Hacker News new | past | comments | ask | show | jobs | submit login
Browsers are essential and how operating systems are holding them back (2022) [pdf] (2022) (research.mozilla.org)
205 points by pieterr 41 days ago | hide | past | favorite | 336 comments

Just reading the beginning, it looks like they're mainly complaining about proprietary OS vendors restricting users' choice in browsers through various shenanigans.

Linux users (for desktop systems) don't have this problem, and for mobile, Android users can easily install Firefox (or better yet, Firefox Nightly) through the Google Play store and set it to be the default browser.

Basically, if you want to have choice in a browser, don't use Apple products or a Microsoft OS. And even the Microsoft OS isn't that bad these days. Apple is now the worst offender in forcing you to use your computing the device only the way they want you to.

>...(or better yet, Firefox Nightly) ...

I think this is some of the disconnect between users on this site who don't understand why people would possibly actively choose iOS even with the lockin. Most people do not want to use a product that is constantly updating and adding features in that are going to be taken out shortly, for something as basic nowadays as web browsing. If you're on the cool new technology people the average person likes rapid innovations. Once your tech is considered a commodity, then the average person wants a the equivalent of a toaster. Most people do not want to fiddle with their toasters or find out each day what new changes their toaster has. They want to put in bread, and get out toast. For browser, most people want to just be able to navigate to a handful of websites.

The restrictions are a feature and not a bug.

You are making one mistake here: people actually do want a different toast if its significantly better than the current one that burns their edges too many times.

Chrome was able to outcompete everything else on Windows, despite Microsoft trying to prevent it. People actively installed it, just because it was better, also the so-called stupid users were able to install it.

If this was possible on apple devices, who knows? Maybe it would have been the end of safari.

Users just want toast, but they do prefer great toast above mediocre toast and will spend some effort on getting it.

I agree broadly with your point but the subtleties have to be kept in mind.

The main difference between the Chrome/Windows and the current Apple situation is quite significant imo. Even though Microsoft tried their best to keep user share with IE like sneakily changing the defaults, installation of Chrome was always easy. Downloading and installation of Chrome was always an option and more importantly didn't require Microsoft's approval. That's not the case with iOS/iPadOS right now. A Chrome-like app couldn't be downloaded because Apple's not going to approve the app to be put on the App Store.

Also, from a user perspective, Safari is a good browser which manages to keep up with both Firefox and Chrome. This combination means that users don't really have that much of an incentive to switch.

To use your toast analogy, IE used to burn my toast to a sooty, carbonized block. Chrome used to do it perfectly. That's a pretty big differential in terms of performance. Now Safari isn't as bad as IE was in that era. So if it burns the edges every now and then, it's not really that big a deal simply because the user experience is more or less comparable to Chrome.

Users just want toast, but the difference isn't between great and mediocre anymore like it was with Chrome and IE. It's between very good and very good-ish.

This is precisely why I'm okay with Apple not allowing side-loading even though I would prefer greater choice. Apple's ecosystem isn't fundamentally as rotten as the Windows platform was in terms of performance. In fact, it's actually pretty good. Could things change? Sure. But as long as the user experience isn't shitty, I'm okay with the status quo.

On Mac, I find Safari also uses less battery than either Chrome or Firefox.

(I use Firefox anyway, because I like its features and I'm a zealot too, but if on battery without a charger nearby, I use Safari.)

Do they have secret APIs the rest of us plebes don't get?

No, they just focus on power consumption more than the other browsers (they also have the advantage of not needing to work cross-platform, making this easier). This is often why Safari is behind other browsers on features: a focus on quality of implementation of quantity of features.

I also would want a source for that. At least in the mobile dev space, it has always been common practice for them to leverage private APIs to do things regular app devs cant.

> At least in the mobile dev space, it has always been common practice for them to leverage private APIs to do things regular app devs cant.

On mobile (iOS), yes. But power consumption comparisons tend to be on desktop (macOS) because the other browsers can't run on iOS at all. And I don't think Apple can enforce that API privacy on macOS because they unlike iOS they allow apps to be installed from outside the App Store.


Firefox has constantly been sussing out private APIs that Safari uses to improve battery life on macOS.


Or if you want a more uncharitable take, Google used its position in search, email, videos to keep nagging people to install Chrome in order to be able to get performance benefits.

Is it really a feature to not be allowed to use non-webkit Chrome on my iPhone, even if it might unlock superior features? Is it a feature that Google Fi can't work optimally on iPhone thanks to their anti-competitive restrictions? Is it a feature that I have to use Siri, which is way inferior to Google Assistant, when communicating in CarPlay?

Is the planned obsolescence a feature too? My 12 year old Mac laptop is dead because MacOS does not allow me to upgrade past a certain version, and the cryptography primitives do not update past that so no recent browsers support the platform. My only recourse is linux. In the future this will not be possible either because normal Linux doesn't support the new hardware, unless Asahi Linux really manages to take off.

I choose iOS because the hardware is good and _some_ of the software is good. I can't stand their business practices, and they don't actually get a lot of things right. They're just doing what MSFT wanted to do with their OS & software, except that they've monopolized the hardware too and somehow that's what protects them from antitrust.

> My 12 year old Mac laptop is dead because MacOS does not allow me to upgrade past a certain version, and the cryptography primitives do not update past that so no recent browsers support the platform

What version of macOS are you stuck on? It can’t even run Sierra? https://www.mozilla.org/en-US/firefox/109.0.1/system-require...

The bigger issue for me is increasing requirements. My 2012 MacBook Air went to absolute dog when upgrading to Catalina. Terrible user experience (which, I believe, is one reason why Apple sets requirements the way they do).

It was either snow leopard or lion. Chrome and Firefox would install but be unable to visit https websites because of missing crypto things it needed. It was surprising to me too.

For the average of users they don't really mind if they're using WebKit or whatever stack underneath. My family just wants to open Safari and browse, and they don't give a shit about any of Apple's business.

Right. They only care when it starts being noticeably slow/laggy, or causing other problems, or if a button/menu item they often use has changed positions or removed altogether. "I've been clicking this spot for years and it always works, now its completely unusable!".

Take for example the iMessage feature that lets you see message timestamps. There are no visual affordances to indicate how to do it. My parents couldn’t figure it out (pull the messages left!) it’s about the same as not having the feature. Wanna install an alternate sms app? Good luck, apple won’t let you because this isn’t android.

So sure, people won’t complain — they just accept that this is life, but life could be better if apple didn’t have monopolistic behaviors.

>For the average of users they don't really mind

That's usually because they never used or even know the existence of something better. Same thing was being said 15 years ago for IE. The average user was fine with it until they tried Chrome (or Firefox/Opera before).

Other than being a professional programmer, which I keep pretty compartmentalized from the rest of my life, I think I'm a pretty average computer and web user.

I certainly know other browsers exist and I have even used them. I still don't care I just use what comes installed on the machine because like I said I don't care.

Hm even my non tech classmates in college knew the difference between chrome and safari. They care about speed and features they get used to (e.g. chrome password manager follows you to your phone, syncs history across devices). To be an absolute non user of such features to the point of not caring is not what I’d consider typical.

Could it be an age cohort thing?

Where did you get the idea that I don't use the features?

I'm not interested in evaluating or comparing the features, but I'll use them if they suit my needs.

You can't use them if they're not on the default application installed on your system.

>Is it really a feature to not be allowed to use non-webkit Chrome on my iPhone, even if it might unlock superior features?

Yes it is for many people. They do not want to risk the chance of their tool not working for some nebulous chance at a better experience. The vast majority of people are not tinkerer's at heart.

The rest of your questions can all be answered with "Yes", as long as the tool does as expected. We are literally all in the 1% of people just to begin with by even configuring software in the first place.

The example of Chrome on Windows given above seems to belie this claim. The "nebulous chance to use a better product" you refer to was apparently enough to trickle down to the non-tinkerers. Who's to say the same wouldn't be the case for eg Google Assistant vs Siri?

It’s not that here. I use iOS because I don’t want anyone embedding several bloated half baked ancient hole ridden security nightmare browser engines in their apps which do everything possible to bypass system wide network restrictions so they can carry out whatever bad behaviour their business model thinks is acceptable. I want one system wide browser that respects the security configuration at OS level.

I want this for myself and the surface area of our 500 or so staff.

It is hard for me to disagree, because I understand that use case. The issue, however, appears to be that there is no 'version' that allows for it for users that accept the risks involved.

It is not completely unlikely the conversation with cops. In their perfect world, everyone would sit quietly at home with hands on the table. Life is more messy than that though for obvious reasons. In other words, I understand the need to have some level of control, but some balance is necessary.

For those cases, there is Android. My youngest one has an android phone, and everyone else in our family has an iPhone. It is not like you are forced to buy an iPhone. Those restrictions are actually part of its market differentiator.

No. All that happy talk about differentiation and market forces only makes sense when there is an actual competition. We have an effective oligopoly with no real choices between them. If there is no real choice, as consumers we have to force companies to adopt more consumer-friendly posture ( and yes, that means sideloading and all the dangers that entails ).

An oligopoly is not a monopoly. You can argue that there needs to be more differentiation, not that there isn't any. Some people want to sideload, and they can have an Android. But some other people are pretty much satisfied with not being able to sideload, the uniformity it brings, and the other perceived positive side-effects they see.

<< An oligopoly is not a monopoly.

No argument from me.

What did I say though >> "We have an effective oligopoly"

I did not argue we have a monopoly. I argued we have an oligopoly at best ( if you count Pine and similar as viable candidates ) and duopoly at worst, which somehow manages to be worse than a monopoly for one reason and one reason only.. monopolies are more tightly regulated. Try talking about regulating current batch of market leaders and you will only hear 'private enterprise','if you don't like it, start your own', which completely manages to ignore the problem to begin with.

<< Some people want to sideload, and they can have an Android.

Hmm. Why is that statement somehow appear axiomatic why and does each sentence fragment logically follows one another? Why is it not 'some people want to use their purchase as they see fit so any device they pick they can do what they please with including "sideload"'?

<< some other people are pretty much satisfied with not being able to sideload, the uniformity it brings,

I would argue with that.

One. Not all users know it is an option. Two. Existence of various workaround to allow sideloading suggests otherwise.

<< the uniformity it brings

If there is one thing world needs now, it is not uniformity.

<< other perceived positive side-effects they see.

Would you be willing to elaborate?

> The restrictions are a feature and not a bug.

The point of open OS is not to force its users to use unvetted apps. It is to give them an option to do so.

The argument that someone might want to use a restricted OS because they want to only use vetted apps is flawed. The reason is that the users can use an open OS in the exactly same way, if they choose to do so.

>The point of open OS is not to force its users to use unvetted apps. It is to give them an option to do so.

And the point of a closed OS is that "giving the option" is as good as forcing the users.

Because third party devs with clout (facebook, instagram, etc and generally anyone whose apps users "must have", even if it's just their bank or local dominant rideshare or chat app) will, given the option, force users to install unvetted apps.

> "giving the option" is as good as forcing the users

From what perspective?

> third party devs ... will, given the option, force users to install unvetted apps

It is up to the users to allow e.g. Facebook application to install additional applications. No one, and especially no app, should be able to force them to do so on an open OS.

If you refer to predatory practices where an application would disable some of its functionality until an additional "unvetted" application is installed, then this is definitely an issue.

But it should be addressed by targeted measures against the offending applications and by educating the users. Not by taking away everyone's freedom.

In my opinion, the freedom of choice regarding which application runs on one's own hardware should remain with the owner to the largest extent that is practically possible.

>If you refer to predatory practices where an application would disable some of its functionality until an additional "unvetted" application is installed, then this is definitely an issue.

Worse, there wont even be a vetted application. It will only be an unvetted application you'll be asked to sideload to get the functionality at all.

And soon: alternative app stores, with their own rules and no central control. From Adobe, Google, and so on.

>But it should be addressed by targeted measures against the offending applications and by educating the users

Has that "educating" and "targeted measures" ever worked?

> there wont even be a vetted application

I do not understand your reasoning. Any app store or in general any source from where an application could be installed implicitly provides a trust model. Whether it is Google's Play Store, a GitHub repository or e.g. John Doe's personal website. The users then have the freedom to choose whom they would like to trust.

> Has that "educating" and "targeted measures" ever worked?

Yes. Users are cautious before running anything as root. They check a browser addon before installing it. They do not open media from unsolicited e-mails. And so on.

It is, however, all besides the point.

Even if there currently were no effective targeted measures that could be used, it still would not mean that we should resort to undermining everyone's freedom, in my opinion. Not in this particular case.

There are legitimate cases where everyone's freedom is restricted in order to make the society a better place. For instance, we as a society have chosen to not tolerate stealing and we put the individuals who do so behind bars. This is broadly accepted because it brings benefits to everyone. We do not need to worry about being stolen from that much.

However, there is no general benefit to the society that I am able to see which would materialize as a result of limiting everyone's freedom to use their own devices. I can only see a lot of negatives.

I can think of one good case for not allowing sideloading of unverified apps.

If iOS only allows apple approved apps a employer/school cannot force me to install a intrusive monitoring app on a iphone/ipad.

That would be cool... except that Apple in fact approves intrusive monitoring apps--hell: they even have an Enterprise program that lets companies build apps for their employees that don't require App Store approval!--and then makes it so that not only can they be installed but the device is so locked down that you can't tamper with them, via Mobile Device Management.


Apple still need to approve the organisations use of that program and provide certificates, which like in the facebook case can be revoked.

There are also two different tiers of MDM in the apple enterprise program. If its a bring your own device the device cannot be locked down to not let the users remove applications. It will also sevely limit the kind of information the MDM solution cant get out of the devices. These things can only be enabled on corporation purchased devices.

There is a good overview here: https://www.apple.com/hk/en/iphone/business/docs/iOS_Enterpr...

But maybe I am wrong, do you have examples of intrusive monitoring solutions that can be deployed (without exploits) on iOS?


My company iphone when I first turned it on warned me that whatever I did on it was being monitored by my employer.

It's by design from apple.

I of course put it in a drawer and forgot about it.

ain't nobody talking about unverified apps. why can't Chrome (fr fr) be in the app store?

I am a user of browsers and though I like it the most the Firefox drives me crazy with the constant updating notices. I will never let any program auto update itself if I have a choice - sorry, I like to know if something is happening with the things I use - but the frequent bugging of the Firefox to update, update, update, update, update, update, update, update, update, update, update, update is driving me mad! Why the f*ck update?! The current version works just great!! One or two brought me noticable and interesting (thought still marginal in the overall purpose) changes throughout a perhaps 5 years window, the rest just bugging me and pushes self advertising 'what monumental new things we brought to you' pages on next start. Breaks the flow of use frequently, it is a user hostile behaviour. Do security ONLY updates (or better yet, work slower and bring a secure version to us in the first place please!) and let me look for new features on my own time, ok?!

(this is a very bad trend in the software industry, pushing updates on the user like if the software had the same importance to the user like it is for its developers, if the life's purpose for the user was to keep it the most updated and satisfy the software packages' needs, no, not at all, for users it is a tool not the center of admiration that want to nurse and cherish. it is a bad trend but that is not an excuse to do bad as well but a reason to make it better please)

Rememeber! : https://pbs.twimg.com/media/EtwnnQLUUAI9O7g?format=jpg&name=...

Sorry if you've considered this (or if you just wanted to vent) but maybe installing Firefox through a package manager would help you control when it updates.

The primary "new features" of a new browser release are (A) security fixes and (B) support for new web standards, which websites will adopt. If you are not a security expert or a web developer, how are you supposed to judge whether these new features are something you want to upgrade for? You probably won't even know that you're missing these new features-- if you wait long enough to upgrade, you might fall victim to a long patched vulnerability or your web experience will start to break in subtle ways. This isn't a flaw of the web but a feature, we (the web developer community) have fought long and hard for the browser developers to stay up to date with the web's changing feature set so that we have less of a "feature window" to target.

I wrote to do security only updates, look back.

But new standards in every 2 weeks? You are kidding, right?! : ))

And security updates as well every other weeks?! (or sometimes two in one day or in three days in between: just checked the update history) Are the software products in THAT poor quality, really?! Then those should not be released yet! Those are THE vulnaribility then. It is a scam then if this is deliberate - releasing poor products before securing just to occupy themseves for long long time to come finishing it, make it properly.... Maybe shouldn't include those standards in a heist, making thing even more complex so it is a hopeless battle agains the security leaks that make those products look like a sieve. Shouldn't rush things if ends up this badly that frequent and important and urgent patches are required.

Also no! Not only security fixes and new standards come, you are mistaken quite a bit. There are no separate updates for features and security. I checked. New features come bundled on how to do things differently, adding things as well. Bookmarks or whatnot - welded together with important stuff -, I do not care as I mentioned the product in features is good already and never missed those yet I am bugged against my will to get those too (good enough only means on the surface of course, not in security, in security it seems to be hopelessly and constantly below the minimum since urgent, immediate, install right away or you doom kind of messages come from here and there). Sometimes they even repackage, redesign, put elsewhere existing and frequently used things breaking the user flow again, making its usage more difficult for a time being while you get used to it (if you can, not always) just to ruin it yet again later. It is good it is free for the end user, for that sloppy quality breaking the usage and requiring frequent fixes no amount of money should be given. You woldn't if it was a car or a tool for the physical world.

> But new standards in every 2 weeks? You are kidding, right?!

There are hundreds of changes to standards in various stages. And bugs happen in those implementations.

In fact, standards related changes land in browsers source trees _far_ more often than every two weeks, that's just the iterative development cycle that they package these changes (_and security changes_) into.

Excuse me, your conclusion doesn't seem to follow from your premises. I mean, "Please OS vendor I want something simple. That hidden `sideload` option is complicated, please lock down my machine."

Like, seriously? No one's that stupid. Sure most people want a decent, clear default option, but no one want that to be the only option. At least not for themselves. Because for some reason I see many people arguing that other folks are too stupid for options and should be locked down instead. For their own… safety? convenience? And that just reeks of authoritarianism.

"No one's that stupid"

99.9% of people are not like you.

They barely even know the difference between Windows and Google.

People who got online when smartphones entered the scene have a difficult time when I try to explain what "folders" and "files" are.

I do a lot of tech support for family and friends.

They NEVER enter settings or preferences for their OS or their browser.

They're afraid they'll "break something".

The disconnect between tech literate people like you, and what they think most users want - or even care about - is mind blowing.

