Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's how APIs should be. Apple doesn't treat HTML as an endpoint that needs discriminatory features to prevent users from sending private information. That's how all of their software should work, as it already does on Mac.


Apple absolutely does treat the web as an endpoint that needs discriminatory features to protect users. See tighter controls of:

1. location data

2. notifications

3. long term state

4. background processing

5. photo access

6. web access on local network

7. sensor access (e.g. accelerometer)

8. state sharing with other parties (e.g. 3rd party cookies)

There is no regulatory body that can apply economic penalties to security and privacy abuses on the open web. The App Store model on the other hand requires a real identity verification to sign up as a developer, static applications which can be verified by review, and real penalties for abuses (refusing to publish new versions, removal from the store, potential legal action by Apple for contract violation).

As an example - an API for reading the personal contacts database can only have a gate for access with no limits on abuse once access is granted. The App Store model lets Apple apply real penalties for abusive behaviors of such an API. The web does not have a regulator, so the hypothetical UX for sharing a contact is designed to be much more restrictive with a higher barrier of user consent.


You said:

>That sounds like an implementation issue that can be solved by Apple securing their runtime and APIs.

In response to someone saying privacy of users needs to be protected.

Privacy isn't solved by implementing a secure API.


Privacy is not solved by trusting one corporation's service over another, either. Apple cannot exercise private entitlements to deny competitors fair access to their features. Therefore, the current entitlements they use need to be secured for them to be ready for third-party users.

I am not saying this is a panacea. I am acknowledging that Apple has to reconsider what their security model looks like in the face of new demands.


>Privacy is not solved by trusting one corporation's service over another, either.

I didn't say it was.

>Apple cannot exercise private entitlements to deny competitors fair access to their features.

I didn't say they could.

I just don't like the conflation of privacy and security. They are distinct.


Well, I hope you enjoyed your diatribe. I was addressing security, not privacy. No corporation has the right or ability to promise privacy to any free persons in a free society. I thought that was assumed on a site like Hacker News.


>No corporation has the right or ability to promise privacy to any free persons in a free society. I thought that was assumed on a site like Hacker News.

You're back to arguing against your own imagination.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: