July 28th, 2020

Replying to a tweet from @slightlylate

So you’re not accusing them of lying?

You claim that they do not wish to expand the web platform.

What they have written published in policy documents is that they have privacy concerns.

Is what they are saying true?

51° N , 0° E

Also on Twitter

Reply Retweet Favourite


Alex Russell

What they have written down is a list of APIs they do not wish to implement, then stated that the reason is privacy without any attendant analysis or, as far as anyone can tell, any proposals to improve or mitigate whatever the analysed flaws may be. Make of it what you will.

Alex Russell

(I will note that many APIs include persistent re-identification risk; e.g., a chance that if you grant something to the same site/party across cache clearing, they can join back up your identity. This is something we’re working to tackle & welcome proposals around.)

Alex Russell

Those risks are identical and symmetric in both new and old APIs. The ways they’ll be solved are (and will be) portable across those surfaces. It’s hard to claim anything more nefarious here than a lack of time to look closely at the problem…which is itself a scandal.

Jeremy Keith

I’m trying to make of it what you will, but you won’t tell me. 🙂 They claim one motive (privacy). You claim another (not wishing to expand the web platform). Which one is true and which one is false? adactio.com/notes/17205

Jeremy Keith

I concur that impact is more important than motive. That’s why I was surprised that you ascribed motive in your blog post (a motive that contradicts Apple’s stated motive). adactio.com/notes/17206

Kushal Dave

To take one example, here’s what happens to 1st-party state on iOS. Why aren’t apps forced to dump state if you open them from Twitter to prevent reidentification? A secure web that keeps logging you out will lose to apps unless competition forces tradeoff to evolve faster

Have you published a response to this? :