Does anyone here remember the headache you'd get, when helping a family member, and you saw how many toolbars and viruses they'd managed to install, since you last checked their PC two months ago???

The lockdown is a feature - not a bug - in most user's minds.

And I has made my life so much easier.

I use Linux and side load apps.

But I'm so, so, happy that none of my family members are even able to do the same.

>They're afraid they'll "break something".

Right? I feel like my non technical social connections have an even greater learned helplessness from interacting with any sort of open to customization technology because they've learned that everytime they touch something the tool stops working in a way they don't understand. Most people are not going to spend days to weeks, and definitely not months to years learning how to tinker with and expertly maintain their technology.

I feel like technologists in this forum are acting like blacksmiths who would scoff at any of us for having purchased a hammer, rather than smelting the ore, forging the head, and carving the handle so we could have one that fit our needs perfectly.

I dunno... the way it feels on the other side is that y'all think people are too dumb to not hurt themselves with hammers--which is true!!--and so, rather than trust that people who are afraid of hammers will simply avoid using a hammer they should be actively prevented from even owning a hammer, or even letting their friend or a hired carpenter use a hammer to help them, which is kind of overkill.

Relying on people not being dumb doesn't work out in practice.

There's lots of stuff you're not allowed to do because we figured out the average person can't do it without endangering others.

> which is kind of overkill.

But a profitable one

Well, it's a fact that all that technology is incredibly brittle. Systems lack resilience, error recovery, and accessible debuggability, and when something breaks, there's a high chance it'll have disastrous effects. It's objectively safer to stay within the "works for me" happy paths that authors are likely to be actually testing/using themselves. Even this sometimes fails, sometimes seemingly without reason, only to later (maybe) start working again. It's a nightmare, a constant source of stress and another thing that people feel they have no control of at all. It's not strange users flock to authoritarian-style environments, managed by someone who do have the capability to control that chaos to some extent - even if they sell users' PII data to Sunday and back.

There are complex reasons for this, but the end result is simply that IT is not ready for mass adoption. Software is still in its infancy - I suspect that the broader the possible implications of technology, the longer it will take it to be ready to be mass adopted. We gave up all hopes of ever proving program correctness in the 80s, then in the last decade we've given up all pretenses that we know what we're doing... and nobody saw a difference. By all rights, software should be confined to research labs and garages of nerds for quite a few more decades.

The problem is that this technology is too useful. It has too far-reaching applications in almost all spheres of human activity. When the software (and all layers below it) actually works, it brings small miracles to its users, enough that they're willing to pay a lot for a product obviously unfinished, rushed, that'll probably get killed after few years. They think that, yeah, it breaks all the time and I'm afraid to breathe in its direction, but it's ok, I'm strong, I can deal with it if I'm able to do X or Y.

Tl;DR? I dunno. Maybe developers should put more effort into professionalizing the field, but this kind of thing is impossible to rush. Or maybe the users should get a grip and accept that it's not developers who force them to use their products. The massive amounts of money involved, along with the life-changing potential of IT products, skew incentives so much that, currently, both developers and users pretend that it's all fine, even though it obviously isn't, and then both complain. Users are stupid, developers are lazy, but neither can live without the other any longer...

>People who got online when smartphones entered the scene have a difficult time when I try to explain what "folders" and "files" are.

Not just the grandpas and grandmas either:


I wholeheartedly agree; locking down systems is a feature, not a bug.

I would go even further and say it's not just so in the users minds, it is also so in the admins mind, whether that's a business setting where we have to make sure thousands of workers don't accidentially brick their PC (or worse: cause an infosec issue), or a family setting.

Though I have to say, that lockdown-feature comes with a rather heavy price tag attached, because, well, the systems in question do a whole lot more than just make the locking down easy, do they?

It would be great if commonly used Linux Desktop Environments allowed for a switchable (with root-privileges) "Lockdown". I'm aware that this is possible already, but requires too many steps and is too error-prone. What I want is a simple on/off-cmd offered directly by the Desktop-Suite for me to issue as root.

That would allow people like you and me to setup computers for non technical people to use easily, whith the benefits of both an open system, and the stability a locked down system provides.

Isn't this just admin vs a regular user account?

You are falling prey to your own model :)

The important thing to notice is that the median user's mind is neutral about features like lockdown, security, side-loading, and everything else, because they don't think about features. They think about concrete interactions, like "playing candy crush", or "talking to grandma/grandkid", or "buying stocks", or "trying that app that my coworker showed me".

And when they can't do it ... "it didn't work for me" ... they, ironically wisely, don't even speculate why it did not work. The folks you see on forums who recommend "doing factory reset and it'll work" or "clean the cache", etc... are obviously the "Dunning-Kruger poster kids".

Median users are monkey see monkey do, that's why if they see "it works on Ted's iPhone" then their thought is "I guess I'll get an iPhone". And ... it works. The US is iPhone-land.


And interestingly this hyper-pragmatic (arguably too narrow-minded) approach to technology is also what leads to the interesting cases when enough teenagers want Fortnite on their iThing. And that's when the generalizer machine of society can pick up this thing and sometimes it spits out useful principles. (Mostly we get just one more bad statute on the books.)

You're making statements about how people think in general, but most of the world isn't iPhone land.

Most of it perfectly applies to the Android universe too.

And the US device market is still the trendsetter, which is basically Appleistan.

Apple is only about half the US mobile market, and the rest of the world the trend is clearly Android. So calling the US market the trend setter seems odd because if that were the case then the rest of the world would be trending strongly iOS but this pattern has been stable for years.

I mean with regards to the sideload-lockdown, ApplePay-or-nothing, privacy-CSAM-detection trade offs.

Apple is the premium brand, the Goliath in the market, especially considering revenue and profit.

Even if there are many Android phones they are of various brands, and Alphabet/Google is not rocking the boat, F-Droid works relatively okay.

I just want it to work! Stupid thing! Why is it so slow!

>"Please OS vendor I want something simple. That hidden `sideload` option is complicated, please lock down my machine."

I could easily turn that characterization around. "Please OS vendor, I want something that just works, please don't add customization options that I will never use but if I accidentally select will effectively brick my machine for the technical skill level I have." I might be dating myself here but do you not remember all the complaints about something as simple as resetting a VCR's clock and parents just living with it blinking after a power outage until their technically inclined children took it upon themselves to fix it?

>No one's that stupid.

They don't have to be stupid, but that doesn't mean the time invested in learning the skills to modify and customize software and hardware is something they want to do. My original point was that people in this thread and others across this site keep talking like they cannot _fathom_ why someone would choose a locked down version of a product over an open one, and I pointed out why many people would.

>And that just reeks of authoritarianism.

Moralize elsewhere here. No one forced people to buy an iPhone and yet its massively popular. More open products exist for cheaper. Tbh the only who seems to be implying that people are dumb and pushing authoritarianism are the group who keeps pushing to break up these machines that just "work" that the market is showing a high level of preference for

You have chosen one property of the iPhone and elevated it to the primary reason why people buy that device, which is entirely disingenuous as clearly people are forced to make tradeoffs in their purchases and nearly 100% of people might despise having locked down devices and yet still buy an iPhone if other things are more important to them... and there are definitely a ton of things the iPhone gets right--both in its hardware and its software--despite* this one glaring thing it gets wrong.

Almost everyone I know owns an iPhone... and yet, almost all of them wanted a more open device and bought an iPhone anyway because it has a longer serviceable lifetime (due to software updates for a longer period of time), has a pervasive brick and mortar storefront that sells accessories, lets them use AirPods, has one of the best cameras on a mobile phone (and here it is maybe-interesting to note that Samsung devices are also pretty damned well locked down: you sideload a browser, sure, but you can't get filesystem access or modify any of its stock behaviors)... I could keep going, as Apple is actually an extremely competent company that has built a great product!

And yet, those people, when given the chance, were all very excited to jailbreak their phones to get more features. The people who are not technical has their technical friends do it for them. The people who did not have technical friends who wanted to deal with that much effort bring their phones to the little shops which do it for you. At its peak, despite being pretty hard to do, difficult to maintain, and complicated to take advantage of, we had more than 10% of people with an iPhone jailbreaking! That is an insane number of people to just write off :/.

People, especially when looked at them in general, it turns out, don't care about general principles. (And sort of rightfully so, because in the last thousands of years almost literally all questions of importance were not questions of principle. Which noblehouse should give the new king? None!? Yeah, that's not a good option. And so on.)

Software and these hyperglobal platforms are where principles actually start to matter. (It did not matter even in politics. In principle free speech, sure, but also no generated kiddie porn, because ew. And it did not matter, but suddenly with the capability to force CSAM-detection on the world, we would think it now starts to matter, but no, people in general never heard about this, have no idea about this, and so on.)

So with that long intro, it turns out that if enough people want Fortnite on their iThing, or want to repair their tractor or car ... that can force some principles, and that's when people will suddenly care about "my device my blablabla".

> do you not remember all the complaints about something as simple as resetting a VCR's clock and parents just living with it blinking after a power outage

Why fix it? What's the drawback in leaving it blinking?

They could fix it, they just didn't bother. Kids just have more free time.

Unless you're very lucky, it's going to be showing the wrong time. I don't think I ever had a power outage precisely on 00:00. Blinking is actually a nice reminder that you should not look at that clock to check the time. In any case: yeah, you have a single source of time info disabled, but there's a wall clock above the tv, so really, why bother setting the time right?

Unless you want to record that show that plays at a time when you have to be out. That's when you call out to the kids to do whatever it takes (setting the clock is one of the things to do, but why bother with the details).

> please lock down my machine

The restriction is against programs that can download and execute code from random places on the internet, and you only need to look at a family of Android malware that Google has been unable to keep out of the Play Store to see why.

>Known as Joker, this family of malicious apps has been attacking Android users since late 2016 and more recently has become one of the most common Android threats.

One of the keys to Joker’s success is its roundabout way of attack. The apps are knockoffs of legitimate apps and, when downloaded from Play or a different market, contain no malicious code other than a “dropper.” After a delay of hours or even days, the dropper, which is heavily obfuscated and contains just a few lines of code, downloads a malicious component and drops it into the app.


Apple requires all executable code to go through the App Store's vetting process. Apps that download code to be executed have never been allowed, which is why you have the Webkit restriction.

Webkit can download and execute code. Your app cannot.

The article's conclusion that users need to be wary of apps downloaded from inside Google's walled garden should be all the warning you need about the danger of allowing random apps to download and execute code.

>With malicious apps infiltrating Play on a regular, often weekly, basis, there’s currently little indication the malicious Android app scourge will be abated. That means it’s up to individual end users to steer clear of apps like Joker. The best advice is to be extremely conservative in the apps that get installed in the first place. A good guiding principle is to choose apps that serve a true purpose and, when possible, choose developers who are known entities. Installed apps that haven’t been used in the past month should be removed unless there’s a good reason to keep them around.

Nothing stops you executing arbitrary code on iOS, you just have to use an interpreter to do so, and Joker is in fact running interpreted code (a dex file).

Bear in mind one reason you may hear less about malware on iOS is simply that security researchers aren't allowed to sell products for it and they are blocked by the infrastructure from examining apps like anyone else is anyway, so they have no incentive or ability to figure out what apps are actually doing. On Android you can get APKs from the Play Store more easily, and APKs from third party stores very easily, and you're allowed to sell security apps into that market, so they have both means and an incentive to go find malware for it. Apple just point blank refuses to allow their commercial existence unless it's by selling vulns to Apple itself.

> Nothing stops you executing arbitrary code on iOS

Nothing except the App Store review process?

We already have tech sites warning Android users to beware of apps inside the Play Store, because Google has been unable to block Android apps from downloading malicious code and executing it on a regular basis.

If you're happy with that state of affairs, by all means, buy an Android device.

The point being made by the cited article is that a tiny interpreter that activates days or weeks after an app goes live can't be detected by any app store review process. You have no idea how many such droppers are active in the iOS App Store because only Apple can look for them, and nobody knows if they do or to what extent they do.

That's why both platforms also use a sandbox. The dropper still needs to work within whatever permissions the app has been granted. App Review doesn't involve a full blown security audit of your app's source code and then a deterministic build process on top.

> The point being made by the cited article is that a tiny interpreter that activates days or weeks after an app goes live can't be detected by any app store review process. You have no idea how many such droppers are active in the iOS App Store because only Apple can look for them, and nobody knows if they do or to what extent they do.

The point being that Apple doesn't allow information downloaded from random places to be executed as code in third party apps at all. This is literally the reason for the Webkit only policy.

Google does allow it, and they (very predictably) have no way to know if that code will be malicious or not.

Which is why Ars had to warn Android users that they had to be wary of apps downloaded from the Play Store.

I think we're talking at cross-purposes here. The issue is not what Apple allows, it's what they can detect and block. They can't detect arbitrary interpreters and therefore you have no idea if this is happening on the app store. You just have to take Apple's word for it that it's not. We're talking about malware, by definition it doesn't care what the rules are. Android is more open and so third parties can go investigate and find malware that uses interpreters to execute remote code, but Apple simply doesn't allow such explorations so we don't know what's out there.

My parents are not technical, I don't want to have to worry about their phones or computers, so they use iphones and ipads, and I have a pi-hole connected to their router that clears away most ads.

They like going to the app store and knowing there is at least some level of curation on the apps. If they suddenly have to start dealing with competing app stores and sideloading and menus and all that stuff their experience will undoubtedly be worse for it.

Do you think suddenly iphones will come out of the box with competing app stores?

What made this strange thought pop into your head?

I think they'll visit sites and instead of being recommended to install an app, they'll be recommended to install an app with a redirection to a different app store.

Apple takes a huge cut of the money spent on the app store, and everyone will have a huge incentive to move users to different stores if they can. This isn't difficult to understand if you thought about it for more than a minute.

That would be apple's problem then for making their store so unattractive to developers. What you're saying here is that if developers had a choice they'd tell apple go fuck themselves and you're probably right. "We'll engage in anti-competitive practices so our customers can't escape our shitty offering" is not the flex you think it is.

Ok, and then it won't work unless they explicitly authorize a new app store to be installed.

Android supports it, but it's not just 1 click from a browser to get a new app store.

> Like, seriously? No one's that stupid.

I just want to ask you something. I'm a software developer, able to build out of parts and configure a headless Linux box, unlock the bootloader on, flash and root an Android phone and use both successfully, and "Please OS vendor I want something simple, ... , please lock down my machine" is literally THE reason why I got an expensive iPhone as my last phone instead of a cheaper Android.

Would you say that I'm stupid?

If you have two otherwise-equal choices, but one has great default settings, but allows you to change things if you really really want, and the other has the same great defaults, but is locked down and doesn't allow you any choice, then if you pick the locked-down choice, I think you're frankly quite stupid.

What I think is really stupid is how many people seem to think that having the ability to change things means that they absolutely MUST go through all the settings menus and change things. What really galls me is how many so-called technologists even believe this. It comes up all the time in Gnome vs. KDE arguments, and I'm seeing the same mentality here. If you don't want to change things, then don't.

> think that having the ability to change things means that they absolutely MUST go through all the settings menus and change things.

That sure does sound like a straw man argument to me. Are you sure you've really heard "pls don't make me change all the things, I don't like changing things" instead of the much more plausible "pls don't make me use a system where someone had to implement (and has to support) functionality that I personally don't need, and as a (possibly) developer myself I understand that this adds complexity to the system and places burden on BOTH the user and the developer"?

It's not a straw man. People really do say these things. They complain that the existence of lots of configuration menus and options means that they MUST go through all these menus and configure everything themselves. Believe it or not. I've seen it time and time again, for over a decade, every time there's an argument of Gnome vs. KDE.

Not really, the choice will then becomes use chrome and deal with their JIT draining your phone/privacy invasive ads or you cant use this feature from google docs/slides/youtube being slow… etc

Bringing up the device performance and hinting at planned obsolescence of devices is probably not the best tactic here when debating android vs iOS. Apple has a worse track record when it comes to that (while still allowing Google/android plenty of room for the same).

> Would you say that I'm stupid?


Appreciate the honesty.

> I think this is some of the disconnect between users on this site who don't understand why people would possibly actively choose iOS even with the lockin. Most people do not want to use a product that is constantly updating and adding features

Precisely the reason why I have an iPhone and an iPad is because they give me 5 years of updates and even more of security fixes.

Firefox feels the need to scream at me every time it updates, which is all the time—far more often than iOS, and far more often than Safari. I think that's what the GP meant.

FF does the equivalent of a major iOS update several times per year, as far as the user experience of the update is concerned—iOS doesn't fill my screen with on-launch "hi! We updated!" notices unless the release is a big one and there's actually new stuff to tell me about, in which case they usually keep it short and to the point. FF opens & foregrounds a new tab to tell me about the exciting update (ugh) and sometimes also pops some call-out bubbles for Pocket or some other crap, way, way more often than any other software I use, and it's really annoying, especially for a piece of software I've been using exactly the same way since it was called Phoenix and before some of the people working on it were born, probably—none of the shit in those announcements has ever, once, been anything I needed or wanted to know about.

This, despite monkeying with UI and force-foregrounding unrequested content being UI poison for people with low computer literacy. I roll my eyes and close the crap; others get confused and are significantly delayed in doing whatever they actually wanted to do with the browser, on top of feeling confused and betrayed that their browser did something different when they opened it this time.

I don't remember the specifics of how to do it, but you can disable the Firefox upgrade welcome tab...

My Firefox install hasn't bothered me by opening any unwanted tabs in a couple years, at least? But it still updates on a system restart or when I tell it to -- it just reloads all the previously opened tabs without any UX burden.

But if you're browsing the web aren't you by definition going to "use a product that is constantly updating and adding features in that are going to be taken out shortly"? I'm always impressed when I realized a website did a redesign that basically moved buttons from the top of the screen to the bottom of the screen.

I'm pretty sure Apple updates it's browser just as much as Google chrome, firefox or edge is updated.

Browsers in general do often change with new temporary user facing features.

People choose iOS because it's a status symbol or they like the design of the interface. Not because they are afraid of updates.

This is why I use Linux, where I can have a choice to run MATE for a decade while GNOME, MS/Windows (especially 11) (and Apple too) are destroying their systems (from my viewpoint at least).

the recommendation for Firefox Nightly aside, noone is forced to accept constantly updating apps, and adding features that get removed after a short time is also an unfair characterization. i don't update Firefox more often than i want to, and even when i update, i rarely notice any changes. big changes come less than once a year.

but i have the choice to update or switch browsers if i want to, and that's the point.

the restrictions only remove choice. they don't add anything.

