contraction of other forms of computing. A contraction in the number of smartphone manufacturers, too! The world is worse for it.
This type of duopolistic advantage also creates a system where Apple and Google can grow close to governments and become a surveillance and control apparatus. That's scarier than anything a developer could do to slight you.
The status quo is great for Apple and Google shareholders, but bad for those trying to innovate and those wanting personal freedom and privacy.
Almost all of computing connects to these two companies now, and that's a fragility that benefits these two giants to the rest of our detriment.
> I explicitly do. not. want. my web browser to have access to the bluetooth and NFC APIs. Nor the screen orientation lock and full screen APIs. I absolutely do not want website notifications.
Easy enough to turn all of these things off. You're describing a setting.
> That's not good for capitalism, the free market, entrepreneurs, or innovation
Google Play puts $50 billion into devs’ pockets, and Apple App Store delivers another $85 billion. Mobile gaming puts another
“Overall independent app developers’ average monthly revenue is $1,500, medium-size company developers make $7,500 a month and large studios developers teams generate on average $44,000 monthly.”
Seems like capitalism is hale and healthy in this duopoly.
See, your link identifies you very uncharitably as a Google shill.
Both Firefox and Safari are against most hardware APIs for many reasons including technical ones. Only Chrome is reckless enough to enable them even though no consensus has been reached on them.
Those specs are nowhere near to being standard. They are "Draft community reports". And yet you list them there as if they were standards and as if Apple absolutely had to implement them for greater good (and not because the dominant browser implemented them)
Edit. I can't even begin with the laughable "Edge differentiates from Chrome" because it removed a few Google-specific things like Google Pay.
It’s hard to take comments from someone who doesn’t believe in the Web or Web Apps seriously. If you start from a position that Web Apps should not be able to compete on mobile devices, then our viewpoints are so diametrically opposed there’s really nothing to argue about.
OWA was formed to ensure that mobile Web Apps become viable, if you disagree with that as the premise, all the best.
Our group was initially formed by a group of people who develop for iOS Safari on daily basis. We have an exceptionally detailed understanding of the bugs and functionality issues of the browser. The only reason google is in the conversation at all is their browser along with Firefox and Edge has vastly better functionality and stability.
We’re trying to fix real world problems caused by anti-competitive behavior. Any debate needs to start with the premise that web apps are not competitively viable on iOS and that Safari is in a poor state.
Then the next step is to discuss potential solutions.
> Our group was initially formed by a group of people who develop for iOS Safari on daily basis.
Yes, you keep copy-pasting that. As if that absolves you of factually incorrect statements.
> We have an exceptionally detailed understanding of the bugs and functionality issues of the browser.
And yet you fail to understand that hardware APIs are opposed by BOTH Safari AND Firefox. And yet you include them in your lists as if they were actual standards that Safari absolutely must implement. They are not. Same for a bunch of other Chrome non-standards.
In a recent discussion it turned out that you didn't even know what actual objections BOTH Safari AND Firefox have against them.
Same for pretending that Edge is different from Chrome because it removed Google-only services from it. It's not. It's a re-skin with very minor modifications.
You've listed over thirty things that Edge removed from Chrome to make a "different browser". Can you name 10 or 5 of them that are actually relevant to actual web?
Your entire OWA isn't arguing in good faith and is basically parroting Google's propaganda word for word.
> Any debate needs to start with the premise that web apps are not competitively viable on iOS and that Safari is in a poor state.
No. Any debate in good faith has to start with discussing the state of the open web and Chrome's utter dominance of it. As the top comment rightly said, "People keep arguing Apple is being anti-competitive. But no one seems to recon with the possible consequences of what they’re asking for." [1]
Should Safari be better? Yes. Should it be "better" by blindly implementing whatever Google throws over the wall and gullible developers eat up as if it was heavenly manna? No.
> Then the next step is to discuss potential solutions.
The issue is you are focusing on the specific APIs as a strawman argument which would require us to argue each and every API on its individual merits something neither of us has time for.
Instead let’s focus on the core issues:
1. Severe underfunding of Safari
2. Bugs
3. Install Prompts/Banners
4. Push API
1. Apple has no incentive to fund their browser while they are not at any risk of losing market share to the competition on their primary OS.
2. Because of the underfunding and the fact users/developers can’t shift to other browsers, bugs that are either impossible to work around (or require a very high level of skills) have not been fixed. Some which were reported 7 years ago.
3. Users do not know web apps exist. They have no way to install them.
4. Notifications arrived for native apps in 2009, in 2022 they still are not available for web apps even though they are essential for many different types of apps. Apple has promised them in 2023 likely as a result of our advocacy work.
Without a viable web ecosystem on iOS mobile web apps are dead and the entire ecosystem gets shifted to native apps and webkit applies no competitive pressure on chrome/edge or Firefox. The status quo is the worse case scenario.
The fix for this scenario is competition. With a 60% market share on MacOS (the on my comparable market where Safari is the default), as long as apple meets developer needs then I can’t see them losing a majority market share on iOS.
A highly funded Webkit be able to contribute to the web ecosystem instead of holding it back.
> The issue is you are focusing on the specific APIs as a strawman argument
I focused on some APIs I know about. There's nothing strawman about facts that you misrepresented in your diatribe. How can I be sure that you represented everything else correctly?
Oh. I can't. Because I also saw your section on "Edge differentiation".
Should I go through everyting else and discover same misrepresentation and falseness? I think I won't, these two are quite enough, thank you.
> Instead let’s focus on the core issues
You keep skipping from goal post to goal post, and each next argument you make isn't made in good faith.
> 1. 2.
I'm not even going to dignify this speculation with an answer
> 3. 4.
And again and again all comes down to literally one or two standards. That's it. That's all you really have.
Well, sometimes you have more, but then it's just a random dump of random standards that you are absolutely sure are actual standards (and not "Draft comunity reports" by Google) and that everyone must implement them now.
> Without a viable web ecosystem on iOS mobile
Please define a "viable web ecosystem". So far it looks like to you "a viable ecosystem" is "anything that Google implements, others be damned".
> web apps are dead
Yes, they are dead. For many reasons that have nothing to do with notifications.
> The fix for this scenario is competition. With a 60% market share on MacOS
> A highly funded Webkit be able to contribute to the web ecosystem instead of holding it back.
Webkit is contributing to the web ecosystem, and isn't holding it back. For the obvious reason that your definition of a viable web is taken straight out of Google propaganda, and has nothing to do with making the web viable.
> if you can’t agree on any of the basic factual points.
Factual points I started with:
- Both Firefox and Safari are against most hardware APIs for many reasons including technical ones.
- The section "Edge differentiates from Chrome because it removed a few Google-specific things like Google Pay" is laughable
Your "response" is, "oh, you don't believe in web apps" and "Our group was initially formed by a group of people who develop for iOS Safari on daily basis".
These are not factual points. These are attempts to dodge a conversation. And when the conversation seemingly starts happening, it's "the facts you provided are not facts, they are strawmen".
Yes. It truly is pointless discussing this. There are many, many, many issues we can discuss about Safari. With people who have done their research and don't willingly assume the role of Google's propaganda amplifier. Thankfully, as the comments to the original link show, more and more people are starting have a more sober outlook on what's happening.
as an observer, most of your responses to valid, good faith points (e.g. "I'm not even going to dignify that with a response") seem to indicate that you are arguing to argue, rather than to come to clarity with the other person.
Also, they are pretty rude (for reasons beyond the above one), and seem to me to be against the spirit of HN commenting.
tl;dr if you think your dignity is above responding to someone, don't.
> Just as an example: do you believe web apps are currently treated by apple in a lower tier than native apps?
Does this have anything to do with anything I said in my thread? No. So, this question is not in good faith, so why should I engage with it?
> if so, do you think
Do you think that ascribing thoughts and words to your opponent that your opponent never thought or said is a good argument?
It doesn't matter what I think or what I don't think when my argument literally began with finding incorrect arguments made in actual bad faith with no research in the "paper" made by OWA. Both you and OP couldn't care less, and you both try to deflect with "do you believe blah blah blah".
I could go with a not-so-fine-comb through the document and point out every misrepresentation, incorrect assumption and outright lies. I picked two. What followed is now open for the world to see.
>Does this have anything to do with anything I said in my thread? No. So, this question is not in good faith, so why should I engage with it?
You clearly don't understand what "good faith" is, and certainly are not an unbiased judge of it, being 1 of the 2 people involved in the accusation. It means asking because you are legitimately interested in the answer. It does not mean "I, as self-appointed judge of this discussion, unilaterally deem your question irrelevant". Indeed, if the question and answer are actually irrelevant, you can trust the smart posters here to be the judge of that, so you need not fear answering truthfully and candidly.
In any case, _I_ am legitimately interested in the answer, but even without my admission, you are supposed to assume good faith on this forum (HN), versus your current, combative, antagonistic, almost litigious (OBJECTION, RELEVANCE! SUSTAINED, I RULE IN MY OWN FAVOR!) attitude towards your fellow posters.
That is not my point. I mean the point is that many people who chose to own IOS did that because of privacy and security it provides as the current apple ecosystem. It is like choosing a private school with a restrict rules and code of conduct over another private school with more open rules (options) since you pay for your phone anyway.
Sue user choice. But some times less choice is better. If every website prompts for push notifications my dad would end up throwing his phone out the window in anger if he started getting notifications because a website updated. My parents have no clue what they are doing on a phone. The less features the better.
Apple and Google are 99% of the smartphone market. Together they set an unreasonable set of rules for mobile application development and distribution. They control search, advertising, and web technology, and there's little control individuals or other companies - even big ones - can exert against them.
They both need to be stripped of their extraordinary powers so that user freedom and proper capitalistic competition can be restored.
It's likely that any regulatory action taken against Apple and Google will force the companies to innovate more and become healthier themselves.
I detest many policies of both those companies, but neither company was created by the government. Are they not the result of "capitalistic competition?" Motorola and Blackberry shat the bed year after year, allowing the current situation to develop. Even while being called out on their incompetence by customers.
The companies who should be punished for anti-competitive behavior are the telecom companies. Not only do they restrict what devices can be activated on their networks, but they force Android users to wait months, years, or forever for them to dribble out a garbage-laden, proprietary version of the OS for every specific model of phone, one at a time.
And then there's the idiotic locking of phones; it's not just that it should be illegal, but it's also backward: U.S. phone companies lock the phones of people who are UNDER CONTRACT. Talk about stupid. These people are contractually obligated to keep paying, so who cares if they take their phones to another network? That's a net win for the phone company, since they're paying for NO service!
A competitor having a minority market share is not a justification for suppressing competition. The suppression (Apple preventing Mozilla from implementing features on Firefox for iOS that are available on Firefox for non-iOS platforms) is part of the reason Firefox has an even lower market share on iOS.
Also since Firefox for android removed one of its distinctive features a few years ago; once you could set it to ask how to open a link (send to another device, share, copy to clipboard, open normally) when an app tried to start a browser; now you can no longer do that.
I use different browsers for different things so I want to chose how to open external app links.
I would install a shim browser that does just that if I knew of one.
It also integrates ClearURLs functionality (https://gitlab.com/KevinRoebert/ClearUrls) to let you remove tracking from links before sending it to the browser or app. This feature is optional.
"Open Link With" is indeed great for routing between different apps, but the problem remains that within Firefox you currently no longer have any choice of what to do with the link – it'll always open the full browser and open a new tab first.
Previously,
1. you had the choice of activating the "tab queue" system for links opened with Firefox, i.e. the URLs would then only be saved in a list in the background instead of launching the full browser.
2. when sharing an URL with Firefox, you had the aforementioned choice of "actually open the link", "bookmark it", or "use Firefox Sync to send the URL to some other Firefox instance in your Sync account". The latter two choices happened in the background, so you didn't have to wait for the full browser UI+engine to start first, the page to load, etc. etc.
They used to have a port of Safari for Windows. It was as popular as you'd expect. Having said that, WebKit - the engine underpinning Safari - is open source with BSD and LGPL 2.1 compatible licensing (https://webkit.org/project/). In addition, they make the engine available for use on Linux (https://webkit.org/downloads/). Gnome Epiphany is a browser based on WebKit (https://github.com/GNOME/epiphany). According to their manifesto, they support Simplicity, Standards Compliance and Software Freedom. Specifically, "Epiphany opposes the dominance of the web by proprietary software web browsers. Today's chief offender is Google Chrome, a browser that purports to be open source, yet actually includes several proprietary components."
https://github.com/GNOME/epiphany
Yes the weird thing is that on mobile it actually mentions Firefox as a supported browser, it just says you must have the latest version. Which I do but it still won't work.
On desktop it doesn't even list Firefox as an option at all.. It's pretty annoying for me because I use that portal a lot for work and I use FF on everything. Safari is not an option for me because I use Mac, FreeBSD, Windows, Linux, Android all mixed and I need the sync.
And yeah I think they're just blocking the agent. I haven't tried bypassing it. I kinda was afraid something would go wrong (I don't want to wipe 10.000 iPhones from the portal instead of 1 - lol)
Safari for Windows did exist (it was supremely terrible, IMHO). Apple says 5.1.7 was the last version of that; if versioning matches the Mac OS builds, that was from 10 years ago.
It’s wild to have such huge differences in experience, I bought my iPhone because I borrowed my friends and was shocked at how fast Safari was compared to mobile Chrome.
There were some limitations for third-party browsers on iOS that made them slower than Safari in the past, notably that they couldn't use the Nitro JavaScript Engine.
The colorways were an antifeature to me (seriously what's the point of introducing a feature when you're already planning to drop it 2 months later) and I'm still waiting for real containers on mobile (the fb one is useless to me as I don't use Facebook) but the other features yeah they're great
Let's not pretend all of HN is a hive mind. I for one thought that Firefox the browser had chosen not to be on IOS because to they couldn't use Gecko. This is new information to me.
So no, using the proper names for things is not a semantic nitpick. The commentator didn't not try to invalidate the parent's point, just show the language issue.
Right, so you can use a Firefox-themed safari, nothing "actual" about it. Coming from Firefox on Android to Firefox on iOS, I can assure you the experiences are in no way similar. The main reason I even use Firefox on iOS is for the sync integration. I honestly can't think of another thing that Firefox is able to do on iOS that makes it "Firefox" at all.
There is a difference. Gecko might implement features that would allow sites to work and look better in Firefox (for example, smoother scrolling, better animations, new CSS/HTML/JS features and so on). But Apple doesn't allow other browser engines, and Firefox cannot use this as an advantage to compete with Safari.
Also, if Apple allowed other browser engines with better support for new features, then web developers might stop caring about supporting Safari. This might be another reason why Apple doesn't want other browsers on their devices.
Apple wants to make sure that all websites work on their phones out of the box the horror.
Like take the alternative world where the first thing you have to do after setting up your iPhone is installing Chrome because developers found it less effort to just target Chrome. Are we better off?
Yup. When you ask people "what exactly so horrible about Safari", WebPush is inevitably the number one thing, followed by a bunch of Chrome non-standards like hardware APIs.
Truly, truly a horrible browser that is impossible to use (even though I've been using it for over 10 years now)
You mean Web Workers that were available in Safari since version 4?
Or Shared Web Workers that were originally implemented in Safari version 5? No idea why they got removed to re-appear later, and I honestly can't care: I prefer browsers to be careful with standards than just rush forward.
Why is it that these "examples" are never actual examples?
- compile Gecko to JavaScript and run it in Safari.
If you serve the compiled Gecko from a web server I don’t see them stopping you from doing the second, but of course, it would just be Gecko, not FireFox, and performance ‘might’ be somewhat subpar.
No one is using Firefox on mobile so it’s good for you, but not web on the whole.
Also while an independent entity having a larger presence is better than Apple at least Apple having a large market share makes Google need to consider what happens in safari before they do something particularly shady with web standards
You are unfortunately part of the "no one" segment, that half a percent of mobile browser users internationally / across platforms - even less than Firefox's desktop share
I am No one, we are legion. Have been using FF on mobile since it became viable, many years ago. I just like my ads blocked and my data mine, that's why.
Count me among the ones using FF Mobile. I can't imagine browsing the mobile web without an ad-blocker, and I'm happy to fight back against the browser duopoloy.
Right? Mobile web browsing is enough of a shitshow without ads cluttering everything; browsing on a phone without uBlock Origin sounds absolutely horrific.
I'm the opposite. I hate it, but I use it because of ublock origin. I'm of the opinion that all mobile browsers are awful. Because of the lack either privacy, security, or UX. Can't have them all. If I could, I'd continue to use Firefox for Android 68. It had a much better UX including a tablet mode. Now the most recent version's UX is full of slow ui animations, lack of features, customization, etc. At least it has privacy and security.
If you do something that benefits Firefox, but has an outsized benefit for Firefox' competitors (or rather, anti-Firefox hegemony) and the net effect is overall worse for Firefox, then that thing that benefited Firefox was not good.
Apple owns their platform and not you. They aren't forcing you to choose it as a platform or telling you that you can't buy an Android phone in order to use Firefox.
In my opinion, the free market argument falls flat when we're speaking of a duopoly. The existence of one competitor whose policies are at least as bad or worse is not really choice.
IE shipped on (almost) every machine, had a ton of lock in features like ActiveX, etc. MS actively abused their monopoly position to make it so preventing default installation of Netscape by OEMs, incentivising ISVs to ensure web based enterprise products shipped with "Works best in Internet Explorer" etc.
Netscape lost market share to IE not because it lost users but because while the userbase was massively expanding they were buying Wintel boxes that shipped with IE on them so they never learnt that Netscape existed.
Chrome is something users install because it's their preferred choice. We can argue as to why it's their preferred choice but the point remains that users actively download and install Chrome - usually as one of the first things they do when they purchase a new computer.
That to me puts things on an entirely different level. To compete reasonably with Chrome you need to compete for users directly. You could argue that Google abuses it's monopoly position to market Chrome and that would probably be a valid argument but again, it doesn't change the active decision users are making.
If anything Safari (especially on iOS) is more like IE. In that it serves Apple more than it serves users. Apple wants PWAs to remain gimped, by simply dragging their feet or refusing to implement certain web standards/proposals they effectively gimp PWAs. This forces apps to be written for their platform which in turn is where they generate the vast majority of their scalable growth/profit.
Pretending that just cause chrome doesn't come installed with the android open src project, means it isn't a "default" for android is silly; yes, google play services isn't required for android, but an overwhelming majority of android users will see chrome as the default for the OS. You claim they are making a choice, but for the average user it doesn't seem like much of a choice. It's easier for most android apps just to use chrome as an "in app browser", while the users have the option to use a different browser, most won't.
No it isn't - that is a choice made by phone vendors to include it, but they are perfectly free to ship their phones with firefox, or opera, or no browser at all.
The android OS has no knowledge of chrome and it doesn't get any special handling or abilities like iOS/Safari.
Indeed. can you imagine if Microsoft had made it so that IE was the only browser you were allowed to install on Windows so you couldn't install Netscape even if you wanted to?
This would have been fine if Windows wasn't 95+% of desktop computer market share at the time. The regulatory argument was that Microsoft was abusing their desktop OS monopoly to give themselves an unfair advantage in another market (browsers).
By contrast iOS is ~50% of mobile OS market share (in the US, I think it's less elsewhere). Hardly a monopoly. If using a different mobile browser is important to you, there's a competing, popular mobile OS that can provide that.
This logic doesn't work with just two competitors globally. What if choosing my browser isn't the only thing important to me?
If governments give corporations with such overwhelming market dominance completely free rein then developers are nothing more than sharecroppers and consumers are going to pay the price either financially, in terms of privacy or through limited choice.
Yeah, if you've chosen a contrived and extremely narrowly defined market as the one you base whether something is a monopoly, of course it's going to sound like a monopoly.
Also: It was bad for Microsoft if browsers became too good as the Windows OS then could too easily be replaced by cheaper platforms. So Microsoft wanted to keep browsers back as much as possible.
It's good for Google when Chrome is good. So Google has a great incitament to improve Chrome. The only drawbacks would be proprietary functionality others can't use.
The other drawback is that Google is an advertising company that has an incentive to track users across the web. In a Chrome monopoly how easy would it be to avoid being tracked? Especially by Google. Recently, Chrome was the only major browser to adopt Google's FLoC[1]. If Chrome was even more dominant would it have mattered if Edge/Safari/Firefox didn't adopt this tracking technology?
Google is an advertising company, but that's not the main reason for their privacy sandbox and it's ad-friendly features. Google needs the open web to survive as a search provider. If everything turns into a paywall or cookie/privacy wall then Google can't index that content. They already can't see the content on Facebook and Twitter.
Google makes most of their money from search ads -- I've heard upwards of 80% -- and search ads supposedly don't even use targeting information.
> Chrome is something users install because it's their preferred choice. We can argue as to why it's their preferred choice but the point remains that users actively download and install Chrome - usually as one of the first things they do when they purchase a new computer.
Chrome is getting bundled with a buttload of software. So many software that comes with an ‘installer’ has a hidden checkbox somewhere that if you don’t uncheck it, it will install Chrome on your windows machine.
Also Edge is now the default on Windows which is also Chromium. So a Chromium-only future doesn’t sound so distant anymore.
I think there is a big difference between engine monopoly vs browser monopoly, however that does depend on how well governance works for the Chromium project (I really don't know enough to assert anything concrete).
Namely an engine isn't a product and most value-add is in the porcelain of the browser, implementation of web standards -shouldn't- be a competitive advantage because doing leads the the sort of fragmentation that we don't want.
If all the major browsers shared and worked on a single engine collaboratively (similar to PostgreSQL and Linux) I think the web would be a -much- better place as a result for a number of reasons.
1. Aforementioned standards could be relied on by developers.
2. Browser vendors could spend less time duplicating efforts on low level standards implementation that aren't product differentiation.
3. Platform specific performance optimisation could be shared across browsers instead, i.e Safari like energy performance for everyone.
4. Plugin architecture could potentially be shared across all available browsers which would help plugin authors out significantly.
5. The engine could be linked as a dynamic library so that multiple browsers could be installed without duplicating the engine binaries if they are using the same version (probably only viable on Linux distributions but would be nice)
6. Fuzzing and security efforts wouldn't need to be duplicated across engines. This is important because of just how gnarly the sorts of code you see in browsers. Namely XML/SGML parsers, JS runtimes/isolation, etc. Also with every vendor chipping in this infrastructure could likely be greatly expanded.
This is a utopian view and most of this probably wouldn't come to pass because the world sucks at doing the "right" thing but the potential is there.
On the other hand the downsides mostly amount to Chromium governance could be bad and Google could abuse their position to make it hard to create new browsers based on Chromium/Blink. However they would be incentivised not to in order to prevent a return to the current fragmented situation.
Current theoretical way of web standards is: a standard can only become a standard if there are two independent implementations of it.
This somewhat prevents browsers from implementing fully proprietary tech that canät be replicated by anyone else. It does lead to problems like WebSQL being scrapped (the idea was to basically run sqlite in the browser, Mozilla said they donät want to reverse-engineer sqlite behaviour for an independent implementation, the idea was scrapped).
However, with Google dominance we see more and more things appearing in Chrome only and based on Chrome's own goals, and then advertised as standards.
There's an ideal state somewhere, but I don't know how we could reach it.
Lets face it - IE always just sucked. A lot. Whereas Chrome does not. Here on HN we might rail on it mainly for ideological reasons but the user experience is pretty solid. This is coming from a Firefox user.
IE 4 and 6 were decent to good compared to competitors when released (although, IIRC, neither had ftp support?). What sucked was that they stagnated at that point in time while also becoming dominant. IE 5 for mac was well regarded, but I don't have personal memories.
None of the future IEs were very good though, IMHO.
At the time you didn't need to ship ftp with IE. You could load up an FTP site by opening up an FTP address in explorer. You didn't get the familiar html-netscape-like interface but you could navigate an FTP site like it was just a network folder.
Do you remember the early 2000's? IE was your only choice for a decent browser. Netscape was bordering obsolescence (bad CSS support, generally unstable, slow rendering.) Even Apple was shipping it on the Mac! It wasn't until the 2.0 release of Firefox in 2006 that there was finally a decent alternative.
I started using Firefox in the 0. versions mainly because someone wrote an extension to have tabs with websites in one window. That was it for me and I use Firefox ever since. I managed to survive the memory bloat phase. I was super happy when the quantum version was released and Firefox was suddenly on par again with chrome. At least for a short moment. I‘m an iOS user because I try to keep google out of my live (need to get rid of YouTube though). I also use the Firefox app but only since iOS supports the feature to set a different default browser app. Before that it was useless to use a different browser app when any link from other apps always open Safari.
Maybe so, but please don't post unsubstantive (or name-calling) comments to HN. If you want to say specifically what you think is correct or incorrect, that would of course be great.
It's not Apple's choice to make on whether or not Chrome becomes a browser monopoly - fighting anti-competitiveness with anti-competitiveness is not a solution. The chips will fall as they will and we will all be left to deal with the aftermath. That's the way it has to be.
What? Why? I assure you that's not how Google thought of it when they were facing off against Firefox and IE. They were putting Chrome installers in every SourceForge download and telling you to install Chrome when you searched Google. Why should their competitors lie down and let Chrome roll over them?
For one, people still had the decision to download Chrome even if it was advertised heavily. Apple forces Safari on all their iOS users since all the browsers have to use WebKit.
Lots of people use non-Safari browsers on iOS (Chrome, Firefox, Edge, Opera, Brave, DuckDuckGo), and iOS lets you choose your default browser. I know you know Safari <> WebKit, but 99.99% of users don't know or care about the plumbing.
Apple was very similar in that regard as well. They were putting Safari installers in iTunes updates. People bought a new iPod and needed a new version of iTunes to sync with it? Magically they have now Safari installed.
And they were pushing it at a time when Safari for Windows was slower than Internet Explorer.
Did the Chrome installers install themselves? Besides, if users were already using other browsers, installing Chrome wouldn't have affected their existing browser's functionality. It was their choice to try out the new browser, and they could always go back to their old browser if they so desired.
Yes Chrome installers install themselves. Chrome is bundled with installers for unrelated products, and you have to deliberately uncheck it to not install it. Example:
The death of the open web as we currently know it could lead to an even better successor over time though. We just can't know if the current hill is worth dying on - it may be for future generations to solve.
Short term, it's decidedly not good, but long term? How can we know?
If the approach is so inherently flawed that this result is an inevitability, maybe it deserves to die and be replaced by something else.
> If the approach is so inherently flawed that this result is an inevitability, maybe it deserves to die and be replaced by something else.
These are all systems and projects created and run by human minds. Nothing is "inevitable" and nothing "deserves" to die. These are just outcomes of choices by users, vendors, and regulators. I think many people here are advocating for choices that would keep some kind of competition to Chrome alive. You seem to be advocating for the opposite. That's not necessarily wrong or bad, but Chrome becoming a total monopoly is not "inevitable" either.
Short term, the death of the open web will likely mean many real-world human deaths, because censorship by oppressive regimes becomes far simpler the fewer options people have (or are aware of) for methods to access the open web.
In my head the flowchart looks like this:
Closed/censored web only -> People giving up hope/being caught trying to escape oppression -> increased human suffering and untimely death
I'll agree with what you're saying about long-term consequences, but you could argue the same thing about the death of nations/states, couldn't you? And how many times in history have nations collapsed without periods of wanton destruction and looting due to the power vacuum?
Man, I use Firefox for Christ sake. You don't have to be anti open web to know letting anti-competitive behaviour run rampant is even worse than having the open web that we have today.
Your perspective is as insane to me as mine is to you. Don't let a corporation make decisions about your computing freedom for you.
Anti-competitive behaviour from both sides is why we're in this situation (Apple/Safari/Chrome) to begin with.
Safari was created so Apple wouldn’t be totally dependent on MS for a web browser. They’ve been in that situation many times before (and since). Apple is allergic to depending on someone else for something really important.
Why does Chrome exist? Same reason. Google didn’t want to depend on being at the whims of Microsoft. They wanted to ensure they would have a browser that would do what they needed.
Both existed to open the internet more from what was going on at the time.
Now people want to kill one to let the other become triumphant.
What doesnt make sense to me are people thinking that Safari will die if Apple is forced to allow other browsers on iPhone.
Don't underestimate the inertia of defaults. Safari will still be the default browser.
A way more likely scenario is that Apple no longer will be able to drag their feet, holding the web back, but instead will actually have to keep Safari up to date and competetive with other browsers.
This is how we end up with the death of uBlock origin (in a few months from now) on January 2023.
Firefox has resisted this thus far but I am pretty sure Google will eventually twist their arms enough to either kill it, or at the very least _severely_ handicap it.
Google is a threat to the open web, it needs to be heavily regulated and punished for all its despicable behaviors: from harvesting user data without consent to tracking our every move and selling it to anyone who wants it for pittance.
I am very well aware of the fact that many of the HNers are partaking in this and am not going to pretend that I wouldn't be tempted had I been in their shoes but I think it's time to for the smoke and mirrors to clear: Google is nothing more than a giant spyware and an adware company because their core business model _literally_ requires it. This is why they keep fighting against privacy regulations, lobby the governments, punish Adblock extensions and come up with clever ways to circumvent your privacy protections.
So no, I for one am glad that at least Apple exists to thwart this. They may not be doing this because of their "ethics" but given the choice, I'd rather side with Apple on this one.
Correct me if I'm wrong but Safari already does, and long has done, the thing that people are objecting to Chrome changing: not allowing extensions to just hook into and pre-block requests, instead only allowing limited patterns to be set and matched against. uBlock Origin hasn't been available on Safari since it made this change several years ago.
So I don't know that seeing Safari as a bulwark against Chrome really makes sense here.
But letting the chips fall where they may is what led to the current situation, with a browser market heavily distorted and made anti-competitive by two tech giants. What people are asking for is a regulator that steps in and redresses the imbalances so a healthy browser market can arise.
If the regulator does not step in they are choosing the status quo which by itself also is a deliberate choice. Inaction is always also a form of action.
It's the regulators job. If they don't do their job, the users (not another anti-competitive company) will take matters into their own hands. There are alternative protocols that could be developed - the only reason they haven't taken off is because we are at stalemate.
Libertarianism as an absolutist ideology that proscribes courses of action for moral reasons and literally requires helplessness and passivity from everyone is not, I believe, the original flavor.
People do not seem to understand how important it is to Google they they achieve full control of the browser end of the WWW.
The blog post at the top of this thread talks about CVEs and other measures of resistance to 3rd party bad actors. It does not engage with the concept of Google themselves as a bad actor.
With full control of the rendering engine on all platforms, Google can stop engaging with standards bodies. Web rendering standards will become simply what Google says they are, even if it is to their benefit. Imagine AMP but on steroids. When Safari stops rendering mobile sites correctly, there will be lots of helpful friends and family (and ads) telling folks to "just switch to Chrome, it's a better browser anyway."
Google could also ship their own root certificate list and take control of Web PKI. Imagine Symantec but entirely at Google's option. Play ball or get security warnings. This would allow an end run around the democratization afforded by Let's Encrypt, for example. Controlling 90% of the client end of TLS confers just as much power as controlling the CA end.
Google also has no incentive to make Chrome secure or performant on iOS devices; they run the competing mobile OS platform. If Chrome/Blink is forced into iOS, it won't be long before complaints crop up and we start seeing "Android runs Chrome better than iPhone" ads.
The fundamental fight is not about browsers, it is about defining the platform: "commoditizing your complement." Google wants Chrome to be the platform, and commoditize the computer. This will let Google centralize profits to itself. This is why Android is free (as long as you ship Google's services too).
They will spend as much as they must to achieve this. It is existential.
Lots of folks in this thread talking about Firefox. In this context, Firefox is a strategic front-end for Google. Google is essentially paying for Firefox to continue existing, so that people will use Firefox as an ideological cudgel against Apple.
Also seeing some comments about antitrust. So the plan is to get the government to step in to quash the competition that exists, wait for all the predictable bad things to happen, and then get the government to step in again to re-establish competition.
Does anyone actually think this is a good idea? Or is "antitrust" just a convenient way to dismiss legitimate fears and objections.
Yeah I have a really hard time believing https://open-web-advocacy.org/ is not actually google but it is certainly aiming towards Google's benefit and, ironically, the end of any chance of an "open" web
> The fundamental fight is not about browsers, it is about defining the platform
The fundamental fight is always about eyeballs. Apple is holding the better cards because control over hardware gives you control over software which gives you control over eyeballs.
Self-own to spite Google. Apple should protect users by competing, not by guarding their monopoly power. Everybody loves Apple now, wait until they inevitably miss earnings and you're locked in their prison. It's a turnkey malevolent dictatorship.
No; my problem is when people are using the "open web" as a bludgeon to get Apple to allow Chrome on iOS. If you want Chrome on iOS, just say that. To pretend that there is open future of browser diversity once Chrome is allowed on iOS is underhanded.
I want Firefox on iOS, and I want Tor Browser on iOS, and I want Lynx on iOS, and I want wget on iOS, and I want youtube-dl on iOS, and I want to run whatever the hell I damn well please on iOS.
Underhanded? It's pretty clear that your stated goals don't align with your real goals here.
Edit: I have a hard time putting into words why your arguments seem so deceptive to me. It is like whataboutism: the arguments you are making are technically functional but they just completely fall apart with any reasonable weighing of the pros/cons because it betrays the "intrinsic" goals (choice, browser competition, functionality, security) for "extrinsic" goals (browser diversity, but mostly the success of safari). This makes me think that you're secretly misaligned and that you actually hold those "extrinsic" goals as your intrinsic goals.
I can be clear and transparent here. My position is that if you actually care about browser choice the biggest elephant in the room is Chromium. The reality is Google has shown that it will leverage it's properties like Gmail and YouTube to get users to install Chrome; from nagware to just outright breaking sites on other browsers.
If you want to force Apple to allow different browsers without addressing this problem, then you are trading one company's monopoly on a single platform for another company's monopoly globally. And there is no reason to believe that Google will behave any better than Apple has. It's not like Google hasn't tried to skip the standards process before.
So when people argue that "it's for browser diversity" I have to consider them as 1.) naive, 2.) actually working for Google. 3.) just developers who are tired of being forced to target multiple platforms.
Do I think it's ethical that this is how this stalemate is handled? No; taking away user choice is limiting the freedoms of users.
Do I think Safari is amazing? No; I think Chrome on Android, today, is better than Safari on iOS. I may be harming users today by forcing them on Safari.
Would I fold if Apple only allowed Firefox/Lynx/Netscape? Yes; My problem is with Chrome, not with other browsers. But I think the number of people who genuinely want to Firefox is tiny in comparison to the number of people who would just install Chrome.
My worst fear is that once Chrome is allowed on iOS, then there is no reason for Google, or anyone else, to target anything other than Chrome; and that would ultimately be harder to fix. A year of Chrome dominance, where developers only target Chrome would fully entrench Chrome and make it difficult for anyone to build a browser that wasn't just a Chrome fork that emulated all of Chrome's bugs and unspecified behaviors. The alternate solution, where the Chrome problem is addressed first, then the fix is "just" passing legislation that opens up iOS. One fix involves just changing the behavior of one company. The other fix involves changing the behavior of thousands of companies.
Get FF or some other browser a healthy market share first and then talk about cracking open iOS.
Instead what happens is this internecine warfare where everyone shits all over FF for political reasons (most of which have no relevance to their day to day use of a web browser) and uptake of Tor/Brave is miniscule and most everyone sticks with Chrome.
If you force Apple to open up iOS then Chrome just takes it over and Safari will take such a hit that Apple will probably have to kill it. Then Google will own 99% of the portal to the web.
I think I'm arguing with a bunch of Libertarians though who think that an unregulated market is some kind of magic sauce that will conjure up a Chrome competitor out of thin air, and not a recipe for monopolization.
Because Chrome will instantly start to out compete it. And once Safari is pushed down below 25% share on iOS then sites will feel more and more free to avoid testing on Safari and push users towards just using Chrome. Not having two different engines to have to test against means that even more the web becomes something that works on Chromium by default and is totally broken on Gecko. That makes FF even worse, and Google will totally control Chromium and the engine that browsers like Edge and Brave work on top of and will be able to dictate (in the "dictator" sense of that word) what the engine does (and while they might be somewhat responsive to Microsoft, they won't be to Brave). And we already won the battle to keep Windows from tying the browser to the O/S on windows and watched while we lost the war and Google completely took the engine over. Cracking open iOS is going to let Google take over that platform as well, it isn't going to make life any better for Gecko or any other alternative engine.
Let Apple permit the use of OSS browsers with their native rendering engines - problem solved. Will they do this ? I guess not because it means their native app development is threatened.
Safari only has ~20% market share because it's has ~25% of mobile and nearly 50% of tablet and only because Apple restricts those platforms. If Apple opened up their platform that would vanish and Chrome would take over.
The platform being relevant and closed is the only thing stopping Chrome from becoming the next Internet Explorer 6.
We started OWA with a group of primarily Safari first developers, in that iOS Safari is our primary target platform. We've had over a decade of major issues from rendering bugs, to lack of functionality to our apps breaking for months at a time waiting for a patch. The severe underfunding of Safari/webkit coupled with a ban on competition meant that it was never going to be viable to ship Web Apps to iOS. So the question is, how do you convince the worlds richest company to invest a extra few hundred million/year into their own browser?
The answer is competition. Competition provides Apple a deep incentive to produce a capable, feature risk browser at risk of losing users to the other vendors. Each 1% of Safari users is worth 150m/year in google search revenue, a number so large it would make even Apple take notice.
As web developers we see the value in having browser engine competition, many of us lived through the IE6 era and know the risks of the monopolistic competitive behavior like we're seeing from Apple (Side-point: At no point did Microsoft ever ban the competition).
The status-quo where Safari/Webkit was both stifling the Web and Web Apps and providing no competitive pressure on Chrome/Edge/Firefox + the severe underinvestment from Apple meant that a regulatory solution was needed.
> This is what I was talking about. There will only be one result to opening iOS and it scares me.
Why? Does Apple not have the resources to build a competitive browser? Do they not have the motivation? Do they not have the engineering skills? Do they not have a large and extremely desirable user-base who prefer to stay as much as possible in Apple's ecosystem?
Given all the advantages Apple has, how could it possibly be true that they can only get users by literally banning all competition on their main platform?
Replace Apple with Microsoft and you get your answer. Since when did having a trillion dollars guarantee success? Replace Apple with any company; do you think Google lacked the motivation and engineering skills to build a social network?
Ignoring much of the fact how Google would leverage it's existing properties to make sure you couldn't open a single web page without being nagged about installing Chrome; it would take a large amount of effort for anyone to compete to where Chrome is today and the result is that people would just Chrome.
And fine, I understand that as developers you don't want the burden of testing multiple platforms or being beholden to one platform that doesn't move as fast as Chrome. But to pretend this is about the "browser diversity" is where I have the problem. Just say you want Chrome and don't buy Google's framing that this about "open standards" when Google doesn't even hold Chrome to that standard.
> Since when did having a trillion dollars guarantee success?
So then your answer is that Apple's browser is significantly worse than competitors, and that users wouldn't use this much worse product if it were not for Apples anti-competitive behavior?
> But to pretend this is about the "browser diversity
> Just say you want Chrome
I think most open web supporters would be a lot happier if Apple even simply allowed Firefox.
That would still be massively better than the status quo.
Are you saying that all someone would have to do is argue for allowing just Firefox, and you would no longer do this thing where you attack some alleged secret motivations?
>So then your answer is that Apple's browser is significantly worse than competitors, and that users wouldn't use this much worse product if it were not for Apples anti-competitive behavior?
Yes. I hope it's exceedingly clear that I don't think Safari is God's gift to mankind.
>Are you saying that all someone would have to do is argue for allowing just Firefox
Yes. In fact they could be upfront and just say "just allow Chrome because I like developing for Chrome." But that's not what happens; it's "Apple is stifling competition because I want to use Netscape Navigator", when in actuality it's just developers that want to target a single platform, or Google who wants protect itself from Apple's power.
Maybe OWA is the exception here, but what I've found is the people making the most visible noise about this are connected to Google in some way. Consider this HN post from a couple days ago [1], where the author in his six-part series about browser choice, neglects to ever mention Chrome's dominance. Unsurprising that he was also a platform strategist at Google. You're telling me the guy who's job it is to make sure Google is an entrenched as possible doesn't like Apple's position on Safari? What a surprise. Then he tells you "don't worry about Chrome, this is about open standards!" - sounds underhanded to me.
At the very least, the cohort of users on Safari who can't switch prevents Google from just outright breaking some sites like Gmail and YouTube on every browser except Chrome.
Exactly. Let’s be very very clear here: the death of the open web will be not only because of Google and it’s internet multi-market dominance , but because of developers wanting to make their life easier, users and the future be dammed.
> Does Apple not have the resources to build a competitive browser?…
They do. They did. It’s called Safari. That’s how we got here.
What they DON’T have is any care about Windows/Linux/Android users. Apple makes their browser to make their platform the way they like.
If you want Apple to provide the competitive alternate browser on other platforms you’re asking the wrong company.
> Given all the advantages Apple has, how could it possibly be true that they can only get users by literally banning all competition on their main platform?
Google pushes Chrome with the #1 OS in the world (Android). With the #1 site, google.com. And the #2, YouTube.com. And gmail. And Google Maps. Maybe Waze. Chrome OS. GSuite.
They have an INSANE amount of power to push people to Chrome and off other browsers.
I’m not arguing pro-Apple. I’m arguing anti-Google.
Chrome is competition, and no, it's not alone: on the desktop market, where competition is not rigged as much as on mobile, Edge has 10% market share, and Firefox 7.5%. It's not insignificant.
> I want one of these “just open iOS” calls to include the consequences of what they’re calling for and how they plan to deal with it.
OWA has taken into account anti-competitive practices used by Google to gain browser market share, and made recommendation to mitigate or prevent them. In there submission to the japanese regulator [1], they include:
- 3.1.7: No Chrome Preferencing:
> Google should not use their control over the operating system to provide unfair preference to their own browser, Chrome, either through the operating system or agreements with partners.
- 3.1.8: Website Transparency Obligations:
> OWA suggests that where a Gatekeeper’s website does not support a browser which has above a 2% market share, they be compelled to publish a document containing detailed reasoning that prevents support of certain engines.
Yes it does, that's a totally different situation. Edge chose to use Chromium as its engine, Microsoft takes part in its development, they are free to remove or add any component from it, and if ever they wanted to they would be free to fork it and drop it for another engine at any time. None of that is true for WebKit skins on iOS.
Those recommendations are weak sauce. Websites are going to say stuff like “works best in Chrome!” and Google is going to encourage that. Nothing in those recommendations, assuming they’re even adopted, will solve that.
It’s disheartening - you have good intentions but almost everything you say is backwards.
Regulation on Apple only is the opposite of encouraging competition, it’s literally calling shots against the only fighter that’s pushing back on Chrome in a significant way - on market share, and maybe more importantly, on privacy and avoiding bloating web standards to further avoid total lock-in on V8.
Second, Apple has been accelerating greatly Safari development for years now and I worry your entire organization can’t admit it’s actually a great browser and has rapidly caught up in terms of correctness and features, and is now in fact leading in many ways. That it rejects some proposals isn’t inherently wrong, by the way, and the reasoning for many is just. I’m afraid if you admitted that, it’d pop a bubble in one of your core tenets, and given you made this mission driven thing with a single purpose, you’re sort of now forced into an intellectually dishonest place.
Because as a long time web develop myself who went from IE to Firefox to Chrome to Safari as my main browsers over the years, there’s simply *no doubt* that Safari as of a year or two ago started whooping Chromes ass. Like not even close, it feels like a different type of thing. It’s insanely fast, across so many dimensions, lighter, and I don’t get incompatibility almost ever anymore.
Your mission would achieve the opposite of what it wants - Apples platform isn’t a monopoly, Google's are. Google has a monopoly on Search, Browsers, and influence on the web. This would only strengthen the worse/stronger fighter. And it's all premised on a fundamentally unsound critique of Safari.
Why do I care if developing in Safari is hard for developers? If iOS opens up to chrome, it's game over for any kind of competition in the mobile browser war. Google will take over web standards and the death of the old republic will be complete. Android is your answer if you don't want Safari.
Lots of people want to explain why the government should force Apple to let native Chrome onto iOS.
I don't see anyone explaining what will force Google to continue supporting Safari once they have Chrome on iOS.
The reality is that they probably won't. Safari will break for Google services and pixels, and the only answer will be "switch to Chrome, things don't break there." Bye bye competition.
While I admire your stance on the internet being open I disagree.
Yes, opening browser engines would be good for the competition. But you missed one point: You assume all players will play fair in the competition. If all browser engines would be allowed over night, what would happen: Google will probably play really unfair. E.g. sadly the layout of Google will be messed up in Safari, youtube videos stutter/have lower resolution, everything is a lot slower, the performance will be sabotaged, but on Chrome everything will be working fine. There was even a precedent for something similar: [1]
This will probably come alongside with "Try it in Google Chrome", a lot of users would probably switch, thus the monopoly of Chromium would be unstoppable by pure market forces.
Yes, having only one browser engine is bad for the choice of the user, but it does have significant downsides.
As parent stated, Google can simply neglect to make their apps work well in Safari. They’ve done so in the past; GMail on Firefox was nigh-unusable due to a raft of dumb bugs for a long time, and it still uses substantially more CPU and memory than literally any other tab I have open on my browser. Right now they have to make an effort to support WebKit (Safari); as soon as they can push Blink (Chrome) to users, that motivation will go away.
In a discussion about encouraging browser diversity, are you seriously arguing that it’s an unreasonable burden on web developers to ensure their websites work on more than one browser engine?
> There was even a precedent for something similar: [1]
No there wasn't, unless you mean killing a 10 year old version of Internet explorer with a banner to a newer version of Internet explorer is somehow playing unfair.
Maybe precedent was an unfair word - I apologize - but it shows, how Google can/could use the power of having one of the most used websites in order to influence the choice of the browser.
Open Web Advocacy has been very clear that they want competition on iOS, not Chrome specifically. The reason being that the absence of competition is currently allowing Apple to deteriorate the web experience on iOS, preventing the web and web apps from competing with native apps. Their objective is to lift these artificial limitations imposed by Apple and free the web.
OWA members have actually been actively reporting WebKit bugs and interacting with the Safari team to help prioritise features and bug fixes on Twitter and elsewhere, showing the goal is to improve the overall web experience on iOS, not allow Chrome to become dominant. Here is one of their detailed bug report: https://github.com/web-platform-tests/interop-2022/issues/84.
> Open Web Advocacy has been very clear that they want competition on iOS
And it is being pointed out, repeatedly, that the only actual real competition is Chrome. When Chrome becomes an option then websites will abandon any pretense of adhering to standards and just code to Chrome. You can't pretend the mobile browser landscape won't just end up mirroring that of the desktop.
The total browser share of iOS shifting to Chrome, even if Chrome only got 50% of iOS users, would put the total browser share of Chrome over 90%. There would be no impetus for any website to write for anything but Chrome.
This whole chrome fetish thing you've got is actually the issue. Everyone thinks "there is only Chrome" so in a sense we all deceive ourselves. I don't know a single person anymore who uses Chrome. Maybe you do but that's not really the point. If you don't want a Chrome hegemony then don't fool yourself into thinking there is one and don't proliferate that ideology. Tell your product people that NO, you're not going to just ship the Chrome version and support Safari and Firefox later. Put in the work to make software work on other browsers. That's how you break the status quo. The amount of times I've seen some software company tell users "our product only works on Chrome" is disgusting. No wonder it's popular... people don't have a choice because of shitty software.
Chromium != Chrome. We're talking about some world where Google Chrome takes over everything not where Chromium derivatives compete with Google Chrome for browser market share based on features and merits. That latter outcome defeats the "chrome hegemony" which is what the person I initially responded to is complaining about.
Chromium dominance is effectively Google dominance when it comes to the open web. That is a world where Google no longer has to follow any sort of standards body because it is the standard. Another commenter, snowwrestler[1], put it best:
>With full control of the rendering engine on all platforms, Google can stop engaging with standards bodies. Web rendering standards will become simply what Google says they are, even if it is to their benefit. Imagine AMP but on steroids. When Safari stops rendering mobile sites correctly, there will be lots of helpful friends and family (and ads) telling folks to "just switch to Chrome, it's a better browser anyway."
>Google could also ship their own root certificate list and take control of Web PKI. Imagine Symantec but entirely at Google's option. Play ball or get security warnings. This would allow an end run around the democratization afforded by Let's Encrypt, for example. Controlling 99% of the client end of TLS confers just as much power as controlling the CA end.
All of these items are built into how Chromium renders the web. The other Chromium derivatives will be forced to swallow these changes because what are they going to do? Fork and maintain their own browser engine? Bisect patches from upstream forever? How many of these Chromium forks will have the resources to maintain their own fork of something as complex as Chromium?
A 95% chromium world is the same as a 95% chrome world in many regards.
Following Chromium upstream is an extremely hard effort if you have done any kind of non trivial changes to it. There are constant refactors and changes. This means that your chromium using browser can't be anything more than just a reskin of Chrome, which means that you don't have the agency to support some feature that Chrome chose to not support, and the features you do support are likely going to be implemented 100% the same due to using the same code, including the bugs. This leads to the same "code assuming the bug" issues that if everyone used Chrome.
Furthermore, Google has a monopoly on Chromium developers, with only few people contributing from the outside. Your Chrome reskin team will likely be very skilled in maintaining a Chrome reskin but if Google ever decided to stop the Chromium project in favour of a closed source Chrome, there would be nobody who knows how to properly maintain the fork going forward, neither at your company, or available for hire.
You are 100% at the mercy of Google if you do a Chrome reskin.
Through this logic, iOS already allows firefox etc to run on its platform, if Firefox != Gecko.
except the issue here is the rendering engine and who controls in at the top level.
I don’t wanna live in the world we’re 90% of the Internet only supports chromium, yet everything from Edge to Opera use it now. Firefox and Safari the last holdouts keeping google from dominating all web standards.
Actually, yes. With Apple not having user choice, those of use who want a choice can choose Android. Lack of diversity in one ecosystem supports diversity in a broader context.
It's like prohibitions against importing some aggressive plant or animal species. It's a way of protecting local diversity.
This leaves the user who want actual choice crying in the corner.
Android is only the bare OS, and actual devices come either with Google bindings everywhere (mostly from direct contract with each phone maker in exchange to let them have the Play Store), or no Play Store at all (which usually means no commercial license for stuff like Felica as well, same situation as when wiping clean a phone basically).
To me it feels a lot like in the 90s when 'viable' alternatives to Windows were either overpriced and obsoleting Macs, or "every year is year of linux on the desktop" linux boxes. And getting shouted from every camp when complaining the situation really sucks.
Yes, I am happy with the Apple ecosystem in this regard. If I wanted to run a different browser engine, I could do so by buying an Android phone. I purchased an iOS phone specifically because I think the overall phone experience is better when certain aspects do not have a choice.
If android did not exist and Apple controlled the market it would be a different story, but that is far from the case.
Safari still has around 60% on MacoS and all the normal users believe that there is browser competition now. At best it's speculation, but we can compare that to the very real harms of Apple's browser ban.
It may be 60% on MacOS but that’s a very tiny market. Overall Chrome is quite dominant.
Numbers I found say on desktop Chrome is at 70%. Include the 7.75% for Edge (because it’s basically Chrome) and that’s almost 80%. FF at least exists and is similar to Safari.
On mobile it’s at 65%. Safari is the only other browser above
5%.
The size of macOS market is not relevant for the point being made here. What matters is that macOS is very similar to iOS in that it is owned by Apple, Safari is available on it, and comes pre-installed. The only difference is that on macOS browser competition is not banned by Apple. Yet, Safari still has around 60% market share on macOS.
So there is a good chance that even if competition where allowed on iOS, Safari, which currently has more than 90% market share, would at the very least not fall down below 60%, preventing Chrome from becoming dominant. It is even more likely because most users on iOS actually believe they can install the real Chrome, so nothing will change in their eyes.
> The size of macOS market is not relevant for the point being made here.
I disagree. There are already plenty of sites that are broken on macOS Safari because it's a niche platform. The only saving grace is that websites still have to support iOS Safari. If vendors were able to say "we only support Chrome" on iOS as well, I think that 60% macOS Safari marketshare would drop rapidly due to necessity.
If you want website to not be broken on Safari, the solution is to give developer without a Mac the ability to test on Safari. I wouldn't be able to fix my site if it's broken on Mac Safari if I don't have a Mac.
I support an Open web, I test my websites on Firefox and Chrome, I even occasionally do Edge testing, and I develop my websites often primarily in Firefox. But I'm not buying an iPhone or a laptop just to test websites, so I don't test in Safari.
Every other browser has a way to emulate in Linux, I can even download free VMs from Microsoft to test IE11 in Windows (and Edge now runs in Linux). If Apple isn't willing to make its operating system available to me to test on then I don't see why I should feel obligated to test on it.
And given that there is some Mac-specific behavior for Safari/Firefox that I've run into (differences in how blur works), and I generally can't assume that all of my stuff is going to work perfectly, I'm either going to fall back on progressive enhancement or (in the case of a complicated webapp) I'm going to tell users that Safari is unsupported and they're continuing at their own risk.
I'd love to support Safari. All Apple has to do is give me a way to.
I test in Epiphany, and have resolved some Safari bugs that way.
Unfortunately that's not enough, for two reasons:
1. Safari is the only browser that is still tied to OS release versions, the WebKit version used by Epiphany is rarely the same, so results will likely differ
2. Epiphany has no mobile emulation mode. (E.g., I had to work around around an annoying input zoom bug in Safari/iOS by blindly applying the least stupid solution I found searching the net)
That's a good point and probably a major strategic error on Apple's part.
However in the IE era, even though Netscape/Firefox was free for everyone to test on, many large companies made their sites for "IE Only" because it's easier and cheaper. What I worry about is that, even if Safari kept up with web standards and was mostly compatible in terms of the basics, sites would start requiring APIs that only Chrome wants to support (e.g. FLoC). This would give Google a lot of leverage to push its own technologies on users (Amp also comes to mind).
MacOS is the only market Safari actually competes in and has the same advantage by being the default.
I would actually expect the most likely outcome is Apple would fight hard to build a better browser to stem any losses to other browsers. They'll have at least 2 years to do it, so they can catch up in that time with enough investment.
Recall how Google gimped Windows Phone support on the web, presumably to advantage their own platform and web services. My fear is that they'd do the same to Safari on iOS. They could break support on iOS, to force users to Chrome, where they can better track and monetize their users.
They definitely have the capital to make it happen. Every time I boot up Safari after a MacOS update, I'm consistently wowed by how little of their revenue actually goes in to making a comfortable, feature-complete browser. It's almost like you're using a different, nerfed internet with Safari, but maybe that's just me being angry that uBlock Origin doesn't work anymore.
This has been debated to death, but there are no ad blockers on Safari that will work as well as uBlock Origin, because Safari doesn't have all of the APIs/hooks exposed that would be necessary to implement uBlock Origin's more advanced features.
It's the same problem that developers were talking about with Chrome's Manifest V3 -- to the point where popular adblockers for Safari like Adguard actually run outside of the browser so that they're not quite as limited as they otherwise would be by Safari's apis.
The nerfed experience of addons only specifying a significantly limited list of blocking rules, giving up being able to autonomously allow or deny each request with arbitrary parameters, surrogate scripts (replacing the original, tracking ones with privacy-friendly reimplementations) and cosmetically alter the webpage (e.g. fixing the layout with missing ads).
Actually that’s how the system is supposed to work: Let Chrome become a monopoly so that we can finally regulate it. The same thing happened with IE and we crossed that bridge when the time came.
Apple needs to open up their ecosystem to other browsers. This is not a suitable excuse.
Yes it was.
You're ignoring all the other things proprietary about IE and only considering the OS bundle one. JScript, VBScript, and ActiveX were the real problem. There we so many proprietary extensions to IE that were not even remotely supported elsewhere. Hell, C# even came out of the hell that was Microsoft's JVM, J++, and J# thanks to those trials
One could argue the successful legal action against IE bundling stopped Microsoft from further entrenching it in Windows. With Edge in Windows 10/11 you can see the kind of nudges that Microsoft probably wanted to add all along.
Seriously, I kind of wonder whether or not grass roots anti-Safari sentiment is dominated by web developers who resent having to test their sites in more than one web browser.
I don't like Safari because I can't get uBO or Tree Tabs for it, and because it's often the odd-one-out between the Chrome/Firefox/Safari triopoly in terms of feature support. The battery efficiency is nice though.
Fair, though I would suggest that Safari's feature support really is excellent (especially in recent months) and I would further say that I don't think the web needs to — or should — advance at the pace being set by Google. I actually like the fact that Safari is a bit slower. I think it's healthy for the web.
On desktop I personally use Firefox because I find it to be a good blend of performance and resource efficiency, plus it has excellent support of content blocking add-ons.
[To clarify, I had intended to refer to Safari on iOS specifically, vis a vis complaints about the lack of engine choice on iOS. But I recognise that my post didn't say what I had intended.]
Why does Apple get to choose how its competitor gets to compete?
We give microsoft plenty of flak for anti-competitive behavior. It deserves it too. Its not hard to see why.
But so does Apple.
Now why can't I install my silly joke app? Oh that's right Apple won't let me install my joke app on my devices or friends for more than a week or so for reasons. Even though it can be easily tracked to me, its signed etc.
Why is that? Control.
Why can't I have a linux vm chugging away on ipados? Apple says no. Why? Control.
If Apple wants to exert this much control then it really needs to accept liability. So those security defects? Where's the service level agreement to time limit those glaring holes?
Its therefore unacceptable for Apple to be slow to fix an issue when its competitor could have already fixed it. Oh wait, there are no competitors on ios since no one is allowed to compete. You must use webkit. How is that not anti-competitive?
No one is forced to use Apple products at all. Choosing an Apple product over non-apple products is a choice. There is extensive competition with Apple products. Choosing to buy an iPad, and being upset that they can't install linux on it, failed to do any product research before buying the product.
Many people, myself included, choose to use Apple products in part BECAUSE of how those products work and function, today. I don't want to install additional browsers, app stores, or other crap on my phone, I just want it to work well, out of the box with reasonably high security. For my needs Apple products provide that today.
If Apple's products don't fit your needs, the solution is trivial - don't buy Apple products.
The digital markets act only applies to certain companies, called "gatekeepers" that are large enough, have a certain very large amount of users, and have enough market power.
Generally speaking, the purpose of anti-trust law is not to effect small players, who do not control any markets.
Instead, the purpose of anti-trust law is to prevent multi-trillion dollar companies who control half of a duopoly, from doing anti-competitive actions.
So, for the examples that you gave, if those markets became multi-trillion dollar markets, in 2 company duopolies, then there would be laws created that would apply to them.
But sure, instead of having phone manufacturers compete with open competition in an open marketplace, let's have governments decide how my phone works. That sounds like a great idea. (Note: that is sarcasm.)
I wonder, is the EU promising to replace Apple's effective private regulatory environment around privacy control with something its equal or better? Given that "open markets" in software isn't a concept that respects national borders, I don't see how they could. Or are they just going to crack the nut open at the behest of lobbying efforts by other (mostly foreign) multi-billion dollar companies who stand to gain?
The point being, that in a situation where there is a 2 company duopoly, with multi trillion dollar companies, then there is going to be laws that regulate these multi trillion dollar companies that have significant market power.
> compete with open competition
They can compete all they want. They simply can't use their market power to anti competitively prevent users from installing other app stores or browsers, of their own choice.
A user is free to not install other app stores or browsers, if they don't want.
> let's have governments decide how my phone works
It is actually the user who will now be free to decide which app stores or browsers run on their own phone. Feel free to not install them, if you don't like those options.
Anyways this conversation doesn't much matter because the laws are about to be passed. I look forward to people crying about being unable to prevent other people from doing what they want with their own phone in the future.
Because there is nothing you or apple can do now, to prevent people from installing other app stores or browsers, on their own phone, pretty soon.
The app store/browser war is over. Apple lost. And users will soon be able to actually do what they want with their own phone, and Apple will no longer be able to force users, against their will, from install other app stores or browsers.
> It is actually the user who will now be free to decide
The user will be free to decide? Really? The user, most of whom are understandably ignorant to and/or disinterested in the nuances of privacy and tracking, won't remain captive to decisions implemented by programmers, hidden in code, concealed behind encryption and not exposed as a choice?
Free to decide. I can't fathom that anyone actually might seriously believe this overly simplistic fairytale. This kind of freedom doesn't exist and the kind of rules the EU plans to implement don't change that. All they do is shuffle around influence from one set of global billion-dollar companies to another set of global billion-dollar companies.
Or are you telling me that the EU will require mobile operating systems, app stores on those operating systems and all third party apps running on those operating systems to give users absolute freedom to control all aspects of how their privacy is handled?
At least now we have Apple in a position to (and motivated to) enforce privacy standards on behalf of its ecosystem. It's not often that capitalistic forces are so squarely focused at the consumer interest; dismiss it at our collective peril.
Yes, they can choose to not install whatever app store or browser that they want.
> or disinterested in the nuances of privacy and tracking
It sounds like you just don't like the user's choice. You could have just said that you disagree with what the user will do, and want to take away their choice to install whatever browser or app store that they want.
Don't pretend like you care about user choice, if you are then going to pivot and say that you disagree with the choice of the user, because you think the user is dumb, or would choose different than your personal preference.
Thats the problem. Just own your position. If you hate competition, and hate giving power to the user to choose whatever they want, and think that there needs to be a monopoly that anti-competitively controls everything that the user does, against their will, then just say that.
Just take your mask off, and say that you think that you know better than everyone else, about their own property, and want to force everyone else to do what you want, and you want to take away their ability to choose for themselves.
Don't dress it up like you were doing previously, like pretending like you care about markets. Just say that you hate the user's opinion, and you want to take away their freedoms to choose what they want to do with their own device, and stop hiding behind fake arguments that you don't believe in.
> to give users absolute freedom to control all aspects of how their privacy is handled?
Users will be given the choice to install whatever browser or app store that they want.
If a user prefers whatever it is that you are talking about, then they are free to not install those app stores or browsers, and continue to use the Apple recommended choice.
But once again, I look forward to people crying more about this soon. Because there is nothing you or Apple can do to stop users from installing alternative app stores and browser in the future, as the laws are about to be passed.
It is doubtful whether there's any point in me replying as little of what you've said has anything to do with anything I said. It appears you read my post and entirely misunderstood it. I will nonetheless offer a response to what you have written.
Your first misunderstanding is this assumption that competition and user choice hinges on the axis of "browsers and app stores". This isn't an objective fact, it's an opinion. A different and (at minimum) equally valid opinion is that user choice can hinge on the axis of phone ecosystems. Yet another axis could hinge on apps themselves — perhaps none of us are "free" until Facebook, Instagram, etc are all required by the EU to allow anyone to write fully featured native front-ends. Perhaps the freest of all is a marketplace with a diversity of axes, which is precisely what laws tend to demolish.
Your second misunderstanding is your continued smuggling in of the concept of "user choice" in a marketplace where users do not and cannot have anything remotely resembling real freedom of choice, no matter how many browser engines or app stores are available. Open source ecosystems aside, >99% of "choices" are made by the software developer exclusively. Choosing to acquire the same corporate-capitalist closed source spyware from vendor A or vendor B is an illusion of choice.
Your third misunderstanding is this absurd and self-evidently false claim that people who like the status quo will be able to simply ignore the new alternative app stores and browsers. If loading alternative app stores really does become seamless, companies like Facebook and Google will have absolutely no incentive to list their apps in Apple's store. In fact given that Apple's pro-privacy policies (like App Tracking Transparency) are causing these companies to lose enormous amounts of revenue, they have a MASSIVE commercial incentive to abandon the Apple App Store.
You say these laws are about to be passed. I haven't seen how any of these EU laws get around the reality of Apple's ownership of its own intellectual property. I can't imagine how the EU could force Apple to supply its intellectual property to app developers under different terms. So even if the EU does force open iOS to alternative stores, I'm really not sure how developers are going to legally build apps to put in those stores.
As for your continued barbs implying that I oppose user choice, I'm wearing a "mask", that I hate markets, that I hate opinions, that I'm taking away freedoms, that I am offering "fake arguments" which I "don't believe" and will be "crying" about EU laws. All I can say is that rejecting the possibility that someone can sincerely hold a different opinion to you is disappointing — and represents a barrier to intellectual curiosity.
> . I haven't seen how any of these EU laws get around the reality of Apple's ownership of its own intellectual property. I can't imagine how the EU could force Apple to supply its intellectual property to app developers under different terms
It is pretty simple. Companies that want to operate in the EU have to follow certain laws, or pay a huge fine.
Technically speaking, these are requirements to operate in the market. So I guess if Apple wants to pull out of international markets, and never sell an iPhone again in the EU, that would also be an option. But, my guess is that they don't want to lose those billions of dollars.
> I'm really not sure how developers are going to legally build apps to put in those stores.
Its simple. Either Apple follows the law and gives app developers the ability to build apps, pays a huge fine, or leaves the entire EU market. Those are Apple's only 3 choices. And if they try a clever way to get around the law by using some sort of intellectual property strategy that you are hinting at, then they pay the huge fine, which is calculated based on a large percentage of global revenue.
Enjoy thoses laws that you cannot stop! They will likely come into effect in less than a year. They can't be stopped. Apple should have addressed its own anti-competitive behavior before it got to the point where this was necessary. Its way too late now though.
Your lack of response to any of the substantive points is noted. But you are right, we’re all going to see. It will be interesting to see how it does play out. Nobody knows for sure how the chips will fall, but I’d wager that it won’t be nearly as simplistic as you’re imagining. Especially since your version of future events doesn’t even align with mainstream analysis of the DMA.
Cope? Seriously? I’m trying to have a considered conversation, I’m not interested in engaging you in an irrelevant battle of Twitter-derived smack talk.
I’ll say again, your version of future events doesn’t even align with mainstream analysis of the DMA.
Yes basically it is cope. Law makers created these laws, specifically for the purpose of opening up these app stores, among other things. And then you are saying that actually the law won't do what it is directly intending on doing.
The point of all of these laws are to open up these app stores. That is the direct goal. And clever attempts to get around them, will result in billions of dollars in fines to Apple.
I am happy to come back to your posts, months later when the laws are in effect, and make fun of you for being wrong on that though.
Really, I am more of a "I told you so" kind of person, though.
Because when I come back, and say "I told you so", you won't be able to make any cope/reaching/bad counterarguments. You'll know, definitively, that you were wrong, and you won't be able to hide from that.
These are falsifiable claims about how things will turn out. And since they are falsifiable, I can make fun of someone, when the statements are falsified, and the laws are in effect.
And there will be no hiding from how bad your predictions were, when I can show it to your face, when it happens.
When someone writes a law saying that Apple is required to give their intellectual property away for free and forcefully open the floodgates of third party app stores, and this law passes, and this law survives challenge in the relevant court, then you'll be entitled to be that "I told you so" kind of person.
Happy to wait.
In the meantime it seems you're operating under a misapprehension that any of that has occurred when in fact none of that has. Even the most optimistic reading of DMA doesn't support your fan fiction.
>I don't want to install additional browsers, app stores, or other crap on my phone, I just want it to work well, out of the box with reasonably high security.
Why would they hit 90%? I assume the way this would play out is that most people would stick with the stock browser because they don't even know/care about alternatives. The people that do care would likely install the same browser they use on desktop. I don't think Chrome owns 90% of desktop market share.
I completely agree, I'm just saying that using the Youtube app makes it convenient for Google were they to try and push iOS users towards Chrome (e.g. by showing a banner every time you open the app).
I doubt most users are using a dedicated third-party authenticator.
The issue is that even for users with third party Authenticator, they force you many extra clicks to use your own. You can’t set your own 2FA as default even after using it a 100 times. They make you jump through hoops to avoid YouTube or gmail for 2FA. Clearly it’s on purpose.
I don’t have sms. I have proper TOTP 2FA. And still, google keeps asking me to get my 2fa code in gmail or YouTube on iOS. It’s 3 extra annoying clicks to get it to accept my own 2FA.
It’s clearly on purpose to force me on their apps.
Yes, but again why would that suddenly mean 90% of people use it vs the reality of desktop today where they don't own 90% of the market? Why are 9 out of 10 people suddenly jumping ship because Google pushed chrome on their phone vs on their desktop PC?
You are ignoring that Chrome (+ Edge) already effectively controls > 85% of the the browser market, ignoring iOS. They only need a 25% uptake on iOS to push them over 90% globally
In terms of web traffic iOS is a large enough percentage that sites have to cater to iOS/Safari. Since Safari doesn't support all of Google's latest fingerprint/tracking friendly web APIs most sites won't hate their content behind them. As soon as a "just install Chrome" banner is viable on mobile there's no reason websites won't be flooded with Chrome-only features.
A Chrome-only web will edge out not just up to date competing browsers but any older iOS and Android devices that can't run top of tree Chrome.
According to this site [0], Chromium-based browsers' market share on desktop is ~79% today (Chrome, Edge, and Opera), with ~9% for Safari and 7% for FF.
Well, if chrome did have 90%+ market share maybe we would finally see some antitrust regulation against Google's monopoly (ideally splitting chrome off from Google). Although there is no guarantee that would happen.
This. If Chrome reaches certifiable monopoly levels, it becomes easier to use anti-monopolistic instruments to force them to unbundle browser-making from other activities - which is really how things should be.
- You're assuming that there's the political will to do so. In the US, the Department of Justice would prosecute an antitrust case, and cases in the past (most notably Microsoft's antitrust case) have been dropped as political winds have shifted.
- Antitrust proceedings are slow. The Microsoft case (which was a much more cut-and-dry antitrust case) was filed in May 1998 and settled in November 2001 -- three and a half years. Given that Google today moves faster than Microsoft in the late 90s, 3.5 years is enough time to drive a critical mass of users away from other browsers, which effectively kills any market.
- What antitrust behaviors could be forced that would restore a competitive browser market? I could see Google being forced to spin off Chrome into its own company or donate the code to a third-party, open-source organization, but these only shift the problem around, they don't get at the root issue of there not being a competitive browser market.
I think this won’t work because Chrome doesn’t have independent business model. Also, if Chrome is removed from Google they could create another alternative based on Chromium since it’s open source.
Wut? Independent browsers existed before Google, and still do.
The browser is such a key element of the web experience that the possibilities for commercial exploitation are fundamentally endless; the number of players in the space is kept low only by the amount of resources required to really compete with the biggest IT companies on the planet. If you could forbid such players from being in the market, you'd see a plethora of new entrants.
> if Chrome is removed from Google they could create another alternative based on Chromium
The point is not to remove Chrome, the point is to forbid web-giants like Google from being in the browser market, because it enables monopolistic practices towards their web properties. So they would obviously be forbidden from restarting the project as "ReChrome" or whatever.
I completely sympathize with this worry, but are we certain that allowing multiple browsers on iOS would mean Chrome dominance?
Part of the reason Chrome dominates on Android is because it's the default browser. How many people on iPhone are we expecting will change their default browser? As far as I know, most users don't change their messenger clients on iOS.
It's a somewhat legit concern given that people have alleged they basically did that already with Firefox.
And the stats make me curious -- given that Chrome on iOS is just a wrapper around Safari, are people just switching because Google Docs tells them to, and that's enough? I'm having a hard time of thinking of a functionality reason to switch to Chrome in iOS (maybe browser/bookmark sync, I guess). I'm surprised to see a number that high.
I have always highly suspected that normal people don’t know/care about how Chrome on iOS works. It’s only the developer community that is so outspoken about it.
Apple could also tackle Chrome's dominance in a different direction. Just invest much more aggressively in Safari and web apps, 10~20x OpEx. Release Safari on Android and all other major platforms. Make most of it fully open source. Make all of its first party apps available on the web.
Obviously this means that they need to give up on their iron grip on app developers so they didn't do that even if that was the exact path Steve envisioned. But that's not a good excuse either.
I've seen this claim a lot lately that Chrome is the new IE. I don't think it holds water.
First, IE was bundled onto virtually every computer at the time and Microsoft went out of their way to stop you from replacing it (eg system actions would use IE).
Second, Microsoft's anticompetitive IE behaviour was aimed at protecting its Window monopoly. Microsoft was worried that the Web would become a device-indepndent platform and that would obviate the need for Windows at all.
Third, is Chrome actually bundled to any large degree? There's enterprise bundling but how significant is it? There are Chromebooks but I feel like they're not a huge factor. I guess there's Android. Chrome's desktop share seems to be 68% [1]. That's impressive for an action people have to take to change the default.
Fourth, Google doesn't have the same motivations as Microsoft (in regards to protecting another platform). There are other much more real issues (eg favoring their other properties like Youtube) but crippling Chrome doesn't seem to be something that aligns with any of their interests. It seems way more likely that Youtube (etc) will work better in Chrome. While that's bad for other browsers, it doesn't have the same negative effects as what Microsoft tried.
Fifth, the core of Chrome (ie Webkit but also V8) is both open source and the core of other browsers (notably Safari and Edge) so it's less likely Web developers will end up in a situation where they effectively have to implement something twice, once for Chrome and once for the rest. That was pretty much the situation with IE.
Will it be a big deal in the future? Maybe. I don't really see this being a big problem anytime soon however.
It reminds me of what Apple did with iBooks: they weren't trying to do the right thing, they did it the wrong way, but if they had been successful, it would have been better for the market as a whole. The DoJ correctly went after Apple and eventually won, but they also should have looked at Amazon for using what were basically dumping-level prices to secure the market for themselves.
Apple is in the wrong to tie Safari to iOS and block the installation of other browsers. They're wrong to do it for the sake of keeping control of the OS. They're right to do it, because that's the only thing that's keeping Chrome from a near-monopoly of the browser space.
> It reminds me of what Apple did with iBooks: they weren't trying to do the right thing, they did it the wrong way, but if they had been successful, it would have been better for the market as a whole... Amazon for using what were basically dumping-level prices
Apple was successful in that regard though; the contracts they made with Big 5 remained intact and Apple didn't have to compete with Amazon on price. Apple's strategy was not better for the market as a whole because Apple never cared about the market as a whole. Due to Apple's anti-competitive behaviour we are still stuck with a Publishing industry decades behind on digital
The difference between Chrome and IE is that IE sucked, but Chrome is currently the best user experience. What's the problem? If you have privacy concerns there are enough alternatives. Opera, Brave, Tor browser, etc. perform pretty well.
IE gained market share most when it was a great user experience. IE 4 was frickin amazing compared to other browsers at the time. 5 and 6, _when they were released_, were also excellent browsers.
It wasn't until after they had dominance that IE really withered.
On the other hand, if Apple's anti-competitive practices end and Chrome finally hits 90%+ market share, it would make it much harder for regulators to ignore Chrome's dominance and might lead to some actual change for once.
Let me see if I have this straight. Apple has a tiny slice of the overall market, but you are terribly, terribly offended, and so your proposed solution is for Chrome to get more than 90% market share, because that would be a better situation? And "change" would result? How? You don't say. What change? You don't even hint.
It isn't in Chrome's interest to dominate 90%+ anyways. It already is being treated as the default browser when devs create frontends. It will almost certainly see regulation, at least in the EU to have some sort of standards compliance else Google is fined.
Because anti-trust. Companies answer to countries who don't like anti-competitive companies that aren't controlled by the state. People won't care but politicians will take notice of any company controlling almost all of their market which effectively gives them political leverage and dissatisfied voters. They also make for a great punching bag when politicians want to act like they are for the people because 100 million fine against Google means relatively little to google but a lot for getting voters to vote for you.
This is the absolute reality of what Open Web Advocacy is pushing for. A complete Chrome monopoly. It's really frustrating a couple lazy web devs with really incorrect understanding of the space keep getting so much attention.
Often times idealic and well-intentioned measure have negative consequences. Just look at how the EU's cookie banners have eroded the UX of the open web as an example.
It's not the "EU's cookie banners", it is the advertisers' cookie banners. The EU doesn't mandate cookie banners at all. It's the website's choice whether to pester users about having them accept targetting cookies.
The most natural implementation of the EU directive would be to have a place in User Settings where users can go and enable targeted advertising if they want it.
>The most natural implementation of the EU directive would be to have a place in User Settings where users can go and enable targeted advertising if they want it.
And why would we assume that these companies would follow the "most natural implementation"?
The very predictable response of the industry to the EU directive was to make the cookie banners as annoying as invasive as possible, such that users would consent to tracking out of apathy. No, it's not what the EU intended to happen, but it was a consequence. Which brings me back to my original point: often times idealic and well-intentioned measure have negative consequences.
In hindsight, perhaps the EU should've legislated that the UX for the tracking content cannot be unreasonably annoying. I don't know how I'd go about codifying that into law though.
I wish the EU had gone with this solution rather than the current regulations. However I can’t help but feel that the “loopholes” in the current regulations were intentional. Politicians have a history of rolling out regulations that have giant loopholes for their corporate friends to exploit.
"only technically necessary cookies"
That doesn't really help preserve privacy. There are so many techniques for tracking, detectable and undetectable.
I formulated it a bit to informal, I meant, that the website should just don't collect data from me unless it is really needed. (E.g. Tracking identifiers are not needed or collecting fingerprints from WebCanvas and so on)
The opt-out action has be to be equally easy and discoverable as the opt-in, which is never implemented this way and only just started to get enforced.
> It's not the "EU's cookie banners", it is the advertisers' cookie banners
It's the EU's cookie banners. Despite the EU's best intentions, the end result is worse. It was a naive move and we're all suffering for it. One of the biggest pieces of evidence that you can't just naively mandate something without also thinking through edge cases and "malicious compliance."
"Whatever you think of their decisions, Apple is the only thing stopping a 90%+ Chrome web."
Sorry what ? Can you point me to the place where I can download Safari for Linux and Windows and Android ? If they actually had those builds, I would believe what you say.
But no - All they are doing is protecting their turf by hitting every other browser with sticks so folks prefer native apps over web apps.
I also think that Apple is doing a good thing here. Since I don't use any Apple devices, I also don't have any trouble with it personally :)
(I'm doing my part by using Firefox.)
I think you make some good points, but you really need to tone it down. OP is sincerely voicing an opinion that is held by a lot of us here, and it's inappropriate to spew this much anger at them and accuse them of shilling and dishonesty. As in everything, someone can disagree with you without being evil.
Comparing CVE counts is a bit nonsensical. For instance, Chrome and Firefox don't individually assign CVEs for internally reported vulnerabilities.
For instance, in these patch notes Chrome lists "Various fixes from internal audits, fuzzing and other initiatives" and doesn't even look to have a CVE:
I agree, measuring "security" by counting CVE counts is a bit like measuring developer productivity by counting git commits, it simply doesn't make sense.
But in the grand schema of things, who cares how many CVEs a project has, when it can take almost 2 months for the project to ship updates fixing exploits that happen in the wild already? That's just out of control and unbelievable.
