What they have written down is a list of APIs they do not wish to implement, then stated that the reason is privacy without any attendant analysis or, as far as anyone can tell, any proposals to improve or mitigate whatever the analysed flaws may be. Make of it what you will.
July 28th, 2020
So you’re not accusing them of lying?
You claim that they do not wish to expand the web platform.
What they have written published in policy documents is that they have privacy concerns.
Is what they are saying true?
(I will note that many APIs include persistent re-identification risk; e.g., a chance that if you grant something to the same site/party across cache clearing, they can join back up your identity. This is something we’re working to tackle & welcome proposals around.)
Those risks are identical and symmetric in both new and old APIs. The ways they’ll be solved are (and will be) portable across those surfaces. It’s hard to claim anything more nefarious here than a lack of time to look closely at the problem…which is itself a scandal.
I’m trying to make of it what you will, but you won’t tell me. 🙂 They claim one motive (privacy). You claim another (not wishing to expand the web platform). Which one is true and which one is false? adactio.com/notes/17205
The motive could be anything; I don’t much care what it is. The impact, however, is deeply problematic for the health & future of the web; I explain why here: infrequently.org/2020/06/platfo…
I concur that impact is more important than motive. That’s why I was surprised that you ascribed motive in your blog post (a motive that contradicts Apple’s stated motive). adactio.com/notes/17206
To take one example, here’s what happens to 1st-party state on iOS. Why aren’t apps forced to dump state if you open them from Twitter to prevent reidentification? A secure web that keeps logging you out will lose to apps unless competition forces tradeoff to evolve faster