I mean, I was referring specifically to firefox nightly in terms of adding features that can get removed. I confirmed before I posted the comment and it still a warning smack dab on their splash page. I use firefox on a daily basis personally.

>> The restrictions are a feature and not a bug.

No. Stability is a feature. Lack of choice is restrictive.

I despise most of the things that Apple does and yet, I am evaluating switching to apple for phone more than 10 years on android. The reason?

I cannot backup my phone data, I have to rely on the single app implementation and many of them have nothing about backing up data.

Add that I roughly get 2 years of security updates at most (I don't buy phones as soon as they come out), the consequence is having an expensive piece of outdated hardware.

I was going to suggest that Google stops implementing and releasing any new major Android feature, only release security updates. At least this way we would start getting security patches for longer...

I understand it, but I don't respect it.

It’s only iOS/iPadOS that Apple does this with. And iOS makes up 18% of web traffic. That’s a lot, but it means 82% can use the browser they want at any time. Chrome makes up 80-odd percent of all other traffic, so the stats overall look like:

Chrome: 65.6%

iOS Safari: 18%

All others: 16.4%

Personally, I’m more concerned about Chrome than iOS.

> Personally, I’m more concerned about Chrome than iOS.

Agreed. If the doors open, then Google will fight for the iOS browser space. And their ability to leverage all of their properties is pretty powerful here.

If Chrome takes over iOS, then that's it. No one will bother with site compatibility for anything else. Firefox's chances to stay relevant in that world will be slim.

You mean Google will deliver a better browser than what currently iOS users have to the point that iOS users will decide to move away from the default set in their OS... and Apple won't be competent enough to compete?

Because that's the only scenario where that happens and it's plausible - the exact scenario we were in with IE6 where Microsoft refused to provide a better browser and keep up with then new and much better Mozilla and later Chrome browsers.

Good product doesn't need monopolist lockdown to be used. If Safari as as good as Apple fans say it is, this massive change won't happen. If Safari sucks, then iOS users are better off with Chrome until someone better comes along. A lot of them will probably choose Firefox though, since it suits them better. Or Brave. Or Vivaldi.

It's called competition and drives towards better products for users. It's incredible how anti-free market some of megacorp fans here are. Outright refusing to allow existence of Firefox and other free browsers on iOS is a much worse take than we've ever seen from likes of Microsoft.

> You mean Google will deliver a better browser than what currently iOS users have to the point that iOS users will decide to move away from the default

No, I mean that Google will use their search monopoly, along with their dominant position across other product areas to undercut the market share of any competing browser. Any merit Chrome has is dwarfed by the strength of Google’s ability to push it on users.

I have many complaints about Apple’s handling of iOS. But it seems to me that their stance on iOS browsers is the only thing preventing the web from becoming a Blink rendering engine monoculture.

I don’t like Apple’s approach. But I’m also concerned about the prospect of a Blink-only future.

Please provide any proof that Google has a greater strength of pushing their browser to iOS users than Apple, the owner of the platform which sets Safari as default, sets Safari as default link handler, sets Safari icon on the preinstall and requires several steps, including creation of AppStore account, to even switch away.

Please, provide ANY proof, that Google has this crazy amazing power against the company that owns a platform and that easily caused a tank in Meta revenue by just slightly flexing the power on that platform.

And after that, please provide ANY proof that that megacorporation, richer and more competent than Google, cannot provide a browser that could even remotely compete with better user experience on the platform they themselves own.

Because what you're claiming is pretty crock that has no basis in reality or history.

Edit: I said PROOF, not downvotes ;P

The downvotes are probably because all the parts of this that didn't also apply to Windows when Chrome came out, aren't actually barriers because nearly all users will have already done them for other reasons (like creating an app store account), and Google demonstrably managed to gain huge share there through a massive advertising campaign on their properties, using what amounted to lies ("Youtube is better in Chrome"—eh, not really, not in any way that mattered to anyone reading that message, anyway).

You're exaggerating while also being abrasive and wrong ("is pretty crock that has no basis in reality or history"), basically.

Chrome didn't rely on word-of-mouth and geek evangelists to spread like FF did in the early years—Google leveraged their monopoly on multiple web products to do it. The proof is that they already did it once—a whole lot of users who truly don't give a shit which browser they run, ended up with Chrome, because Google told them it was better. The differences you list that make this situation seem different aren't actually notable barriers, as you imply they are. If anything, tapping an "install this!" call-out and following through in the app store is both an easier and higher-confidence action for most users than downloading a .exe installer file, running it, and clicking through the installer.

It is an indisputable fact that if "the doors were opened" that at least some iOS users would be switching browsers and other apps. That is good for competition and innovation, yes, but Google does have a lot of power to nudge people toward doing what they want through the most widely used search engine and all of their other services.

"I don’t like Apple’s approach. But I’m also concerned about the prospect of a Blink-only future."

It's the web's destiny anyway. Its design lacks modularity to such a huge degree that a monopoly open source implementation is inevitable. There's no deep reason that has to be bad, Blink is open source and can be forked. In some ways it's not really clear what benefit the duplication between WebKit, Blink and Gecko brings to the table nowadays, as they implement the same specs in essentially the same way.

> It's the web's destiny anyway.

I hope that you're wrong! Google already has a tremendous amount of influence, and a Blink monoculture would give them near complete control of the future of the web. (And I think Google have been poor stewards of the web. But that's an entirely different conversation.)

Blink being open source is better than the alternative. Internet Explorer achieving total dominance would have been even worse. But it doesn't buy you that much. Under a monoculture, your fork of Blink could never deviate from the original meaningfully because sites wouldn't be built to standards, they would be built to work on Blink.

Google not being able to unilaterally dictate web standards is a good thing. For example, I'm glad we have WASM and not Google Native Client.

Platform abuse is still not acceptable and should not be justified. For people stuck in that ecosystem the lack of choice is 100%, relativity to global traffic is irrelevant.

Nobody is stuck in the ecosystem. You can change the platform at any time.

And for me, I feel having more choice on iPhone compared to Android. With android I would need to limit the apps that I install because of potential security flaws.

iOS wins all the security rankings (e.g. https://nordvpn.com/blog/ios-vs-android-security/ ), and it’s closely related to its lockin model.

You can change phone platforms at any time you want, by buying a new phone for somewhere in the range of $500-$1000 US? And then doing what with the old phone? Selling it?

Yes, you can sell your iPhone and buy a similar-age Android phone with similar parameters - and you'll probably earn a few bucks on it since iPhones keep their value better.

iPhones retain their value extremely well, so yeah, sell it.

> And iOS makes up 18% of web traffic. That’s a lot, but it means 82% can use the browser they want at any time.

The hard truth is that 18% of traffic is probably 50% of the money.

In developed countries it's probably 75%-80% of the money.

Don't move the goalposts.

>All others: 16.4%

This whole essay is really just Mozilla complaining that they aren't on anyone's radar anymore and should be disregarded as bullcrap.

Firefox once upon a time defeated IE6 despite home turf advantage, to say nothing of Chrome which played that game even better.

If Mozilla wants more market share, maybe they should make software people actually fucking want.

How many people choose a browser, compared to those that use whatever the OS defaults to/pushes on them?

The millions if not billions of Windows users who choose to use Chrome?

Also, using the OS default is also a choice. If someone uses Edge in Windows, that's a choice.

It's only iOS where users have no choice.

Chrome is also pushed quite aggressively by Google

How exactly? Microsoft has been randomly resetting my default browser back to Edge on every big Windows update. They've thrown Edge on my desktop against my wish. They keep buggering me to change the default back.

And yet, somehow, Chrome is still more popular. So what are those horrible tactics Google uses to brainwash people into using their browsers when both of their major competitors use their own operating systems to either harass or ouright force the use of their browsers for the users?

Google sometimes bugs you to download Chrome within unrelated search results.

How is that more effective that Microsoft outright resetting your default browser and pushing it in your face on reboots?

They advertise it on the google.com homepage. Which is quite the prime location to advertise. That said, I do think that Chrome has taken over mostly on merit. In many ways it is the best browser. It's just a shame it's so dominant because a monopoly situation rarely works out well for end users.

Back in the IE days they (Google) did push it pretty hard. There are definitely still some cases where Google could (and should) do better about keeping their services browser-agnostic, but it's way less prominent than it was before.

edited for clarity

They are pushing pretty hard RIGHT NOW.

Oh After rereading this I think you thought I meant Microsoft. I was talking about Google and chrome. Microsoft's pushes for Bing and Edge in Windows are definitely over the top.

Both sides are over the top, and Google's winning.

Mozilla is farting vapid air with this essay.

And they continue to win the fight Mozilla cannot.

OS restrictions, if any, are not the reason Mozilla is dead in the water.

Microsoft Edge's main purpose is to download Chrome.

Windows now ships with wget or curl (can't remember which) so there's no longer any need to use its browser!

> Microsoft OS isn't that bad these days

Really? Edge is the default option, they push you to make Edge the default if you are using Chrome or Firefox and every now and then they ask you to accept Microsoft's default Windows settings.