I seem to remember the CVE database search utility on Mitre's web site stating something along the lines of "comparing the number of CVEs by platform shouldn't be used to draw conclusions".
Possibly a CYA-esque liability statement, but the principle seemed sound.
Apple claiming security as a reason for monopoly, how classic.
The EU's digital markets act bans the only Safari lock on IOS, so this is gone whether apple likes it or not. (1 - sorry couldn't find a better source)
Safari is the new IE, there is a difference between a monopoly while still being able to use a competing product (like chrome in other platfroms), and forcing Safari(WebKit) while hindering the web because of Apples interests.(2-3)
> Safari is the new IE, there is a difference between a monopoly while still being able to use a competing product (like chrome in other platfroms), and forcing Safari(WebKit) while hindering the web because of Apples interests.(2-3)
Ehm. Chrome is the new IE.
Apple is using anti-competitive methods but its far far away from market domination.
Microsoft is doing even more, by pushing so much Edge-only stuff.
On iOS Apple forces the Webkit rendering, but for normal user it does not even matter much. They can download Chrome and get the UI they want.
> Apple is using anti-competitive methods but its far far away from market domination.
Apple Safari has, literally, 100% marketshare across the entire iPhone market. Its App Store also has 100% marketshare and enforces the Safari marketshare.
I have an iPhone 13 Pro Max. I love the hardware, but I'd love to install other browsers; why can't I? I'd also love to run real PWA's or run WebRTC without major issues. Why shouldn't I be able to do these things?
Apple enforces its own browser, which it carefully and deliberately hamstrings, in order to force web apps to not bypass the App Store, so Safari also enforces the App Store marketshare.
They're tightly tied together (so tight that the Windows-IE tying isn't even in the same galaxy) in order to enforce the other's marketshare. At least Microsoft allowed third party browsers and installing apps from other locations. This is tying on a completely different level.
For all your criticisms against Safari you still bought the most expensive phone on their lineup. So I guess they got so many other things right so you apparently still believe they ship the best phone out there.
I used to wish for Firefox on my iPhone too. But after a while I got skeptical this would benefit me or other users. Apple was the one to make the hard decision to kill Flash, and Firefox is known to have done their missteps too. So what if they are right in their decision and Safari does have a role in the reason you and so many others consider the iPhone the best phone to buy?
Well, I actually don't consider it the best phone to buy; I consider it among the best hardware. I think a Google Pixel is a much nicer and more comfortable phone, although the iPhone has a far better screen and is a lot prettier, although its shape is uncomfortable to hold, even with a nice Otterbox.
I'm running GrapheneOS on the Pixel. It is perhaps ironic that the best phone to de-Google is actually a Google, and that Google both allows this and explicitly supports it, but it's not possible to de-Apple any iPhone.
Yours is not the only comment I see here that eventually comes down to the OS discussion.
We are supposedly talking about Safari, yet Safari is tied to iOS not to the hardware. People can install Brave or Firefox on Android. But they are not ever satisfied. I don't have the numbers, but I suspect the sum of GrapheneOS and other de-Googled Android distributions might be bigger than the sum of Firefox and Brave on regular Android.
In the end, maybe Apple should just allow you to download some software that voids your warranty and roots the iPhone, while removing iOS. People can then reverse engineer and do whatever they want. But Apple's drivers and some of the chips are proprietary, and that I don't see a way people would convince regulators to enforce them to open-source those.
If you buy a computer from ASUS, you can download whatever browser you want. If you buy a cellphone from a Android-manufacturer, you can download whatever browser you want.
But if you buy an iPhone, you can only download browsers that are using Apples own browser.
Just because smartphones have traditionally been locked down, doesn't mean that it should be like that.
PCs were also pretty locked down the beginning. And Windows have tried a couple of times to move in that direction. But fortunately, we have a relatively open ecosystem when it comes to devices we use for "producing" things on. It's just missing that the devices we "consume" on works similarly.
PCs weren't made "open" by the government regulations. Any company if it wishes so could start selling a locked down Windows machine with no ability to replace the browser. Nobody will call this company "a monopoly" for that fact alone.
...which is equally ridiculous. If Sony is actively preventing Playstation owners from installing other browsers with their control over app distribution, then that too should be considered malicious and just further indicates how necessary sweeping legislation like this is.
> Do you understand that you are spouting conspiracy theory brain poison?
Why don't you actually refute the points they made instead? If it's so obviously "conspiracy theory brain poison"
Webkit quite literally has 100% market-share on the iOS platform, as no other browser engine is even allowed. Same goes for the App Store, 100% market-share.
> Apple Safari has, literally, 100% marketshare across the entire iPhone market. Its App Store also has 100% marketshare and enforces the Safari marketshare.
And that’s the big difference between Safari dominance and IE at the time. Safari is only on iOS/iPadOS dominant not in the entire market like IE was
IEs biggest problem isn't market domination, its hindering the entire web, and pushing proprietary stuff.
Safari is one of the worst browsers in terms of compatibility, like PWAs and notifications, they are unsupported on purpose to push developer to develop apps and give apple a cut.
And when they do adopt new technologies, they are often super late like webp.
Which is THE single selling points that brings everyone to make 2 native apps instead of one URL. It hs been available on Android for a decade, and is still undetermined when it will actually land in iOS.
It might not matter to users in the sense that they ask themselves what rendering engine Chrome on iOS is using under the hood, but the effects do matter. I get a lot of support requests saying "Your [web] app is broken on my iPhone!", "Right, Safari doesn't support feature XYZ", "I'm not using Safari, I'm using Chrome", "..."
How does the developer story get better if you're required to support many web rendering engines on iOS instead of one? Or is the endgame that you'd just point people to Chrome/Blink and extend the web monoculture to Apple devices too?
The endgame is that Apple is forced to actually make a working browser, rather than intentionally starve it of resources to benefit the App Store. Everyone wins.
Just wait until Google has Chrome running natively on iOS and introduces nonstandard behaviors to break Safari rendering intentionally.
Then at least you’ll be able to tell all your customers that you recommend switching to Chrome for all browsing. What a great victory for browser diversity and the open web!
Both Safari and Chrome are the new IE's. Regulation should force folks to download a browser or have competing browser (with relevant competing engines) already pre-installed on both iOS and Android.
### Electronic Freedom Foundation (EFF)
Apple’s restrictions on third-party browsers, and the limitations it puts on Safari/WebKit (its own browser tools) have hobbled “web apps,” which run seamlessly inside a browser. This means that app makers can’t deliver a single, browser-based app that works on all tablets and phones - they have to pay to develop separate apps for each mobile platform.
That also means that app users can’t just switch from one platform to another and access all their apps by typing a URL into a browser of their choice.
### Mozilla
Mozilla believes that major platforms should be under an on-going duty to:
Stop practices that distort competition on the merits and inhibit consumer choice, such as:
● interfering with consumer selection of alternative browsers and use of those browsers to access the internet from links and queries on their devices; and
● dictating or controlling browser components, such as browser engines, which prevent consumers from accessing and using their preferred browser across all operating systems and devices.
### Google
By contrast, PWAs—and the web writ-large—receive a small fraction of this support on iOS. This is primarily because of Apple’s requirement that all browsers use its proprietary WebKit browser engine. Not only does this prevent browsers from differentiating from Safari—Chrome is unable to access the user’s camera, preventing users from using products like Google Lens—it also harms user security. A recent study from Google’s Project Zero security research team found that WebKit is significantly slower than other browser engines to fix reported bugs.
### Microsoft
Apple requires that any mobile browsers on iOS, including those offered by Apple’s competitors (e.g., Google’s Chrome app), use Apple’s own WebKit browser engine. This restriction harms competition and consumers.
### Meta
Apple requires all web browsers on iOS to use WebKit, a degraded version of Apple’s Safari browser, to render web pages. Apple thus sets Safari as a functionality ceiling for mobile browsers on iOS. The restrictions on Safari’s and other iOS web browsers’ capabilities prevent web pages and web apps from providing consumers with robust, cross-platform experiences that would lower switching barriers
### Telegram
We suspect that Apple may be intentionally crippling its web apps to force its users to download more native apps where Apple is able to charge its 30% commission
That is not true. WebKit is opensource, there are other browsers that use it (GNOME Web), it is used in a lot of other applications, like GNOME Builder, Devhelp.
It doesn't matter if WebKit is open source or not (in the context of the topic) because only Apple can make modifications to the WebView on iOS. Adding or removing functionality, fixing bugs is entirely under Apple's control.
On iOS third party browsers:
● Can't pick their own browser engine
● Can't pick which version of Webkit they wish to us
● Can't turn browser engine features on or off using flags
● Can't add entirely new browser engine features
● Can't edit browser engine features
● Can't entirely remove browser engine features
● Don't even get all the features of Webkit that iOS provides Safari
● Get a more restricted version of Webkit than the one iOS provides Safari Safari and the WebView that browsers use do not get the same level of access)
● Use a version of Webkit provided that is tied to iOS system updates as opposed to packaged with the third party browser
On Android third party browsers:
● Can use their own browser engine
● Can pick which version of Blink they wish to use (if they are using Blink at all)
● Can turn browser engine features on/off using flags
● Can add entirely new features to Blink
● Can edit existing features in Blink
● Can completely remove features from Blink
● Don’t have to use Blink at all
IIRC, every video game console that ships with webkit has been jailbroken due to vulnerabilities in webkit. Off the top of my head at least, I know the following have been exploited that way:
* PS4
* PS Vita
* 3DS/New 3DS
* Wii U
* Wii
Also maybe PS3/PSP and likely also PS5 will get the webkit exploit treatment at some point.
iOS as well - JailbreakMe[0] and TotallyNotSpyware[1] use a WebKit exploit to get out of the sandbox to then trigger other exploits that allow full system compromise/control.
Note that, while earlier JailbreakMe exploits were patchable if you installed a patch[2], the readme in the TotallyNotSpyware repo explains that, in general, there's not a patch for the exploit post-jailbreak, so you could still be pwned by a third-party website should they deliver this exploit with a spyware payload.
Are the versions of WebKit that ship on those consoles patched regularly and kept up to date? Probably not, so I don't think it is too relevant to how secure Safari is. There have been plenty of zero days for Chrome, but that doesn't mean it is somehow the least secure browser.
If you can break out the app sandbox on IOS, that is a flaw with IOS. These flaws could be exploited with any app that is using file parsing like the adobe photoshop app.
The jailbreakme app wasn’t exploit on WebKit. It was iOS native pdf rendering Library. WebKit was used to deliver the exploit.
Still far less attack surface area than a browser engine.
Browsers can download and execute arbitrary code in the form of JavaScript or WASM. Your options for poking at the sandbox are far more plentiful when it is parsing and executing turing-complete instructions rather than a markup languages or other static data.
Firstly, this is not a webkit-specific problem - It's just that webkit is the most commonly embedded browser engine.
I have personally jailbroken my LG smart TV using a V8 n-day exploit (details not public, yet).
For any modern browser engine that is left unpatched, it is only a matter of time before it can be exploited using publicly-available techniques - and console manufacturers know this. Which leads me to my second point:
Console manufactuers assume that the browser will be compromised, and sandbox it appropriately. It is not a meaningful security boundary, by design. Exploiting the browser on a console, on its own, doesn't get get you very far. You'll need to chain it with additional exploits (a sandbox escape, a kernel exploit, etc.) to do something useful.
So... theoretically there is no security disadvantage to using Blink as your render engine instead of Webkit, as long as they're running the in the same sandbox? If that's really the case, then it's even more bizarre that Apple stands by their security statement.
The console threat model is far too different to the mobile device threat model for any direct comparison.
Console users will deliberately withhold security updates, so that they can later hack their devices. Console security updates protect the vendor from their users.
Mobile users (who care) will always be on the latest updates. Fresh browser exploits are exponentially more expensive, generally speaking.
Allowing users to use different browser engines doesn't necessarily widen the remote attack surface, it just changes it. But yes, ultimately I think Apple cares more about losing their walled garden, than they do about security.
>I have personally jailbroken my LG smart TV using a V8 n-day exploit (details not public, yet).
What have you done with your jailbroken TV?
I was considering jailbreaking my LG Smart TV too as I _hate_ the Home screen with a passion and was hoping to replace it. But I use the Game Mode all the time, so I was hesitant to jailbreak in case that interfered.
I'm just curious why you've jailbroken yours and whether or not I should.
There is not much surface area of attack outside of the browser and the incentive of pirated games is huge. Especially outside the US and EU where people barely have money for the consoles, so game piracy is the norm (Russia, Brazil, other developing countries).
Yes, webkit is somewhat to blame, but I bet, as we can see the number of exploits in the graphs from the original post, that any outdated Chromium version would end up with the same fate.
Every discussion about this seems to have people cutting themselves on Occam's razor left and right. The idea that there can only every be one true motivation for someone's actions isn't even true for the individual, much less a massive organization. It can be simultaneously true that Safari being the only browser on iOS is enjoyed by the business side of Apple and the engineering side of Apple for different reasons.
And good lord this line of argumentation is extremely disingenuous even if you think the actual analysis is good (counting CVEs is not exactly the best measure). One because no one except nerds are going to switch browsers in response a random CVE and two because it doesn't even establish what Apple actually means by security and instead goes off on a rant "well if Apple really cared about [my personal view of] security you would blah blah" -- literally zero effort to understand the opposing view or evaluate other possible ways of addressing the security concerns.
But ya know, "Safari lags behind other browsers in RCE mitigations and mean time to patch" doesn't grab headlines and doesn't prescribe a single solution that is also motivated by more than just security ;)
If an attacker has a way to escape the browser javascript sandbox on webkit and also has an iOS app sandbox exploit, that right now will pwn any iOS user who clicks a malicious link.
If I can run firefox instead, and that javascript sandbox exploit was already patched in firefox, the iOS app sandbox escape won't do them any good. They can't get through the earlier layer to exploit it.
The claims being made here is that the first layer, the browser exploit, is easier with safari/webkit, and the second layer, the iOS sandbox escape, is identical. Even if it only changes one layer of security, that is still a meaningful change and is more secure.
There are additional factors too.
Right now, if you have a webkit vuln, but no iOS sandbox escape, you can still steal cookies from other sites, browser history, exfiltrate passwords, etc. The browser engine is a valuable target on its own, even ignoring the rest of the system.
That's one stance on security but its so baffling that there are two Apple's here. There is the apple that gives you the ropes on macos to install your own software and run unsigned code, knowing that this doesn't lead to macos users regularly being pwned or the world burning down or anything like that today. And there is also the apple that thinks that letting you do this same thing on a much less consequential device than your home computer, your cellphone or your tablet, would infact lead to the sky falling down and users around the world being pwned and the stock price no doubt crashing into the depths.
These two things can't both exist. The fact that the sky isn't falling on macos leads me to believe that this position of apple's, while spoken in terms of privacy and security publicly, is really all about dominating what software runs on their devices which i remind you have to pay a hefty fee on profits to apple in order to be installed on users devices through official means. That is pretty user hostile, but obviously shareholder friendly, which explains why it perpetuates and why apple share prices have reached the stratosphere since the iPhone.
> letting you do this same thing on a much less consequential device than your home computer, your cellphone or your tablet
Last I heard then officially defend this apparent contradiction, the Apple rep asserted that people's phones are in fact the more important/personal devices, as well as being more common, and as such security on iOS is more important than on macOS.
But why, because the phone connects to your instagram account? Meanwhile, most people's computers have passwords to literally all their accounts saved in the various system or web browser autofillers. They might also have personal documents such as tax information saved locally. Maybe even their social security number and other very important information written down in a word document on their desktop. Especially if your macbook is synced with icloud, I can't imagine why your phone might be a more sensitive device considering at that point the macbook is at feature parity with everything sensitive that the iphone does and more perhaps.
Consider that most internet-connected people only have a phone, and many that own a "real computer" use it primarily for work. The phone has their banking info, health info, personal communications, professional communications, most of their browsing history. A huge number of people manage their taxes on their phones. I think Apple's claim that in aggregate they are more important than laptops/desktops is largely accurate.
