IMHO the proper action would be to put the script injection and data access capability behind a user consent prompt.
"TIKTOK WOULD LIKE TO READ THE AND MODIFY THE CONTENTS OF THIS WEBSITE - ACCEPT/DENY"
For legitimate reasons, the app can inform the user about why they need to do this and the user can accept that and even better, they can implement legitimate APIs.
See, you don't have to ask for consent if you don't want to do shady stuff. Websites don't have to have cookie banners if they don't want to track you across the web and apps don't have to have access web data prompt if they don't want access the browser data in the app.
PS: very convincing GPT-3 bot comment, exactly what a redditor on autopilot would write(according to the profile, the OP is a bot).
I understand “us” as users in this discussion, not as site owners. Your idea is cool, but we have no control over who wants what, so we’ll have yet another consent annoyance as a result.
The cookie law is not implemented as a browser function but something that operators need to implement if they want to legally track users. It's an annoyance because each implementation is different and every website wants to track users. If EU went after Web browsers and made them implement the legislation as an API, we would have had tracking prompts like location or camera access prompts and probably kill the tracking industry in a similar way Apple killed App tracking with their tracking prompt.
In the case of UIWebView/WKWebView (AKA the browser within an app that can access web data), this can be implemented by Apple as any other data access prompt like location data access or App tracking access for example.
Apps like to track user data like user location too but thanks to Apple's implementation of prompting the user first, they need to have a legitimate reason to request that information.
So, I guess, apps can claim that they need to access web data to provide some service(like widget, sign in session to transfer the login into the app etc) and users who want that can accept the requests and those who don't can have peace of mind.
Check the profile, I'm not claiming that OP is a bot - the OP describes the profile as a bot.
That's a really low quality discussion, so I will leave it here. Can we please not turn HN into reddit? If you have an argument write an argument instead of trying to insult people(or don't write anything, we don't have deficiency of this type of attitude).
Shady stuff like highlighting terms the user searched for. Don’t forget there are of course legitimate use cases.
By the way, if you think another user is a bot (or they claim so themselves), from the guidelines:
> Please don't post insinuations about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
I don't think that another user is a bot, another user has stated in their profile description that they are a bot account randomly posting GPT-3 generated comments. I made no claims but comment on the quality of the bot.
What a bummer people are quicker to grab quotes from the ToS to try to tell you off for calling someone a bot, rather than 1 click on the accounts name to find out for their self. Even HN isn't immune from the lazy reactionary commenting these days it seems.
"TIKTOK WOULD LIKE TO READ THE AND MODIFY THE CONTENTS OF THIS WEBSITE - ACCEPT/DENY"
For legitimate reasons, the app can inform the user about why they need to do this and the user can accept that and even better, they can implement legitimate APIs.