The show their MSN news by default, Bing is default, they show ads in the OS, they constantly ask you to log in to your Microsoft account, everything leads to MS 365 office products or MS cloud storage.

It's a horrible OS and I wonder how long this can fly by any anti-trust measures.

I use Windows 10. Been using Firefox as the default browser since the day I installed it 7 years ago. It has never nagged me about Edge.

Duckduckgo is the default search engine. If I want Bing for some reason, I have to actually type it in the address bar.

I haven't gotten any ads in the OS, and the only time it tried to get me to log into a Microsoft account was once when I was first installing the OS 7 years ago. I use LibreOffice, not MS 365, and no MS cloud storage and nothing is pressuring me to switch. Google Drive is there in the rare cases I want to use it, and I still have a login to Dropbox if I want that.

I also never enabled Cortana or web results mixed into my local search or any of that other nonsense.

There's a whole lot of misguided FUD about Windows in the tech crowd. People who you would assume would know well enough to check the options they want or don't want at the time they install the OS. Doesn't require a tech genius to do basic configuration. It's kind of baffling how many can't figure that out.

An argument could be reasonably made that the defaults should be different, and if you just clicked 'Yes' to everything, you should get a configuration like mine. But that would be a bad faith argument. It's reasonable to set the defaults to things that match the OS company and for features to be 'On' (otherwise people wouldn't know they were there).

MacOS is the same about that stuff. Many of the defaults (backwards scrolling and hidden scrollbars) are practically unusable from a UX standpoint. They also default you to their own proprietary office software, browser, and other weird stuff with confusing UI. The keyboard isn't configured correctly and consistently by default (totally gets the editing keys wrong). Just like Windows or Linux, you have to configure it and choose which parts you want or don't want.

> I use Windows 10. Been using Firefox as the default browser since the day I installed it 7 years ago. It has never nagged me about Edge.

Windows 10 definitely nags you about Edge from time to time. Some windows updates will re-trigger the "setup wizard" flow and ask you yet again to switch browsers & setup a microsoft account instead of using a local account. Or an Edge shortcut will just be quietly dropped on your desktop.

It's not super often, but it absolutely happens. That said, the real kicker is in Windows 11 where they removed the ability to change the default browser in a single spot. You're instead forced to change the app handler for every mimetype & extension, it's extremely tedious.

If you search firefox on edge/bing the first result is a gigantic banner telling you that edge is cool and modern and there's no need for that.

I was only addressing how hard it is to install a browser of your choice on Windows, that's all. Honestly, I haven't used Windows in a while so maybe I'm out-of-date, maybe it's much worse than I thought.

Ads on the start menu and stuff like that is horrible, I agree, but it's a different issue than browser choice.

When you try to install Firefox from a clean Windows install, Microsoft gets desperate. The default search engine is Bing so if you search for "download Firefox" you get a large ad-like panel above the results telling you how great Edge is and that you really don't need to change browsers. Then when you finally install Firefox, it'll put ads in your start menu to "try Edge", I've even seen it add a little popup when I tried to open Firefox though I don't know if they still do that.

Microsoft disabled the API that let's you change the default browser because Chrome and Firefox kept doing that automatically when you clicked a button. Mozilla reverse engineered the new method of setting the browser but Microsoft then cried foul because you're not supposed to be able to set the default browser from within your preferred browser unless you're Edge.

And then with every major update you risk your browser preferences being reset because of "bugs". I've had Google set as my default search engine in Edge (to avoid the desperate ads from MS) but that got reset one update. The default browser got reset twice. Microsoft assures us that these were bugs and mistakes and that they didn't intend to change user settings, though.

I have a hard time believing any of it ever since the day I got an ad for their browser in my start menu.

“offender” suggests undue negativity.

For me, the biggest selling point of iOS is it’s lock in - be it in browsers or the store.

My phone is the centre of my privacy, and I want it to be as solid and as safe as possible.

So far nobody developed a mobile system that is more open and just as safe and robust.

>My phone is the centre of my privacy, and I want it to be as solid and as safe as possible.

If privacy was the main concern, you wouldn't be using any of the ad vendors, which includes apple.

Yes, apple does sell your data. They just don't want others to do it too.

There are plenty of smaller security focused phone vendors these days that doesn't intersect with user interest.

For those curious.

Just look at the front page of the app store, literal ad right there amongst numerous locations.

Their ad revenue has been expanding since 2016, and despite them hiding exact ad revenue in their quarterly, Tim Cook has mentioned in the investor call that "advertising and analytics, apple services revenue set an all-time record of 20.8 billion in q4".

Selling advertising in their own app store is not selling user data to third parties.

You are conflating lots of categories that maybe you don't quite understand. Not everything is a conspiracy.

Oh but I do understand.

The strange part would be your weird definition of what constitutes selling user data.

According to your definition, Google isn't selling data to third parties since they now own the entire vertical integration when they bought double click back in 2008.

> If privacy was the main concern, you wouldn't be using any of the ad vendors, which includes apple.

That is a false equivalence.

> Yes, apple does sell your data. They just don't want others to do it too.

This badly needs a source.

> There are plenty of smaller security focused phone vendors these days that doesn't intersect with user interest.

This badly needs examples.

>> Yes, apple does sell your data. They just don't want others to do it too.

To whom?

Are you a bot? Because you just replied to the word "privacy" and not the whole sentence.

I mentioned safety and solidity - meaning - I want the phone to have as few attack vectors as possible. Ads have nothing to do with this.

Are you a clown because I quoted that entire sentence directly from you YET you are still complaining.

Go disagree with yourself in the mirror, not my problem.

So don't install alternate app stores or side-load apps. Why do you need lock-in?

GrapheneOS is more open, but also significantly more robust than iOS.

Is there a list of vulnerabilities discovered for GrapheneOS? I couldn't find a decent summary anywhere.

I couldn't also find any source for your claim that it's more robust than iOS. Care to provide a source for that?

I was with up up until your statement:

> Basically, if you want to have choice in a browser, don't use Apple products or a Microsoft OS.

I get the "Apple products" bit - Apple famously refuses to allow you to install your own browser engine under the hood on iOS. But Microsoft? Can you qualify that with some concrete examples?

Just one example is forcing you to open links in edge regardless of your "default" browser: https://betanews.com/2021/05/07/force-web-links-open-in-defa...

As I see this is not about opening normal links

This is about opening link targeted to edge

"Copy the following test link:


and exactly why should anyone be allowed to target their links to a specific browser instead of letting me use the browser of my choice?

For the majority of links there is no particular reason but for some specific cases where the link brings you to a App that the developer has build with that browser in mind it is useful. I want a way to force the opening of that app in the browser for which I have tested and don't want to receive support calls that the app is not working because you opened it in your obscure browser of choice.

such apps should not exist. it's a throwback to the old internet explorer days.

you will receive support calls from people who don't run windows and thus don't have edge

Well it's how the mailto:blabla@blabla works.

yes, but the target for each of those is user-configurable. any request to another browser would go back to my preferred one.

regardless, web-apps that depend on a specific browser should not exist.

If browsers had equal features support then yea

that's what the standards are for.

any feature that is not implemented in all major browsers should be considered experimental. it might go away. it's fine to use such features for experiments, but they should not be put into production and relied upon.

any differences in the implementation of the standard should be considered a bug. warning users about bugs is fine, but automatically redirecting me to some other browser that you deem working is not.

Uh what?

If one browser laggs behind then the rest shouldnt deploy?

This is crazy

depends how much your users matter to you. if a browser[1] lags behind on a feature, you should avoid using that feature on a production website, or provide a gracefull fallback. but by no means should you redirect the users to a browser that supports that feature.

[1] i am only counting major modern browsers here: chrome, edge, firefox, safari. you are welcome to support more, but these at a minimum.

If I have 20% FF users and 70% chromium users, then I shouldnt deploy a feature which will serve those 70% and wait who knows how long till FF catches up?


you are willing to anger 20% of your userbase? you can do whatever you want, just don't expect everyone to go along. but if i run a business and my revenue depends on my browser users, i'd be very hesitant at loosing even 5% of them, let alone 20%.

Why would all of them leave your service just because one thing is not available on ff?

Popular as hell services are constantly annoying users e.g reddit fb

Or arent or werent available on web at all - iirc instagram

If you have leverage then they aint gonna leave as hard as you make it sound

well, it depends on whether the site breaks if a browser feature is missing or not.

if it doesn't break then you have a graceful fallback which i did already suggest as an acceptable way to support new features in case they are not supported.

but if the site breaks in some way, it may prevent me to complete the objective on the site. if i wanted to buy something, and the site doesn't work because of that missing browser feature, then i will have to go buy somewhere else. it doesn't matter how much leverage the site has if i can't use it.

What? No, it's the exact opposite! If I set my system to open mailto links in Thunderbird, the link won't randomly override and open in Outlook. That's the whole point: The link specifies what should get opened, and then the application of the user's choice handles it.

Isn't that just using Application URL scheme? MacOS does this too.

Microsoft somehow keeps "accidentally" resetting my default browser (they love to do that on quarterly updates", they just threw an Edge icon on my desktop that reappears on every reboot and their default browser choice dialog is harassing you really hard to avoid changing the default away from Edge.

They're doing a huge amount of dark pattern stuff to avoid people from using other browsers these days.

I remember this happening to me I think 2 times back in the early days of Windows 10 and the initial push for Edge after getting rid of Internet Explorer. And yeah, they shouldn't do that.