That said, I consider that all the more reason that people should be able to run whatever software they wish on their phone. The present paradigm of such a personal device's operation being totally out of the hands of its owner is troubling.
If their iphone has that, by virtue of icloud sync, their macbook if they have one has that same sensitive info as well. So is apple saying then, if you want to be the most secure, don't buy our macbook and don't sync it up with your iphone?
Yeah thats the part that always bugs me and makes me lean toward it being a disingenuous reason. Like... thats the entire point of your sandbox. It doesn't matter if you run program A or program B, from the system's perspective the risk is the same.
fwiw: the App Store also prohibits JITed code or in general code pulled in after app publishing. I guess the idea is that (at least in theory) that Apple sees all code that an app runs.
They allow Wechat and Alipay to pull in code after publishing (See Mini-Apps). Regardless there's no evidence that Safari would do a better job at protecting user's security than Firefox or Chrome/Edge.
Based on this video[0], it looks like "mini-apps" are just webviews, as everything is either .js, .css, or .wxml (html). Thus, anything that integrates with WeChat or system APIs is going through some API within the wechat binary itself which allows Apple's static analysis to inspect the API usage during App Store review.
So what? Apple has never required review of every web page you load with safari, regardless of which browser APIs they use... the browser is the browser. That is the farthest Apple goes on "dynamic content" but yes, it is potentially a pretty wide net given the various APIs and extensions. But from Apple's perspective it is also a defined boundary.
Expressly forbidden:
- install, or execute code which introduces or changes features or functionality of the app
The only exception they've crafted is for educational purposes.
2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code which introduces or changes features or functionality of the app, including other apps. Educational apps designed to teach, develop, or allow students to test executable code may, in limited circumstances, download code provided that such code is not used for other purposes. Such apps must make the source code provided by the app completely viewable and editable by the user.
Not all code pulled in after app publishing; it's very common to push at least JS code to an app after the user's installed it, without going through the App Store
But I think they draw the line at native (read: unsafe) code, which, is not totally unreasonable
Its always been a sort of wink-wink agreement, never allowing exceptions as far as I'm aware. Its much more common to do post-release updates of JS than native, but I think every native dev has done some form of dynamic code at some point. In one app we did, we ended up disabling the dynamic update but still ran a handrolled VM with dynamically interpreted code files which we baked into the app. Its all manually reviewed in the end, so no guarantees they would even catch it anyways.
Interesting. I'll admit I don't have much first-hand knowledge of the process
> but I think every native dev has done some form of dynamic code at some point
This is a little ambiguous; theoretically a VM - even a custom one - would still be above-board because the native code is static. My understanding was that the main problem with third-party browsers is third-party JS engines, but only because any modern JS engine has to JIT in order to perform the way people expect; the app developer takes responsibility for generating unsafe native code, which has the potential to wreak all kinds of havoc on the user's system in a way that dynamically-updated JS code for example can't
It would be interesting to try and submit a fully-custom browser with a non-JIT JS interpreter to the App Store. I bet they'd allow it; just, nobody would use it because it would be slow as mud
We should be clear here that "JIT"/VM vs sandboxed code are two different considerations. Regardless of how your code is interpreted/compiled/run, you still are operating within the app sandbox. So most arguments about safety etc are fairly useless. The only "valid" line of argument is more in the UX space. Apple isn't able to vet the userflows in the same way if you do a post-release update.
And to be clear when I say a handrolled VM, I mean that the VM knows how to interpret dynamic things into native things. This is a lot more powerful in Objective-C since it uses message passing anyways so you could theoretically build a full app in some JSON payload. So sure your native code is static, but thats because its just 1 function called 'eval'. This is still possible in Swift but requires more explicitness since it doesn't have the same dynamicism built in.
It doesn't have to be entire apps that are custom though. Most app devs use it for things like customer-editable content. Think of things like the ability to update home screen layouts, or tab layouts/behavior. Depending on how much baked-in customization you build this can be extremely robust.
Preventing the execution of locally generated native code is a significant part of the iOS sandbox. It allows Apple to statically analysis binaries uploaded to the App Store and potential detect and prevent malicious instructions. Then they just need to harden the OS APIs, safe in the knowledge that you an app can’t execute arbitrary CPU instructions, and potentially escape kernel control. Allowing a JITed web browser on iOS means handing over the right mark arbitrary lumps of memory as executable, which substantially increases the available attack surface.
Having said that, I strongly suspect concerns around arbitrary code escaping kernel control only applies to older iPhone running substantially less sophisticated SoC than you find in a modern iPhone. Certainly any Apple SoC during the M1 era, and a good few generations before, have all the modern accoutrements needed to allow arbitrary code execution, while ensuring the kernel can always intercede and halt execution or block dangerous calls. If they didn’t have these abilities, then there’s no way an M1 Mac could efficiently run a VM, or be considered a secure platform by modern standards.
I suspect that has more to do with preventing an App Store competitor than security. Apps are completely sandboxed on iOS, and there's no way in hell Apple is auditing every app on the store in any meaningful way.
> A testing tool called Mercury runs through static and dynamic analysis processes, with the tool allowing Apple to see inside apps to check for hidden code or abuse, and there are other review tools that Apple has nicknamed "Magellan" and "Columbus." After automated testing, apps receive human oversight.
> Dynamic testing includes everything from battery usage to file system access and privacy requests to access device hardware like the camera and microphone, while static analysis checks app size, entitlements, in-app purchases, keywords, descriptions, and more.
> In 2015, Apple discussed acquiring SourceDNA, a company that made a tool to allow companies to see the code inside apps. Apple did end up purchasing the company and using its engineers to design a new tool for app oversight.
Apple doesn't see any of the code. They pay someone to poke at the GUI for ~15 minutes with an HTTP proxy running. That's it. If you want an app store where people see code use f-droid.
They don’t need to. They’re perfectly capable to statically analysing an app binary and looking for calls to APIs app aren’t allowed to use, or containing CPU instructions that are potentially dangerous.
We know this because when dev submit apps that call private APIs they get very quick rejection. But hiding private API call behind obfuscated blobs of dynamic code can get you through app review, provided you don’t expose the functionality in your UI.
Additionally the modern App Store deployment process involves uploading you app in an intermediate format, only partially compiled, so apple can dynamically recompile your app to target new CPUs, and optimism your app to use new hardware without intervention by the dev.
That doesn't use JIT. In theory a browser like Chrome doesn't have to either, but then Apple might be lambasted since presumably JIT is required to be competitive against Safari in terms of performance.
I think iOS makes use of NX bits such that for your vanilla app, the executable pages aren't writable and writable pages aren't executable. Historically, this resulted in WebViews not having JS JIT which severely impacted performance. Apple later came out with WKWebView which underneath the covers runs the browser engine as a standalone process which is able to write executable memory and thus able to JIT JS.
I'd argue that there are legitimately decent reasons that Apple is doing this, besides the selfish, monopoly-protecting, reasons that are also nicely aligned with it as well. Besides the security thing mentioned elsewhere, I think performance and battery life are a huge concern as well. A big reason that Apple products (usually) work so well is that the vertical integration of both hardware and software can lead to compounding gains WRT performance and battery life. i.e. iPhones have excellent battery life and are pretty snappy for most of their life. A web browser is such a core (frequently used) experience for a smartphone that any tradeoffs made in the browser engine in favor of faster performance at the cost of power efficiency can have a big overall effect on the battery of the device.
The vast majority of users don't know or understand why they see decreased battery life when they do, they just see that their phone doesn't last as long. Google has such a complete monopoly in the browser market that one can argue that there's a pretty good incentive for Google to make tradeoffs in Chrome that decrease battery life on the iPhone to hurt the iPhone's battery life, and most people would not realize or understand that its not the iPhone's fault but Chrome.
> iPhones have excellent battery life and are pretty snappy for most of their life
Not really. Maybe in the early days they had an edge with ObjC when hardware was primitive and java slow, but nowadays it's the same or buried behind synthetic slowdown animations. The battery life isn't especially good in my personal experience.
every single year single the early iphones, they have had equal or better battery life than competing androids with larger batteries. They consistently have 500 - 1000 mAh less than their close competitors.
• There's a place for closed platforms if open ones are a reasonable choice. A closed platform must not be the only choice available to the customer, but it should be allowed to exist given a healthy market. It's hard to argue that iOS is a monopoly, and if so, than a browser engine and JS interpreter with access to the open web is a very powerful thing that the owner of the platform may deem too powerful for its own good.
• Chrome's dominance of the Web is very scary. Not as scary as IE's, since it's open source, but still, it's such a huge beast that it's almost proprietary through complexity. I don't know if there's an easy solution out of this.
• The time it takes Apple to patch security flaws is not the main issue here and should not be the core argument. What if Apple steps up its game and gets really good at this?
The issue is the strategic decision Apple is making and the discussion should be if a company that powerful should be allowed to make such decisions and impose them to the user.
• Apple could avoid this discussion by giving the user a one time only toggle switch to sideload any binary. It should be buried under many menus and preceded by lots of scary dialog boxes. It could even void battery warranty or something. Maybe keep a constant orange menu bar as a reminder that you are on your own and can't blame Apple for anything.
Apple gets the battery performance they do by being very opinionated about who gets to chew on the CPU. Safari is equally opinionated, but third party browsers aren't. I don't like that Firefox on iOS is a shadow of what it is on other platforms, but at least academically I understand why it is the way it is.
If Safari is truly objectively better than other browsers, then it should have no problem competing with the likes of Chrome and Firefox. They can even keep pre-installing it too, as long as they give people the choice of other browsers then I'm happy.
I don't know what logical leap you're trying to make but I'm not following it. Safari makes the iPhone a better device. They don't sell Safari. They sell devices.
If you have a way to effectively and efficiently blame the bad behavior of your ecosystem on a third party, then there are whole industries waiting for you to sell them consulting services. If the king of Reality Distortion Fields couldn't figure it out, probably nobody here has either.
Nobody is going to notice that Chrome is eating their battery. They barely notice on desktop. The tools are even less grandma friendly on mobile.
> Nobody is going to notice that Chrome is eating their battery.
I don't know what logical leap you're trying to make, but if people don't notice the impact of Chrome on their battery then what makes it worse than Safari?
I believe the parent's point was that they won't know it is _Chrome_ that is destroying their battery, just that their phone can't make it through half the day without a charge.
There is indeed a way for technical users to troubleshoot battery usage, although this does not necessarily help even technical users when the app turns out to be important.
iOS tends to make it significantly harder for applications to justify background processing, so I myself tend to find battery statistics less useful - you have apps which have a more voracious appetite than others, but typically only when you are actively gaining value from them.
> Chrome's dominance of the Web is very scary. Not as scary as IE's, since it's open source, but still, it's such a huge beast that it's almost proprietary through complexity. I don't know if there's an easy solution out of this.
Both Chrome and Android are open-source bases for proprietary platforms. Google very consciously blurs the line between functionality available across all Android devices or across all web browsers, and the functionality which you only get with their products (e.g. licensed Android with Play services, or Google Chrome).
Would it really have made a difference if Internet Explorer 6 was open source? Most of the features in Internet Explorer were copyable by other browsers, just as most of the Chrome-only API are copyable today. There's other reasons why Firefox and Netscape on Windows didn't support ActiveX controls and XML Data Islands, such as both those features being lousy ideas.
Clarification: Chrome is NOT open source. Chromium is, but it has a nonexistent market share. Google loves this model: Android isn't open source either, and it forces a bunch of proprietary apps as requirements for it's distribution, but they claim they're open source because they throw basically nonfunctional AOSP code over the wall.
> Chrome's dominance of the Web is very scary. Not as scary as IE's, since it's open source, but still, it's such a huge beast that it's almost proprietary through complexity. I don't know if there's an easy solution out of this.
I'd say that Chrome's dominance is much scarier than IE's. One reason has to do with user data.
When IE was dominant, user data was not nearly as valuable. Today, user data is how Google makes money, so they are strongly incentivised to harvest it. While I understand Chrome isn't exactly the source of the harvesting, it reinforces reliance on Google services for the vast majority of users.
Don't you believe that the physical owner of a device should be entitled to complete control of the code that is executed in it? This goes beyond business models.
So you will be satisfied if Apple provides you with the option to replace iOS by whatever OS you can put there?
Apple bundles the three levels (hardware, OS and Apps) and sells you the hardware. But Safari is tied to iOS and not to the hardware itself. So would you argue about an option to replace iOS instead of installing other browsers on iOS itself?
Yes, if I could have the ability to exert the same level of control over the hardware as Apple (including things such as the Secure Enclave) then it would be the ideal way.
Secure Enclave should remain inaccessible, even to Apple.
Bootloader should be doable once you can run unprivileged arbitrary code, but some support could be offered as well, like they do with the M series Macs
That’s my point. And it shouldn’t be hard. A stress loop should heat and require constant recharge, enough to significantly reduce battery life. A few years worth of regular use in a few weeks of stress testing should be pretty easy do.
The assumption people seem to make is that third party browsers will get the sort of system-privileged access that they have on desktops:
- Always-running daemons to perform internal bookkeeping tasks, provide network access, which are not reaped by lack of user focus or the needs of other applications
- Ability to download, generate and run arbitrary native code (for running Javascript and WebAssembly)
- Ability to register arbitrary URLs, see installed third-party applications and execute them arbitrarily
- Ability to modify the Home Screen to install additional applications (such as native-wrapped PWAs)
Without full system level access, Apple's store restrictions don't matter. You are not going to see resourcing to port Gecko or Blink to iOS if it means the javascript and webassembly engines are interpreted, push notifications only work when the browser is in the foreground, SPA applications can't be added to the Home Screen, etc.
And by full system access, I mean _more_ access than Safari currently has. After all, many of the features people complain about MobileSafari not shipping are features that are also not supported by the underlying OS.
Brilliantly said. This is a way better argument than Apple itself is presenting. But it does boil down to the same thing: Security.
If you allow Chrome to be installed as a regular app (even if Apple allows JIT), it will not work. Therefore for a viable Chrome Browser Apple would have to provide APIs they probably stripped from the OS itself and putting it back will for sure hinder security.
The iphone is over a decade old and safari should have been established as the default choice for users by now. Still the majority of comments points out that a open platform will lead to users switching away from safari. I think its not a legit concern if a product fails to meet the users requirements in that time period.
Very few said people would use Chrome because it is better. The reason Chrome would take over would be market pressure and advertisement.
And after they have like 50%, they won, as they will inexpensively make their market dominant products (search, meet, etc) worst on Safari, by just neglecting to fix issues due to higher cost of making it work on two browsers. We've seen that before. I am posting this from Brave because many sites in Brazil neglect Safari on desktop, so I got used to alternatives.
I know it’s pessimistic but the moment google search add a banner for chrome with a shitty UX (like now clicking the text field search box will bring it full screen and suggestions the rest of the screen) so any change in the chrome version will push all the users to it
Anyone have a clue for me what the 'CMA' is? I assume it's not CMA China Shipping, nor the Country Music Association, nor a Certified Management Accountant certification. (I did try to figure it out on my own before asking) Thanks in advance.
@dang The title is misleading. Apple is not banning other browsers (there are over 100+ browsers on iOS). Apple is restricting iOS browsers to using the WebKit rendering engine which is an entirely different matter.
Edit: Apple is also not claiming what the title suggests (source would be needed), the author of the tweet seems to just interpret it this way.
It's not misleading. Firefox, Edge and Chrome have all been banned on iOS.
Instead Apple has forced them to produce separate browsers around a locked WebView that they exclusively control. Mozilla, Microsoft and Google have all spoken out against the ban in regulatory submission, and browser engineers at each vendor consider it a ban.
> Firefox, Edge and Chrome have all been banned on iOS.
No they haven't! You can download each one here: [0], [1], [2]. They have been forbidden from using their own rendering engines. But they can still add all the chrome they want to the UI and do all their usual tracking like they do on the desktop.
Good thing that regulation mentions browser engines and not the cardboard wrapping. You can use any browser you want as long it is ONLY Apple WebKit behind the scenes is a true dystopian fascist power-play.
> Then why doesn't it target Chromium as the vastly dominant engine that has ~80% of global market?
Because WebKit sucks!
I don't intend to be vitriolic here, but this really is the status quo of rendering engines. You have Blink, which is capable of making complex webapps and fully-featured browser experiences, and then you have WebKit, which is almost exclusively capable of breaking them. I'm not mad that WebKit sucks though, we need sucky browser engines! Sucky browser engines like WebKit run great on terrible hardware like Smart TVs or WiFi Fridges or portable game consoles that wouldn't be running a browser engine otherwise. The problem is that Apple forces mobile users onto a browser that's behind the rest of the world's web technologies. They can make sucky browsers all day long, and they won't hear a peep out of me as long as I can replace it with a Chromium-based browser. WebKit is holding Safari, and by extension the rest of the internet, back.
That's the problem, and arguably an abuse of market position considering Apple directly profits off the failure of webapps.
> the status quo of rendering engines. You have Blink
And so we've immediately arrived at the core of the matter: all you want is Chrome. Which is a) the dominant browser and b) whose "capable" is a bunch of Chrome-only non-standards
I wouldn't complain if Apple let me install the things I want on the device I own. If Apple let me use browsers that had the featureset I wanted, I wouldn't detract from Safari so much. As it stands though, the only sane way to deliver an app to iOS is via the web. Anything else is just a ploy for 30% of my profits and an attempt to Stockholm-syndrome me into becoming an iOS developer.
So yeah, I'm willing to stick it to Apple for being the largest company in the world, and criminally negligent towards their first-party browser. Obviously they're doing this because they directly profit off the failure of the web.
Google is already being targeted here by EU regulation on several fronts. If Google abuses their dominant position of Google Chrome, then by all means let's get regulation applied to them. I am perfectly fine with regulation applied to Google Chrome! Let Google Android be forced to come with other preinstalled browsers.
But at the moment, Apple is the company that is abusing control of their platform and most web-devs and many educated users look forward to having real choices.
The ability to install a browser of your choice on the platform of your choice is not the same as giving the web completely over Google. Let's not make a strawman argument.
Chrome is ~80% market share of browsers. Google search is dominant, and pushes Chrome heavily. Google's own apps and platforms push Chrome, and on mobile they ignore user choice and offer to open links in Chrome by default. Google is known to have repeatedly sabotaged Firefox [1]
Google fully dominates web standards committees. Google already barrells through with their proposals with complete and utter disregard to input or objections from other browser implementers.
Again, this is irrelevant. Regulation should be left to government and not to private companies who want to protect their turf of native app development by taking away consumer choice. Consumer choice of browser on a marketplace is the argument here. Google is already facing multi-billion dollar fines for anti-trust in the EU.
Why can't Apple make an exception for Firefox and non-Chrome browsers ? Disallow Google Chrome, but allow the use of OSS browsers (with their native rendering engines).
Hint: They will not, because they are not afraid of Chrome as much as much as they are afraid that their complete stranglehold over native app development gets threatened.
And this would be completely wrong. These browsers differ so much in respecting user privacy, stance towards trackers, telemetry, using native controls and integration with native iOS services.
All of these are Safari skins. If you really want your Safari to look like Firefox then you're fine, but if you'd like to actually use Firefox you're out of luck.
Mozilla believes that major platforms should be under an on-going duty to:
Stop practices that distort competition on the merits and inhibit consumer choice, such as:
● interfering with consumer selection of alternative browsers and use of those browsers to access the internet from links and queries on their devices; and
● dictating or controlling browser components, such as browser engines, which prevent consumers from accessing and using their preferred browser across all operating systems and devices.
Mozilla is the Hiroo Onoda of browser makers. They should decommission Gecko and adopt WebKit, or just move to Blink and stop pretending to fight for web standards.
Yeah, everyone should kneel to Apple - they are the Real Web Gods. Of-course the Apple fanatics can continue to love and use bug-ridden Safari. The folks who want a choice can use something else.
A semantic nitpick that is totally irrelevant. Most people on this website usually mean Gecko when they say they want to use Firefox, Blink when they say Chrome, etc.
You and I both know the headline means allowing other rendering engines.
I strongly disagree. It is not semantic at all. Difference between a browser and a web rendering engine is huge. I am in a business of building a browser and although we get rendering engine for free, three years later and thousands of dev hours later, our browser is still in beta and half finished. [1]
Building a general purpose web browser is one of the most challanging software development projects. This may not be the case if one is cloning Chromium/Firefox where you get both the rendering angine and the browser app for free. If you are using WebKit, you are writing the browser application from scratch.
Thats not the argument though, and its a bit of a difficult argument for Kagi specifically because it appears to be based on webkit I believe? The argument is: lets assume Kagi uses a non-webkit engine and is finished and live on desktop today. How much work would it be to now run against webkit? What is your feature set if you assume you are not able to modify the engine in any way?
We have a desktop WebKit browser and the amount of work needed for iOS browser is astonishing. So much that we didn’t even start working on the iPad version yet after three years. macOS, iOS and iPadOS are like three different operating systems with completely different UI/UX paradigms.
But we are not a good example. Take Firefox or Chrome on iOS, teams with hundreds of engineers. They are terrible mobile browsers. They feel completely out of place on an iPhone. Not because WebKit is bad, but because building a good, native, iOS browser is incredibly hard.
I would argue that yes, its because of Webkit. I used firefox for years on android. It was great. I use it on iOS now. Its basically garbage.
To bring it back to Kagi, if I'm reading your FAQ correctly for instance, you would not be able to support firefox/chrome extensions on iOS since you had to fork Webkit. Now imagine you are a browser with over a decade of use and features that now has to target a static other engine. How great of an experience do you really think you are going to get out of that?
My TV appliance does not support other browsers; must every appliance be open and support multiple competing browsers? Is there some rational boundary where the appliance can be shipped and just work as it was designed, and not have to support everybody's choice of software? If there exist too many limitations without work arounds, why buy it?
I like your point and I smiled while reading it. I don't think this regulation is good either. But not for this particular reason.
The iPhone is a general purpose smartphone, and your TV is not. The "smart" part of the smartphone makes it useful without Safari. See apps that integrate with health devices or simpler uses like offline Google Maps. Neither are functioning as a "phone" but instead as a general use computer.
With the exception of the iPhone, no other general computing device is currently enforcing a single browser.
(And the "smart" in the "smart tv" does not get even close, as their apps can do almost nothing in comparison.)
What a misleading argument. Yes, Apple believes that restricting IOS browsers to Safari improves security. This is NOT the same as saying Safari has fewer bugs, or fixes bugs faster, than other browsers. I suspect Apple's argument is that by allowing other browsers, and their plugin management system, the other browsers (or their plug-ins/extensions) will be able to bypass the App store and do things that are insecure.
And it is hard to see how counting numbers of bugs has much to do with the severity of the bugs. Not every bug allows a jailbreak, but the ones that do are of much greater concern.
The claim is laughable because this policy makes it impossible for external developers to step in and address fundamental, inexcusable problems with WebKit, such as the fact it's written in C++ and therefore produces a consistent supply of memory corruption bugs year after year.
Also, I'm skeptical of the notion that every type of app except web browsers can be meaningfully screened for security. How can one not interpret this as a tacit admission that the screening process is close to worthless?
> inexcusable problems with WebKit, such as the fact it's written in C++ and therefore produces a consistent supply of memory corruption bugs year after year.
Are you under the impression that Chromium and Gecko are not written in C++? Mozilla has been using _some_ Rust but the modern browser engines are some of the largest, most complicated C++ codebases in existence and your statement applies to all of them.
Then put it behind a switch and let the user take responsibility. Based on how apple has responded to security issues before, I don’t really think they have much of a leg to stand on.
Also, a security issue with safari is far more devastating if you don’t have other browsers.
1. You have to wait for apple to release a system update, not just update the app.
2. You now have no safe browser to use while you wait for #1.
Microsoft got in legal trouble for coercing OEMs like Dell to ship IE. The OEMs, not Microsoft, should decide what ships on their own hardware. Here Apple is the OEM and is being coerced.
By not installing apps that don't support those features. Do all social media apps from TikTok and Reddit to Twitter and Facebook support parental controls? Or video streaming like YouTube or HBO Max?
If I could run Safari on Linux I'd switch from Chrome and make it my primary browser... if I could run Firefox on iOS, I might consider making that my primary - but I trust Apple to optimize battery/performance more than Mozilla or Google and I'd probably still stick with Safari.
I wish they'd open up just a little. Plus iMessages.
Just stick to firefox on linux. Safari is honestly slower on my macbook than firefox, the font rendering looks worse imo and more for the farsighted, plus all the advertisement and tracking and the adblockers are anemic compared to ublock origin on firefox.
> Note that this graph doesn't even include the time it takes the user to update the OS since Safari updates are tied to the operating system (an antiquated practice).
Is this true? I could have I sworn I’ve updated Safari many times without needing to update macOS.
The answer's pretty obvious: Apple just like dumbing down their devices and people would still flock to their products because buyers are inherently stupid. Apple users seem to follow this mindset that just because they paid a premium price for their phones, it's a more solid and secure product (it is not). My mother has an iPhone and you'd be surprised how she'll assume it's a better phone even though she doesn't even know what half of the buttons in the Control Center does. The same goes for browsers in iOS. Most users would just outright defend Apple for their actions because it aligns with their beliefs that it is a better security model and has better UX (of course in a layman's jargon). When you ask them how is that so, most of them couldn't point out how they got to that conclusion.
It‘s also surely only for „security“ that all the neutered adblockers only work with Safari itself and not on any other apps using the Webkit Rendering …
I guess the question becomes are Firefox and Safari (on iOS) the same browser, or different? I would still argue that Firefox is different (in the same way that Brave and Chrome are different), and that this title is misleading.
"Apple's ban of third party browsers on iOS is deeply anti-competitive, starves the Safari/WebKit team of funding and has stalled innovation for the past 10 years and prevented Web Apps from taking off on mobile."
Anti-competitive? Perhaps? Yes? Starves the Safari team of funding? I don't know what this means. Stalled innovation for the past 10 years? Maybe. Prevented Web Apps from taking off on mobile? whoah. These are some pretty loose claims.
They want to control it because the real web can destroy their app market. Oddly enough their clamp down, may destroy it anyway as game streaming is going to make strides to get past it. It may take time but it will happen and then they will lose their money maker, because it will all be web based and they will have not offered anything else so they will miss out.
No, I'm guessing (outside of it costing dev time) it's because it would require the JIT private entitlement, making it not sideloadable by developers or with enterprise accounts.
On iOS, the only browser engine allowed is Safari's. There are other browsers, but they have to use the same engine.
I'm pretty sure that approximately zero normal users are bothered by this, but a lot of webdevs really, really want to be able to use things like web push messaging on iOS.
> I'm pretty sure that approximately zero normal users are bothered by this
I think many normal users are bothered by this and don't realize it.
The restrictions on browser engine are the main reason that Firefox can't ship addons for iOS (like it does for firefox on android). I bet a ton of iOS users would appreciate being able to install firefox addons, like uBlock origin, on their iOS firefox.
iOS is a closed platform owned by Apple so I think they can do whatever they want in their platform, including ban other browsers for whatever reason they want to.
And this is not different from Google creeping their services in other browsers, Microsoft imposing limits on Windows or any other company doing whatever they want with their products.
Just because something isn't surprising doesn't mean it is necessarily legal or ethical; meanwhile, Apple refuses to admit that "tl;dr" in public--quite likely because they appreciate the practice might not be legal and certainly isn't ethical--and so are attempting to instead claim it is justified, and so it is important to refuse to allow Apple employees that cop out and instead call them out for what we know to be the actual truth here.
It depends how you look at it and this twitter post takes only one perspective.
Mine is different. The security I'm interested in for my use case is that there is one egress point from the operating system as far as a browser goes. That means I don't have apps shipping their own browser engines to circumvent the system block lists and screen time whitelist controls.
Also comparing CVE rates is pointless as that's exploits and vulnerabilities that were identified and patched, not ones that are in active exploit or publicly unknown which is a metric you cannot measure.
And of course if every app ships a browser or you change it, how many CVEs do you have from unpatched browsers shipped in apps?
This twitter post feels like the old political adverts: "vote for us because the other guy is shit" (not because we have a better solution).
OP here. The point of the post was not that Safari's security is bad (browser security in general is pretty excellent), the point is that Apple uses security as an excuse to block competition and has no evidence that it's browser is more secure than Firefox/Chrome/Edge etc.
As for system block lists and screentime whitelist controls, that sounds like something any browser could plug-in to via a OS provided API.
I'm in somewhat agreement with you that you can't identify the number of security flaws by vulnerability count, but when you combine that with the big delay in patching + patches not being delivered to the current (most popular) version of the OS it brings a lot of doubt to Apple's claims of both being able to patch faster and have better security.
We're not advocating that apps should not be allowed to ship a browser unless they receive a browser entitlement which should be subject to some approval process / vetting etc. i.e. Browsers with strong security track records should be allowed to bring their browsers along with the engines with some affordance given to browsers that run from soft-forks of those engines.
Should browsers that ship to iOS have to raise their security profile to be the same as safari in your scenarios?.(afaik no browsers have the same exploit mitigations that safari does on M1/iOS because nothing else has the hardware to support these mitigations).
IMO, Only browsers with dedicated security teams should receive a browser entitlement (which includes a small team for soft-fork browsers) who are committed to keeping their browser secure.
All browsers have vulnerabilities, and it's hard to measure. Although it's easy to spot browsers that aren't patching known vulnerabilities fast enough. Negligent browsers should be warned and then have their entitlements revoked.
As for hardware protections like APRR or Pointer Authentication Codes (PAC) Apple should be forced to provide access to the third party browsers. I would steer clear of mandating exactly how the browsers should keep their users secure because that can be a point of debate and can be done both at a software layer or a hardware layer. Firefox has also introduced Site Isolation, Chromium has proven that adequately staffed security teams are able to mitigate hardware level security issues like Spectre & Meltdown with novel, system-level mitigations and these mitigations reached users before OS and hardware updates were able to fully remove the vulnerabilities.
Comparing CVE rates is NOT pointless. The bad guys have basically the same toolset as the good guys. Therefore the rate at which vulnerabilities are being discovered by the good guys is indicative of how fast they are being discovered and exploited by the bad guys.
Second the thread pointed out that many iPhones remain vulnerable and unpatched to openly disclosed security holes WITHOUT an option to update them. One must assume at that point that they are being exploited. The fact that alternate browsers don't have this problem is a significant version.
But you do have a good point that it is bad for third party apps to bundle their own browsers to bypass controls, and then leave them vulnerable.
That means I don't have apps shipping their own browser engines to circumvent the system block lists and screen time whitelist controls.
The mechanism for banning third-party browsers is rejection by the App Store reviewer, correct? Supposing Apple allowed third-party browsers but disallowed embedded browsers in non-browser apps, how would this security model change at all?
For In-App Browsers we'd advocate for implementing a system similar to CCT which means that it just uses the user's default browser. For WebViews for native apps we'd advocate for simply using the system browser (every other solution seems too complicated).
Fortunately, there's user choice in phones. So get an Android device if you want to run Google's stuff? I mean, security is one angle, but let's talk power and memory usage. You're asking for Apple to allow Chrome's engine (because their app is on the App Store today right now) -- the giant well-known resource hog routinely toasting MacBook Pro users' thighs -- onto their fanless hyper-performant devices. Setting aside privacy and monopolistic concerns, I just don't see how that's a great idea.
Chrome has dominance similar to IE at the height of its popularity.
Whatever you think of their decisions, Apple is the only thing stopping a 90%+ Chrome web. (Note: not why they’re doing it, just a side effect)
People keep arguing Apple is being anti-competitive. But no one seems to recon with the possible consequences of what they’re asking for. And I fear we may get a pyrrhic victory if these groups/governments keep pushing.
No, I don’t know a good solution. But I don’t think letting Chrome totally own the web is a good outcome.