But since then, I've used Windows 10 and now use Windows 11 on multiple devices, and in my immediate friends and family they all use it too, and this has not happened at all.

They absolutely do it on major updates when you get the fullscreen "Oh, we need to update your account again" form. If you miss the tiny links "Please don't" in the corner, it'll reset the browser and default search provider.

I've never got such a screen on a feature update. Perhaps it's because I've got local accounts?

The article talks specifically about the hoops Microsoft makes you jump through to install an alternative browser.

> Android users can easily install Firefox (or better yet, Firefox Nightly) through the Google Play store

Not every Android device has access to Google Play, yet Mozilla still doesn't provide an APK download for Firefox from its website to make sure those users can have their browser too, despite all of this complaining.

This is actually another example of where OSes get in the way of browser freedom. Because of Google Play Services and its dependency on phones that have Google Play Store, it may be more difficult to support multiple builds of the app than it should be. Still, this is a good point, would love to see Mozilla support non-GMS Android devices.

> Still, this is a good point, would love to see Mozilla support non-GMS Android devices

Well, actually, they "support" non-GMS Android devices in the sense that no Google services are required to run Firefox on Android. But you have to get the APK from unofficial sites like APKpure or APKmirror (trusting you're downloading a non-tampered file) or finding the appropriate build among all the releases in Github.

Oh maybe I should have checked before replying. I don't think this is too hard for someone who wants a direct APK https://github.com/mozilla-mobile/fenix/releases

Perhaps the complaint is that they are not releasing to competing stores like Amazon? I would find it hard to believe that legit Firefox builds are not already on Fdroid

It's not the same as clicking on a direct APK download link as WhatsApp does on their website. You download and install, that's it. Here, first get into Github, browse between beta releases, OK, is this one? Now, should I get arm64 or armeabi? Definitely not a simple process, and of course not suitable at all for non technical users.

That's fair, thanks for the example!

I wish they'd set up an F-Droid repo so you don't need to follow Github links to download Firefox. F-Droid is the de-facto open source app store for Android, after all. Bromite, a privacy-focused Chrome replacement, has an F-Droid repo, and that's run by a single guy as far as I can tell, so surely Mozilla can do the same.

Right now only Fennec is on F-Droid (which has some changes that give you more user freedom than the default browser build…) but Firefox is nowhere to be found. Their build process is incompatible with the official repo but that doesn't mean they can't set up their own repo instead.

>they're mainly complaining about proprietary OS vendors restricting users' choice in browsers

I guess they think everybody forgot about the many years and hundreds of millions of dollars that Mozilla spent trying to get people to adopt FirefoxOS. An operating system that… only allowed using Firefox as the web browser.

On Android, it's often impossible to replace the chrome webview. The only way to do so is by modifying the system's whitelist for webviews. On linux and other platforms, apps get a choice of what webview they use, be it qtwebengine, webkit-gtk, or what have you.

I've been overhearing lots of complaints coming out of the Ubuntu corner about how everything is moving to snap exclusive distribution. Not too familiar with the whole snap ordeal myself, but I understand it is quite the shitshow and that can't be good for the Linux browser landscape.

Ubuntu is dead.

It's by far the best distro, even for production loads. I know, controversial opinion, but ubuntu has never been better (even if I dislike snaps). And almost everything is now built to run on Ubuntu first. Even RHEL would require tinkering for tons of software I need in dev/prod.

Based on what? What's the most popular/live alternative?


Not at all

> Apple is now the worst offender in forcing you to use your computing the device only the way they want you to.

This is wrong. Google is the worst offender; Apple is an under-appreciated hero.

I have to use some web pages- for taxes and public services, for my banks and so on.

Those pages don’t work in Firefox and the only reason they work in Safari is because people don’t have a choice on Apple devices.

Of course they have a choice: they could just have bought a google phone, but I have worked in ads long enough to know I want to stay as far away from Google as I can, and I cannot tell you how sad this makes me to see my choice being threatened just so you could use chrome if you “wanted” to.

>Google is the worst offender

How the issue you're raising has anything to do with Google? Google hasn't forced those devs to not care about Firefox.

> How the issue you're raising has anything to do with Google?

Because Google benefits from this and not me.

I think you would have to be stupidly naive to believe this legislative lobby happened without their help.

> Google hasn't forced those devs to not care about Firefox.

The only people who know that are Google and those devs, not me and not you.

But Apple did force those devs to care about Safari, and the things that work in both Safari and Chrome usually work in Firefox, so if you care at all about browser choice, you should be very afraid of this: As soon as my bank can tell me to install Chrome in order to pay my bills instead of doing any more work supporting Safari (and by extension Firefox), you better believe they will.

I think the user choice doesn't really matter here. Web devs want 99% of people to be able to use their stuff, so they develop for the least shared functionality and companies/apps/services that _need_ functionality just don't exist or else the companies that want to do it give up after creating mobile apps (linux users, and sometimes even desktop users are out of luck).

> Apple is now the worst offender in forcing you to use your computing the device only the way they want you to.

Is it your device if it obeys someone else?

All your belongings have to obey the legal requirements set by others.

E.g. building code; electronic interference limits; road safety performance; emission limits; food safety standards...

Yet they can still be yours.

I am not convinced that safety regulations enacted by elected bodies are the same as proprietary software offering its manufacturer against the user's wishes.

They are not the same at all, so your statement is incorrect.

I don't see your argument here. Is your objection solely that I was insufficiently restrictive in my statement?

addendum: You're saying your analogy is fallacious, therefore I'm incorrect. Which I find rather confusing.

> if you want to have choice in a browser, don't use Apple products or a Microsoft OS

What Microsoft OS restricts your browser choice?

I have zero trouble using Firefox on my Mac, other than the OS wanting to use Safari sometimes, what's the problem?

Edit: Ah Apple products, I didn't factor in iPhone/Pad, yeah I dislike iOS and don't use it for that reason.

Android makes it very difficult to modify the system WebView engine. This means no alternatives to one of the more important parts of the system. If you want adblock in a web view, tough luck for most.

You missed ChromeOS which is the second worst after iOS. Then Windows, where you can set the default but MS keep trying to push edge in your face, then MacOS which only really pushes Safari on first install.

The advantage Safari gives users on iOS (and macOS) over Chrome and probably also Firefox is power consumption. Which is a crucial factor on mobile devices.

If you want general purpose computers, look for industrial gear, not consumer products.

Industrial gear? What are you talking about here? Examples?

I'm talking about the kind of computers you would use when you'd build some industrial machine. E.g. say you make MRI machines. You're not going to put consumer hardware like a MacBook inside your MRI machine.

For browsers specifically, one can select their own browser on iOS and MacOS as well.

It's always Safari under the hood, but that may change soon thanks to EU regulations (https://www.macrumors.com/2022/12/14/apple-considering-non-w...)

because of, not thanks to. Once again the EU meddle with things they should not. And once again I’m pissed off by their regulations (though this time at least it makes a bit more sense than the previous time…)

> Once again the EU meddle with things they should not.

One of the major reasons of existence of the EU is to provide a common-level playground for everyone, where everyone has a reasonable chance of success based on merits. Forcing Microsoft to break up their anti-competitive bullshit back in the IE6 days was a good thing, and so is breaking up the engine and app store monopoly on Apple's side today.

Another reason of existence is waste reduction, and holy hell did the EU do a good job there by getting everyone sans Apple to agree on micro-USB, then on USB-C once it achieved reasonable market penetration for everyone including Apple.

These days I only need to carry two USB-C power bricks from Anker on vacations to charge everything I have from my array of phones to my laptops (corp and private), and once I find the money to upgrade my Sony camera, that as well.

I am honestly glad that the EU forces vendors to put the customer first. I won't be sad if they force opening of the walled garden that is the iOS app store.

> customers first

> opening of walled garden

Yeah, I wonder how secure those customers would be when any kind of third party app store can just show up and start releasing data stealing, virus-infested apps, with no oversight?

The idea that allowing a wild west of things because "freedom" is somehow better for the end customer is very shortsighted. I've never had to assist anybody in my family who has an iPhone, that cannot be said for Android however.

You mean there are no "data stealing, virus-infested" apps on the Apple app store? That's a very naive assumption ;)

Are you the guy who made the famous spot against right to repair? You know… if you can repair your phone you will get raped.


It's not like anyone from the EU forces you to install "data stealing, virus-infested apps". If you don't like alternative app stores or side-loading, then just don't use those.

Straight out of Federighi's infamous keynote, lmao

What's wrong with more choice and competition? I really don't understand the walled garden apologists. If Apple 'tears down the wall', users still have a choice not to install non-Apple software if they don't want to.

Going through comments really reads like a case of Stockholm syndrome.

On iOS it’s just the chrome, not the full browser.

Completely unrelated, but part of me wants to say it’s too bad that I won’t read the article due your comment (I really won’t now), because it’s an interesting headline, but at the same time these comments tell me whether it’s worth reading or not. The upside is skipping the bad or bloated articles, the downside is skipping articles that were actually good, but the top comment gave a bad review. It’s especially painful when the top comment missed the mark completely. The price you pay I guess.

Browsers are doing well. I'm more worried about the fact the browser is turning into the entire operating system these days. Even the apps use the browser engine for a lot of functionality these days.

It's like a parasite, the OS is being eaten inside out. I'd be fine with this, it's a typical disruption process.

Except the browser stack is full of legacy features, is bloated, and I'd hate for this to be the de-facto platform for "everything" going forward.

The joke that JavaScript will become a virtual machine which will then be implemented in hardware and be the only way to do everything is not THAT far from reality.

The browser turning into an operating system (or rather a separate meta-platform that provides a common wrapper over operating system services) has already happened a long time ago.

And while many web APIs indeed 'suck', they're still roughly in the same ballpark as traditional OS APIs when it comes to legacy features, unfixable design warts and general 'pain of use' (e.g. it's not like native development is all rainbow-farting unicorns, while web development is eternal pain and suffering - it's both 'mildly annoying' most of the time).

The opposing opinion would be that changes of vital OS features has happened to all the operating systems. Users expect a new version of software to run on newer operating systems. The web has never deprecated anything close to vital. We're stuck, seemingly, with everything ever conceived.

I would argue that most users expect that their software continues to work on new operating system versions without being forced to upgrade (which is easy for free software, but less so if the upgrade costs money and the users are entirely happy with the feature set of their current version).

PS: also, looking at Windows specifically, new operating system API layers don't necessarily mean that they are an improvement over the older APIs.

Firefox has deprecated support for FTP, RSS feeds. Web extensions using manifest version 2 are being deprecated in Chrome, removing substantial capabilities. Whether these features are "close to vital" is debatable but certainly some functionality that used to be ubiquitous are being removed.

That’s not what I was thinking. I was thinking more of deprecating some elements of JavaScript that prevent speed gains.

The web is not an exception when put next to macOS (it's core remains mostly unchanged since Next) and Windows (literally can still run Win16 apps). The perfect API is the enemy of adoption and that's not going to change.

But this also allows launching points for new OSs and less supported OSs to get ‘application’ support from many vendors that don't yet support a native app—especially of the proprietary variety where maintainers can't build it themselves. Entire OSs have been built on this model: Firefox OS, Chrome OS, KaiOS, Capyloon, Peppermint OS.

I personally love the legacy features. There are fewer of them than you may think, but the ones that have stuck around are now 25 years stable.

This means that if you're careful about which features you use, you have a reasonable chance of your application not breaking randomly for 25 years ahead (Lindy Effect)

Browsers are using what the OS provides. I am not aware of any browser reimplementing Vulcan, DirectX or Metal, nor am I familiar with any browser reimplementing any feature of the underlying OS. It's just an application where you can build other applications and it provides access to some OS features via a scripting (higher level) language that's highly imperfect but thoroughly documented and used by millions. Speaking of hardware implementation for browser runtime, I just googled in the direction of WASM-in-hardware and came across this: https://github.com/lastmjs/wasm-metal

They pretty much all re-implement OpenGL since they needed WebGL/WebGL2 to work reliably across platforms, some of which don't even ship OpenGL at all. SPDY/QUIC/HTTP3 re-implement a lot of the OS level socket stuff in the browser. Hardware interfaces for USB, Bluetooth, and Serial are exposed to avoid needing device specific drivers for many things. It has the ability to be the compositor, window manager, and display server (see ChromiumOS/ChromeOS).

The browser certainly hasn't eaten all of the host OS yet and still depends on it for many low level things but at the same time browsers go far beyond what the OS provides and reimplement many things that 20 years ago would have had you laughed at for implying are part of the browser and not the OS.

But OpenGL is not part of the OS, or is it? (asking sincerely, no idea) I thought Vulcan is for Linux, Metal for Mac and Direct3D is for Windows.

Quic still relies on UDP, just like many other non-TCP protocols that are built by vendors for all sorts of applications.

OpenGL isn't really any different than Direct3D/Vulkan/Metal from the OS perspective. Shoot until recent times it was the only option on some platforms and if you wanted to use the GPU it was the only way on them.

QUIC uses UDP but not in a "it's relying on UDP" way as much as "layering UDP allowed it to go through middleware boxes" way. The developers of QUIC would have liked QUIC to not depend on UDP, and the protocol works fine that way, but then it wouldn't have went through home routers or corporate firewalls very well. Regardless a lot which used to be done in the OS TCP stack is now handled by the browser application. This is similar to how some other apps have used UDP but that doesn't take away from that fact.

I see. You're saying if they could build OS functions into the browser and not break compatibility with the outside world they would have done that, which means that they're vested in the idea that the browser is the new OS, or can minimize the OS to just the extremely basic no-value-add utilitarian functions. That makes sense why people are concerned or baffled. Thanks.

> nor am I familiar with any browser reimplementing any feature of the underlying OS.

Well QUIC is replacing TCP for many HTTP connections now, and that’s implemented entirely in the browser. The OS provides the datagram layer but at this point it’s semantics. The bulk of the protocol is in the browser.

Yes, Quic still relies on UDP. So that's like many other non-TCP protocols that are built by vendors on top of UDP for all sorts of applications. It still uses the OS layer for UDP, which is what many other applications do.

I disagree. UDP is stateless, all the heavy lifting for the connection oriented protocol is being done in the browser. It is literally replacing the kernels TCP stack, a service the operating system has supplied for decades.

The question was, has a browser has taken anything over from the OS, and the answer is - in this case - yes. It still uses the OS to control access to the network, but the role of the OS in HTTP has been significantly reduced.

What's the difference between Quic using UDP and SRT using UDP: https://www.haivision.com/products/srt-secure-reliable-trans...


I understand from the other comment in this thread that Google is OK with building an OS within the browser and minimizing the role of the OS, but I do not think Quic is a great example unless and until you consider, as the other commenter did, that it could work without UDP and they used UDP only because the routers and other network hardware required it. So, I understand overall, just knit picking on this particular form of the argument.

Dedicated JavaScript processor sounds interesting. I wonder who will do the JPU first, and how many requests it will send per second to IP addresses you didn't ask it to send.

> I'd hate for this to be the de-facto platform for "everything" going forward.

How come? It seems like a positive, user-empowering shift to me.

How does it empower the user, you think?

Because users can control their experience more than any other platform. All browsers have powerful devtools built in and users can freely install extensions to enhance their experience. And the source (or at least executing) code cannot be hidden. The array of options at browser users’ disposal is unmatched.

> Except the browser stack is full of legacy features


I don't agree with GP's sentiment but one need only look at Number.parseInt vs parseInt and the associates coercion differences, and even typeof null which was on the front page today. Lots of cumbersome APIs like XHR and others designed before Promises existed, and even smooshgate, where we couldn't introduce flatten() because Prototype (iirc) implemented it already and failed to properly handle the possibility that the browser could already have it (plus it worked differently where the default depth of the new standard API is 2).

Or Boot from Google, Boogle?

i think mobile users are unaware how good firefox+ublock origin is. i constantly get bombarded by disgusting adds while browsing news portals, cooking recipes, etc. imagine reading about some great cooking ideas and midway through you see an advertisement for "revolutionary medication for foot fungus" with before and after pictures to show. and yes this happens even in "private" tabs. if anything mozilla should give financial backing to extensions such as ublock origin

EDIT: should say "android users". iphones are beyond help even with firefox

Uh? All browsers besides chrome come with ad blocking capabilities, some of them built-in. I use safari with adguard on my iphone and I don't see ads ever either.

I do a lot of web browsing on my iphone and if I couldn't block ads I wouldn't have bought one.

til. i have never owned an iphone but my family members do and always complain about ads. from what i see this could be a good tool for them. thank you

I gave up on FF on android, it's abysmal. The best browser UI on android goes to Lightning https://f-droid.org/en/packages/acr.browser.lightning/ but it's essentially abandoned - even though it uses the system webview, it can still be a problem. The next is Bromite https://www.bromite.org/ which is significantly nicer and faster, and FF on Android, with built-in ad blocking.

On desktop, FF is still my choice, but the android one is a bad joke.

>best browser UI on android goes to Lightning

Lighting was my browser of choice. After stopped being updated moved to, a fork of it, SmartCookieWeb.

Its really buggy on android. I find Brave to be much brave on mobile, and on desktop its much better on the security side, especially on Linux.

I went from Firefox to Brave, only because I need bookmark sync from systems besides Macintoshes. We'd likely agree advert blocking is mandatory. I didn't see any advert blocking in FF for iPhone, while Brave looks to use the same blacklists as uBlock Origin.

So far it has caught nearly every advert and annoyance. Though I still am wearied by bombardments from the browser itself to sign up for 'services that respect my data', I get that they need to make money but I am still ticked off; it seems a little contradictory.

Also brave search has serious problems filtering out SEOspam blogs.

i have not found this to be the case at all

On mobile, Bromite is your friend :)

I do try and evangalise for it when I'm with others and they complain about ads on their android web browsers. But it's a tough sell these days.

There was a lightly visited portal (news) that I got used to and started to bug me to turn off my adblocker (uBlock) if I want to read their materials (I do not call their duplicated things fetched from here and there articles).

I stopped visiting them.

i used to have this for some sites too, but ublock seems to always get ahead eventually

yeah evangelising anything hardly works. people in large are always hesitant to move away from the familiar. i find show and tease works better :)

Ha, you make a good point.

So instead I can show them the same site they're on, but with no ads. Wait for the "how come your view looks different?"

Applications are open for YC Summer 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact