I was super confused by this since to the best of my knowledge SFSafariViewController blocks anything like this, you, as a developer, cannot inject anything or peak into the view it creates. Then I got to the bottom and realized I was correct, but FB/Meta/IG/etc aren't using SFSafariViewController and instead using the older ways to embed a web view.
Honestly I thought all other methods had been deprecated and had no idea apps could still make use of the less secure (for the user) options. Trust me, as a developer I've wanted to reach inside a SFSafariViewController many times to make my life easier but in the end I've just grumbled and assumed it's not possible and worked around it.
I wish there was a privacy-safe way to get the best of both worlds but due to bad actors I doubt that will be possible. I need to look more into App-bound domains but I don't think even that will give me what I really wish for (a way for the page loaded in SFSafariViewController to tell my app something). Something like postMessage support for SFSafariViewController would be amazing and be safe privacy-wise I think since the contained page would need to support sending/receiving messages instead of just having code injected against their will.
Yes, developers are able to leverage WKWebview on iOS and a Webview on Android.
One thing about both webviews is that there are callbacks with these implementations that developers can choose to open a link in the embed webview or not. It might be useful for privacy/security for Apple/Android to force developers to allow-list a domain (like iOS's Associated Domains) or such that an embedded webview can load (besides local html and files). It might be something in addition to the developer's callback.
I have started moving from an SFSafariViewController to a WKWebView in my app. In my case, we have a discussion forum that I wanted to display in a sidebar alongside the app, so people could get help while they work. I also wanted to intercept clicks on certain files to open them directly in the app — making it easier for users to check out other work on the forums.
However after reading this article what I will be doing is intercepting any links from my WKWebView to domains outside of my forums and opening them in an SFSafariViewController. I have no intention of tracking anyone, but neither do I want the responsibility or reputation for domains outside of my control
As a user I’d like to discourage this. If you use SFSafariViewController, the user’s extensions and content blockers load automatically. If you use WKWebView they don’t load at all. I’m one of those users who depends on these and every time a developer uses WKWebView instead it drives me up a wall. Plus, the UI is shared between Safari and it’s easy to jump out.
In this case, I cannot show a SFSafariViewController side-by-side with the main app on iPad (as it can only be presented modally). On this site there are no ads, and no content to block, it is simply a discussion forum about the app.
I'd be happy to put a Safari button on the WKWebView sidebar version, but as it is a coding app and the forums are full of helpful code snippets, having it appear alongside the code editor seems like a valuable proposition.
The big advantage of using WKWebView is that when a user posts a zip file containing their project you can simply tap on the link to run the project and see the results. You can also easily share your code to the forum by tapping a button in the app's UI to post it to the thread.
These sorts of native<->web integrations are not possible with SFSafariViewController. However I would not want these integrations on any outside domains, and so would push the user back onto SFSafariViewController if, for example, they opened a discussion and tapped a link to an external blog or article.
I think we both might be mistaking the required move from UIWebView to WKWebView (instead thinking we had to move from WKWebView to SFSafariViewController).
What are you trying to use? There's no restriction on using WKWebView. If you try to bypass Webkit, you'll get rejected for sure, but you are not forced to use SFSafariViewController
I am using the inappbrowser for Cordova, that i am sure uses WKWebView, but as soon as the app store testers see the webview, they reject the app and want me to use SafariViewController. Happened to all my latest app submissions/updates
But the solution isn't to enforce a specific browser or way to access web content. The solution is to educate users about the toxic software landscape on smartphones and the security threats of using apps. Ironically these supposedly checked apps behave vastly worse than the vast majority of software you can just install on a less locked down system. Because there the better alternatives mostly win.
I wouldn't say WKWebView is 'the old way', it isn't marked as deprecated and just because there's a new class that's easier to use doesn't mean they replace older classes that let you do more stuff. As you've found out, you've run into problems, but I have no idea why you would think not to use WKWebView if you can't do what you need.
That said, in general, never, ever use in app browsers for surfing the web. We use them for specific pages on our website that should interact back to the app, otherwise we tell the system to open the URL in the user's browser
This is what was confusing me, e-mails we got in years past about moving from UIWebView to WKWebView. In my head I misremembered that as needing to move from WKWebView to SFSafariViewController.
There are a couple apps where we are using SFSafariViewController but WKWebView would make our lives easier so I need to go back and look at switching those out.
> ITMS-90809: Deprecated API Usage - App updates that use UIWebView will no longer be accepted as of December 2020. Instead, use WKWebView for improved security and reliability. Learn more (https://developer.apple.com/documentation/uikit/uiwebview).
I remember those, but we'd moved to WKWebView almost as s soon as Apple marked it deprecated.
We don't have many web views anymore, we still use a couple for signup and for the user to change their privacy settings because we need to change some behaviours based on the results, so we inject something to know if the user made changes and close the view. But there's no way for the user to navigate out to the greater web from the pages.
Anything else and we instruct the os to open URLs
Only Instagram? Every app maker who makes an in app browser can see what you do, that’s the point of embedding it. And why not? You arrive there because of a link in the container app you clicked on. They want to see what you do with the link they gave you. Otherwise only Google/Apple can see what you do with it. Someone can see what you do with the link no matter what.
> They want to see what you do with the link they gave you.
Except they didn't give it to me, my partner/sibling/parent/friend did, in a message sent through their app. We should expect that kind of interaction, to not be tracked; should expect, but obviously can't expect it today, these news are not surprising.
This is just one more aspect of their tracking that may be non-obvious, and that it's good to know about.
The problem is that users cannot tell if they are being spied upon or not as long as they use in-app browsers. Avoid them! Go web apps instead of native apps for better privacy in general.
Regardless, i don't consider it to be acceptable behaviour by Instagram to inject their tracking into all web pages i access through their app just because they can.
There is a UX benefit I've found, and maybe the app folks felt it as well.
Android has a nice universal "back" button which can close an opened tab and return you the app that spawned it. iOS tried a similar option with a "go back to App" link at the top left, but it doesn't fully close out browser tabs spawned by the app. Safari has gotten smarter about this, with browser "back" buttons closing spawned tabs in many cases, but not all.
So, in all those emails where I click to launch a browser to "read more" but see no reason to keep it around, the embedded browser actually plays a maintenance role: no need to get rid of those tabs that were just a funny comment I wanted to see but never need to keep.
Yes, the tracking is disappointing, but the UX of not having a zillion tabs open (and in old iOS version, hitting tab limits) makes my life easier.
Not necessarily. If they’re using a WKWebView, they can’t see what you’re doing, which is why Safari Autofill remains enabled in some but not all app-embedded web views.
Every app and or website steals your wallet and when you point this out to people in tech who code this shit they respond with "just following orders".
Installed system wide ad blockers ages ago and got on with my life.
I hope Apple doesn't disable JS injection in WKWebViews in response to this. JS injection is the (only?) way to call native Swift methods from JS ie. bridging.
I am not sure what the solution here is. Maybe only allow injection to sites you control (via apple association file).
Sure but since the App Store is human review, they can tell the difference between a web view and an external website. Or just require the app to only call web views on their own domain or a whitelist of domains they submit with the app.
Only intentionally, via setup from a hosting app. If an app uses a WKWebView to display web content, it can use WKUserContentController[1] to inject scripts and additional content into the page dynamically, and can inject functions into JS[2] which will trigger native callback handlers when called.
If your app uses the JavaScriptCore[3] framework to run JS in a VM in-process directly, you have even more options for interfacing between JS and native code.
Note that this has to be explicitly hooked up by the app (i.e., none of this applies within, say, Safari).
With the appropriate libraries you can use JS to call Swift and Obj C code.
Long answer: no
All it really means is that the JS and Swift/Obj C can pass data between each other and the library is set up to parse that data and call the appropriate code. It's just an automatic RPC.
Same here. So many apps legitimately depend on these features, which makes me worried about an overreaction from Apple here.
A domain verification would be a huge hassle for me, since I provide an app builder that allows my non-technical customers to build an app (which includes a webview). Asking them to do domain verification would be tricky.
Websites need cookie notices, but apps can track your full web usage (albeit within the in-app browser) without any such notice or opt in? Doesn't seem like this would be legal. Anyone know how this could be compliant in the EU?
It's also frustrating that on an android device you can't simply disable in-app browsers globally.
The EU+UK e-privacy "cookie" rule applies to apps in the same way as anything else that's sending/receiving data over a public network (e.g. the Internet): all storage of information to, or reading of information from, the end-user device requires their free, informed and specific consent, unless it's a technical necessity for the service they requested, or certain limited (technical) purposes like load balancing. How strictly this is enforced by regulators has waxed and waned over time and from one country to another. Civil litigants, however, have had pretty good results in the courts (or just threatening litigation) - e.g. the Lloyd and Vidal-Hall cases against Google in the UK
I'm not familiar with the Instagram signup flow but it may very well be that the user did opt-in at one point. The opt-in would of course only be valid if there's also a clear "reject" option.
GDPR enforcement is significantly lacking. There's basically zero ways this is compliant unless it's opt-in (but who in their right mind would opt-in?) but the regulators aren't interested in standing up to these nasty companies.
I’m not surprised and it’s really annoying apps still use in-app browsers. I remember even Telegram had that at one point, with link opening only on in-app browser(at least on iOS). But what really annoys me is that most of the users, e.g. my girlfriend, have NO IDEA about the difference, it’s just a browsing window, no matter in-app, which engine, with which privacy feature. Perhaps os vendors should show more obvious UI, and UX wise, tell you you’re leaving a safe browsing experience?
it's not the browser itself, it's the experience of staying in app when clicking a link. for example when going through a paygate that redirects to a browser. i don't want to leave the app, then come back in manually. with an in app browser it works seamlessly.
What does "in app" do differently? On Android the only thing I can think of that is different is that if I open the app switcher the tab is in a different app.
But I think I prefer that because if I click around a bit I can switch back to the app that spawned the tab directly instead if hitting back a load of times.
when in-app and i close the browser i'm back in the app. this isn't the case if i'm redirected to a different browser application. That's quite a big deal
Android has “Chrome custom tabs” (terrible name, they don't have to be Chrome) which behave like an in-app browser, but use an actual browser. I assume the app can't spy on those?
The article isn't complaining about in-app browsers per se, but that Instagram implements a special version of an in-app browser that injects Javascript code to track user behaviour. If you have noticed TikTok doing the same thing, please publish a blog post about it, and I expect it would get attention here on Hacker News, at least.
Isn't this... what everyone (that uses in-app browsers) does? I just assumed that's a big reason why one would use in-app over sending a person to their native environment, which is decidedly a better browsing experience.
> How can I protect myself? For full details scroll down to the end of the article. Summary: Whenever you open a link from Instagram (or Facebook or Messenger), make sure to click the dots in the corner to open the page in Safari instead.
“How do I protect myself?” should be point number one.
Does apple require that developers allow users to open these links in safari—- w/o tracking? Or do developers feel this is the only moral way they can agree to this user-hostile behavior?
> Is anyone under the impression that they are a customer of a service they don’t pay for?
Maybe not on a technical forum like this, but I think the distinction between a "customer" and a "user" is sufficiently fuzzy among non-technical people.
I once wrote an email to Steve Jobs, saying that operating systems like MacOS and iOS should have a secret phrase or icon that they show to you whenever they show a system-level security dialog. (And of course implement the same restrictions on screenshots of that dialog as they do for movies.)
Because otherwise, an app can totally fake the interface of a security dialog. The only way you know, these days, is that password managers and cookie jars work with the "approved" sites, but they can simply show you a site that doesn't require those, and then fool you into entering your passwords!
Steve never replied to me. And Apple never implemented it.
Not only would CSP block it, but this type of behavior only strengthens Apple's decision to not allow third party rendering engines. Could you imagine the privacy nightmare that would ensue if Facebook could release a browser that bypassed any and all safeguards implemented by site operators?
I have always hated inapp browsers. I am a degoogled android user, and I despise any app that defaults browsing to inapp browser. If you are a developer who is defaulting to inapp browser, please stop doing it. (Biggest reason I hate inapp browsing is my ad-blocker and custom ublock origin scripts don't work correctly.)
One thing I've noticed is that content-blockers/adblock don't seem to work within the Facebook/Instagram etc. in-app browsers so I usually end up jumping out of them anyway.
The worst is when the link is YouTube and I have to watch an ad even though I pay for YouTube Premium but because it launched in an app browser I'm not logged in.
In-App browsers have always been a security nightmare. Similar issues exist with Electron apps as well.
But developers continue to use them as HTML + CSS + JS is the easiest way to develop a graphical dynamic UI, for a newbie. Many schools & colleges even teach basic HTML, CSS & JS, so the barrier to entry is very low.
I am not sure what a good solution here would be, but maybe we could start by limiting access. Or another way could be to have some way to convert the rendered UI to compiled binary code
Good call out on Electron apps, I try to avoid Electron as much as possible. I use Slack's web interface for example.
I never made the connection until you brought it up, but yes, Electron apps are just like using Webkit on iOS. Abstracting UI/UX to a browser engine which has identical security pitfalls to a browser but with far less control and inspection capability.
The battle for control continues. I started noticing this personally when using social media and took note of the fact that the browsing was still being done within the app when clicking on an external link.
You mean custom ones, right? WebViews are incredibly useful, but it definitely seems like implementing your own browser gives people a false sense of security, like they've been sandboxed when they haven't.
What would be nice here is a permission requirement if you're injecting code into a browser view.
webviews for clicking arbitrary links in apps like instagram or gmail are absurdly restrictive. i lose my context, cookies, and regular tools (bookmarks are gone, sharing often overridden, etc)
That was a great update, but still not a true browser. No tabs, no bookmarks. Why should the website be restricted to one tab? Just open Safari and be done with it.
If you want a true browser there's always the option to move the current page from the in-app Safari View to the full browser.
In many cases I'd like to stay within the app. Those in-app Safari Webviews allows that. And if it is a website I'd like to browse in my usual, more permanent browsing evironment I always have th eoption to do so.
This two step approach is more useful to me than always opening links in the browser.
They're supposed to be restrictive as to not confuse the user. An in-app browser isn't there to give you a full browsing experience, it's there to do a quick web-only task that somehow cannot be done in the native app itself.
since years ago apple added the little back button to return you to your previous app, even webview is dead weight. apple should only allow one, in some special context, that's so counterintuitive to implement that only frameworks e.g. react native can justify the effort
And yet, we're normally seeing Apple === BAD because they limit everything to just the one Apple thing. Am I actually seeing requests for Apple to limit willingly?
Most of Hackernews doesn't understand why Apple is the #1 tech company in the world -- they're still in the "no wireless, less space than a Nomad, lame" mindset.
How is the walled garden allowing a phone to last for four years? Where you getting new phones because you polluted your non-walled garden device with so many bad apps that you chose to get a new device? Not really following your point, but maybe I am?
i was getting new phones mostly because my devices were getting bogged down by android updates and capabilities. the os allowed developers to do more and more things, and offered more and more customization, faster than the pace of hardware improvements supported, to the point i'd have to get a new phone if i wanted something both up-to-date and fast. if i kept a phone longer much longer than a year, i'd have to worry about software updates as well, OR replace the OS and deal with instability.
and i'm not talking about bad phones here — htc one s, nexus 4, nexus 5, nexus 5x. admittedly, degradation of shitty NAND is still a factor in higher-end android phones, so it's not all about the android ecosystem being a free-for-all
an iphone xr will still run everything fine, including the latest version of ios. hundreds of dollars saved and a whole set of problems avoided over the life of the phone. i only replace my phones when they're smashed to bits now
anecdote: someone in my family just had to replace their android phone because a software update caused the radio to stop working for calls. so the ecosystem issue is not just a userland thing
I'm on an iPhone 6s+, so yeah, I'm a fan of the not needing a new phone all the time. I am pleasantly surprised with each new iOS that my phone is still not deprecated. At that point, I will have to look at updating.
Do you want to cripple the entire app industry? Apps built using React Nativ / Flutter e.t.c use the WebView to render themselves. So they’re basically already running “in-app browsers”
But then how do you differentiate when the app is rendering its own view rather than another website? You could apply some restrictions like <iFrame> has nowadays where you need extra security privileges (I think) to render pages / execute scripts not on the same domain
Otherwise you can always open safari from all of these in-app browser views and they could implement a toggle which forces all of them to be opened in Safari automatically
I think the clear answer is to only allow local/whitelisted domains that you can prove you own. I work on Capacitor/Cordova apps regularly and only allowing local code would allow for them to continue to work and close this loophole. Anytime I open an external page I do it in SFSafariViewController which doesn't have the ability to inject code or snoop.
Huh, TikTok is one of the first apps I have seen which do not allow you to open an external website in Safari. I am going to do a bit more research and try to find other apps that do the same
Last I heard (years ago), iOS forced everyone to use Safari for webviews, which lots of people also complained about. Did that change? Or is the Safari webview the subject of this story?
Every webview on iOS is Safari internally. The issue is if an app presents a webview, they can inject whatever javascript they want. This is what allows frameworks like Ionic to work in the first place, the webview runs the "app" and any interface back to the OS is communicated through a bridge to the native world.
The key aspect here is that Instagram's app is using a Safari Webview but somehow it is injecting its own tracking pixel on the HTML body wether the target website had it or not.
Which honestly does not surprise me, what surprises me is that Apple allows this. I think there was a time where certain Javascript capabilities were present in Safari but not in Safari Webview and there was certain outrage.
Perhaps a solution would be to run the webview through Safaris content blocker engine?
They not only track very invasively what you are doing but they create real problems for websites because certain features wont work anymore. Be it due to them disabling them or third party services having to block their usage because of the huge privacy and data safety issue.
Simple example: try to use "Login with Google" from within one of those in-app browsers and you will notice Google had to actively detect them and block the attempt because otherwise the app could spy on the login credentials without anyone noticing.
Instagram, Twitter, Facebook Messenger, TikTok.... the list goes on and on.
I am very confident that these companies are breaking GDPR laws left and right on an absolutely massive scale. They are spyware at this point.
I'm with you. If you're navigating to a website, you should open the web browser. The app shouldn't monitor or inject crap when I'm going to an unaffiliated site. The worst offenders are the ones that force you to enter credentials for a 3p account with an in-app browser.
That said, it's a huge UX failure that navigating between the web and an app is so broken. That doesn't mean that it's motivated to break the fundamental models of the web. Long term it does much more harm than good. How do you teach non-technical users good practices if developers circumvent these barriers anyway? "Trust us, we won't steal your Google account" is not exactly reassuring, but ok say that you trust a reputable app to do that. What happens when the user normalizes this behavior and a less reputable app does the same thing? Obviously many users will have no idea of the risk.
There is no reason for in-app browsers to exist besides tracking really, so this isn't all that surprising. The only effect of removing them entirely would be that stuff just worked better in general.
If these platforms do things that are abusive and invasive, the solution is not to complain about it, the solution is to stop donating content to them for free and delete your account so they aren't attractive to more users.
Continuing to enrich them, even by your reachability via their DM messengers, makes them more attractive to your friends and family.
Delete your Facebook and Instagram accounts. Stop giving them positive feedback (via continued usage and content donations) after they make clear choices to abuse you.
Apps in general are awful for users. I do all my mobile social media browsing on the web where I have much more control over things like copying text, saving images, zooming, adblockers, privacy tools, etc.
Yeah, tracking your behavior. If you searched for a bar, did you look at other bars? Parking? What other things did you look at? All of this could potentially be used for segmentation.
Yes, Google Maps probably tracks your usage of Google Maps. But when you click through to a location's website, it doesn't open that in a local webview and track how you use their website.
Ah so that's why they insist so much on opening every single link in their crappy in-app browser. I decompiled and patched Instagram for Android, and I did try, among other things, to bypass that browser (and gave up because my approach somehow mysteriously broke navigation in the app), but the thought that they're using it to track you has never once crossed my mind.
I've meant to write a blog post about this, but here goes: In-app browsers allow users to view inappropriate content, often against the wishes of sensitive individuals. People especially at risk for this include addicts and children.
Nearly every app, even "safe apps" including children-rated apps, allow access to an in app browser. Even when iOs has locked down all access to Safari, a parent has removed access to all the "apparent" unsafe sites, there are still ways to access the unfiltered internet inside of these safe apps.
How? Usually buried in App Settings. Almost all apps use some instance of an in-app browser to (lazily) reference thier privacy policies, EULAs, or TOCs. A buried link leads to a homepage, leads to an instagram link, leads to an unfiltered internet. Yes they are long, inefficient paths to reach the internet, but curious (or motivated) individuals or children will use almost any app to reach the internet. Even boring apps like MS Teams or adding a Gmail account to iOS mail uses a secret in-app browser.
This obviously presents a problem: should developers restrict any and all app access to in-app browsers, or leave policing to individuals/parents? An easy approach is to disable the in-app browser functionality in iOs, but obviously with grave cost to developers. At the same time, at what cost is in-app browser functionality being implemented.
Tangential, but these same links have always been a great way to break out of poorly designed kiosk systems.
I recall noodling with a huge interactive display on the side of a bus stop that had an embedded map, and surely enough the TOS link launched a browser, and from there you could use the Save As dialog to get to anything to execute
As a kid I loved doing this in every museum/library/other place that always had 'locked down' interactive Windows systems back in my youth.
One of my favorite ones was in a museum where I was with a friend, and there was a PC. We were bored and wanted to play some flash game, but we only had access to a mouse, and clicking links inside the locked fullscreen browser. With enough clicks we got to google and managed to copy/paste letter by letter the name of a game site in the search field and play some games.
We couldn't access anything but the browser window in fullscreen, only using the mouse. No start menu, tray icons, keyboard shortcuts, etc.
I'm sure there's like 100 different ways to break these bad Windows kiosks so that you'd eventually end up being able to access the accessibility settings, but it wasn't directly accessible to us.
Also on Android-based kiosks, you can get into the OS through the on-screen keyboard if they're using it. Try long tapping the buttons around the spacebar, one of them would usually get you into system settings. From there you can as much as completely take over the device if you wish.
Novell Netware had a similar bug circa 1998 whereby pressing `F1` at the login screen of the terminal opened the help dialog, which opened links in IE ... from there the main Windows shell could be ran and bingo ... you're in.
I never saw IE or Windows running on Novell Netware. It was a server operating system. What you’re saying is akin to saying you can create a windows shell from inside linux.
The Netware backend server was it's own OS, IIRC. However on the client side, you had MS-DOS and Windows Netware clients to login to the Novell server and access the associated shared resources.
I think what they mean is the Netware login dialogue, on Windows. My classmate hacked our high school's network, getting him thrown out of class. I'm pretty sure he used a different method, though. He got a job working for the school. This was in the mid 90s.
This was in Stockholm, Sweden. I'm not sure how it was done, but I imagine it involved the SAM file and Jack the Ripper or something along those lines.
This is how I get to web videos on my Peloton. Viewing the mandatory software licenses leads to web links and then you can visit anything in that Chrome browser window.
I'm glad to see someone mention addicts. I feel as if internet addiction, and especially subsets of it such as porn addiction, aren't given enough weight by either the addiction treatment community or the technical community.
Before someone accuses me of being a conservative religious zealot as tends to happen when anyone denounces porn, I'll say that I'm far from a puritan and am extremely liberal in my social views. That said, I firmly believe that easy access porn is one of the worst things happening to the young men and women today. I (23) know many men around my age who suffer from chronic porn addictions to the point that it severely impacts their ability for form real relationships and median age of first exposure is getting lower and lower.
It's an absolutely crucial issue that no one seems to be talking about or taking seriously.
You claim to be extremely liberal in your social views but then in the next breath make the assumptions that difficulty forming relationships today is significantly greater than in the past and further that this fact is due to effects that are caused (ultimately) by viewing porn. Those are both very socially conservative viewpoints and I have yet to find scientific data (or anything else I'd consider even remotely reliable) that back either of them up, particularly the second one.
If I were to accept (purely hypothetically) that it is significantly more difficult for many people to form relationships today then how do you suppose to show that this change is due to porn instead of, say, the prevalence of dating apps such as Tinder? Or any number of other factors including things like job stability, housing prices (and thus perceived security of living situation), and where people choose to spend their free time (for example going out on the town in the past versus perhaps doomscrolling twitter and watching netflix).
Where did I say that it's harder to form relationships today than it was in the past? I didn't. I said nothing of the sort nor did anything I say imply as much, if that was your takeaway then it exposes your implicit biases more than it does anything about myself.
> I firmly believe that easy access porn is one of the worst things happening to the young men and women today. I (23) know many men around my age who suffer from chronic porn addictions to the point that it severely impacts their ability for form real relationships and median age of first exposure is getting lower and lower.
Porn(at least in it's current, easily accessible, form) didn't exist in the past. Since you claim that porn use severely impacts the ability to form real relationships it follows naturally that in the past it must have been easier. Since you don't mention any factors that impacted the ability to form real relationships in the past it follows quite directly that your claim is also that it was easier to form real relationships in the past.
In addition if it wasn't easier in the past how can you even know porn use is to blame? Essentially a variable is introduced which you claim has an extreme impact, yet you also don't claim there is change between pre- and post introduction. That makes no sense. Either it has an extreme impact which means it should be trivial to see a pre- and post introduction difference, unless there are other extreme factors that weigh in the other direction. Or there is no (extreme) impact.
No. I know specific people that use porn, and among those that I know who use it excessively, they have a hard time forming relationships. No where does that say or imply that "It's harder for everyone to form relationships today than it was in the past" as you for some reason are consistent on believing I said. Those are two very different statements with very different meanings.
I'm not the person that originally replied to you. Besides that's not what that person said. You just conjured the everyone out of thin air. That was not mentioned in your post and neither was it in theirs.
> but then in the next breath make the assumptions that difficulty forming relationships today is significantly greater than in the past
The implication being that I made the claim that it was broadly more difficult for most people today. I didn't realize that me adding "everyone" would so drastically change the meaning of their sentence. Please give me your interpretation of that if it isn't basically what I said.
Am I crazy? I say that people with chronic porn addictions have a hard time forming relationships and all of a sudden I'm accused of making blanket statements about how difficult it is for people to form relationships today compared to the past.
> I say that people with chronic porn addictions have a hard time forming relationships
Well originally you used wording that would imply a significant subset of the population. But even ignoring that it remains a completely baseless claim. How are you eliminating all of the other potential explanations that exist? And how are you arriving at the conclusion that the porn addiction is the cause of the problem as opposed to one of the effects?
What do you mean originally? I never edited the og comment. I'm arriving at it because the reason I know people with chronic porn addictions at all is they've confessed how big of a problem it is for them and the issues it's caused them. If you think you know their lives better than they themselves do then go tell them that.
> but then in the next breath make the assumptions that difficulty forming relationships today is significantly greater than in the past
A pedant would say that a extreme impact on a subset of a group means there is also a significant impact on the average of the entire group. But that's not the point.
This statement calls back to your claim that (excessive) porn use severely impacts their ability form relationships. It's not a blanket statement you now make it out to be. Someone doesn't need to repeat back to you word for word the entire context of the conversation.
The explicitly said that my viewpoint was a common conservative one. This implies that it isn't a call back to my claim about chronic porn users having a hard time forming relationships. The common conservative viewpoint they were referencing is that "people today generally have a harder time forming relationships". Not "The people I know with chronic porn addiction have a hard time forming relationships".
> Where did I say that it's harder to form relationships today than it was in the past?
> I firmly believe that easy access porn is one of the worst things happening to the young men and women today.
"one of the worst things happening" is clear enough on its own. "young men and women" refers to the population at large. "today" is in contrast to historically
> I (23) know many men around my age who suffer from chronic porn addictions to the point that it severely impacts their ability for form real relationships
"many men" is not describing a rare phenomenon. "to the point that it severely impacts" is a clear attribution of cause and effect.
> median age of first exposure is getting lower and lower
Obvious meaning in context: things are getting worse over time.
> it exposes your implicit biases more than it does anything about myself
No, you are resorting to disingenuous semantic games because I pointed out the inconsistencies in what you wrote. Namely that you have provided absolutely no evidence for the things you are claiming and I see no obvious reason that they should be the case.
> Those are both very socially conservative viewpoints and I have yet to find scientific data (or anything else I'd consider even remotely reliable) that back either of them up, particularly the second one.
but then go on to yourself list many probably reasons why that's the case:
> how do you suppose to show that this change is due to porn instead of, say, the prevalence of dating apps such as Tinder? Or any number of other factors including things like job stability, housing prices (and thus perceived security of living situation), and where people choose to spend their free time (for example going out on the town in the past versus perhaps doomscrolling twitter and watching netflix).
Completing a study to prove GP's claims is a herculean effort that may not even be possible due to ethical concerns. (i.e. you'll have to take a person who has never been exposed to porn and then get them addicted, so you can see if it ruins their life).
Any claim without data should definitely be looked at skeptically (including in this case), but it's also important to remember that absence of evidence is not evidence of absence.
Also there's a lot of life experience out there of people who will tell you that they have a porn addiction that is causing them problems with relationships. One of my friends just got divorced from his wife of 20 years because he has developed a porn addiction and won't give it up or get any treatment (his wife is not ok with it).
I'm about as socially liberal as they come, (and I would never support a ban on porn nor pretty much anything, but that's a topic for another day), but I've seen and heard way too many anecdotes about the devastation that porn can have on a person to ignore it.
I don't think there's a big difference between a social conservative (who typically want to use government force to restrict access to "bad things") and someone who sides with liberty and tolerance but would advise friends and family not to do "bad thing."
> Also there's a lot of life experience out there of people who will tell you that they have a porn addiction that is causing them problems with relationships. One of my friends just got divorced from his wife of 20 years because he has developed a porn addiction and won't give it up or get any treatment (his wife is not ok with it).
I have the opposite life experience.
His wife not being okay with it is her right, but speaking personally I would never want to be in a relationship so fragile that one or both partners looking at legal pixels on a screen could compromise it.
I have been in relationships in a conservative universe where adult content was consumed in secret or restricted... and it is toxic. Not everyone is in the mood all the time and other outlets can be healthy when paired with honesty and moderation.
Way better for all to learn to be honest about their needs and curiosities without judgement. That is how stronger relationships are built. Happily married to my best friend for a decade.
You rightly point out that absence of evidence is not evidence of absence.
But then neither is it evidence. Which leaves both sides at: we don't really know.
Anecdotes are worth crap all, because people will bring up examples for either side thus cancelling each other out.
But your last sentence irked me.
If you side with liberty and tolerance and advise friends and family not to do "bad thing", they can say they appreciate your advice, tell you to GTFO and do it anyway.
Once government steps in and makes such things illegal, there are much bigger stakes at play.
OH NO!!!! I couldn't figure out why it irked you because I totally agreed with what you said, and then I realized I typo'ed in the worst place. It would have irked me too. I said:
Yes, this is precisely my point. I see no obvious reason to believe the claims that were being made and no evidence for them is provided. I'm not saying "that's not the case" I'm saying "you couldn't possibly know that".
> I don't think there's a big difference between a social conservative (who typically want to use government force to restrict access to "bad things") and someone who sides with liberty and tolerance but would advise friends and family not to do "bad thing."
The socially conservative part is baselessly attributing various ills to porn. Admittedly anyone can commit such an error in logical reasoning but (in my personal experience) this particular one exhibits a very high correlation with being socially conservative.
> It's an absolutely crucial issue that no one seems to be talking about or taking seriously.
Most men communities talk about it in one form or the other. However, most men communities on the internet are usually close in one form or another to the right politically.
I suppose I should have said it's not being talked about by any mainstream authorities or outlets in the same way a lot of women's or equity issues are (not to say porn isn't also a women's issue, it very much is, but seems to disproportionately impact men).
It is a shame that any group which advocates men's issues tends to get labeled as right-wing or incelish, which then attracts those types and makes those labels a reality. And of course many were admitedly that way from the start.
Edit:
And to add to this, being right or left leaning isn't inherently bad. And maybe this is my personal bias coming into play here, but I find that people are much quicker to associate right-leaning movements/communities as "bad" than they are left-leaning ones. Again I accept that could be personal bias and it isn't a hill I'd die on.
I share the same view of the situation as you. A consequence of the increase in demands for justice, political correctness, and stuff like that seems to be that every community has to be focused on a oppressed group or it will be considered right-wing and thus attract people like you said.
The incel label is a good example of how bad men are treated sometimes. If you treated poor people like this by saying they're involuntarly not rich and then proceeded to say that it's mostly their fault because they don't work enough, think they can just show up to work, do their job and become rich, shouldn't expect money to be given to them, most people would react by saying that you're wrong. And when some parts of the population have trouble having sex/companionship like some trans people, it's called discrimination. But the same rules don't apply to incels it semms.
My recollection of the term incel is that it was a self-applied label, not one created from outside the group like your "involuntarily not rich" hypothetical. (Even in that example, though... who's going to tell you you're wrong if your theory is "nobody should simply expect to get rich for showing up and not putting in the work", exactly?)
As to whether or not that group is popular... this is an interesting one since the bonding factor is a lack of relationship success (which is closely related to, but not the same as, popularity) in the first place. But if you look at a lot of how the group that has gathered under that label interacts with the rest of the population... it's hard to say it's just something like mocking them for not being able to get laid. There are a lot of frankly offensive and violent theories pushed by people out there.
It's deeply ironic actually - "I'm not having sexual success, I'm going to start listening more to other men who also have the same problem, they're the ones who will be able to tell me about women." Back when it was a more ironic, non-violent "foreveralone" meme I was in the club... it wasn't increasing my exposure to men that eventually got me out of it.
Typically viewing to the detriment of your emotional/mental/physical health. If you consistently choose porn over real intimacy or if you overly desensitize yourself (porn-induced ED is a real, and quite common thing). The biggest concern is choosing porn over physical intimacy/attempts at physical intimacy. It's super easy for someone who maybe already isn't a social superstar to just find themselves choosing the easy option of porn rather than forcing themselves to go out and put effort into meeting people.
You yourself recognize porn is an "easy option". Then no wonder people for whom it is hard to successfully form relationship that would lead to sex use it. It's like saying "cars are bad because it's too easy to just drive 100km instead of walking the same distance", ignoring the fact that for many people walking 100 km is either completely impossible or massively harder. That doesn't mean cars make you unable to walk (though in some very extreme cases it could happen). It means some people that previously had no options, now at least have this inferior one.
Very, very few people truly have no options other than porn. But I'm sure many people have convinced themselves they don't since they can content themselves with porn.
Regardless, it's a feedback loop. People who deal with depression/anxiety are more likely to develop drug addictions. A "normal" person can usually try a given drug once and be fine. Someone with a predisposition to addiction can't do the same.
Likewise a lot of people can casually use porn without much of an issue, but some people allow their consumption to develop into an addiction that negatively impact their life.
Just my opinion of course, but (like drugs and alcohol) putting a reasonable and generic metric on it is really hard, so I would instead ask generic questions that I would ask about other things like:
1. Do you find yourself craving it?
2. Do you continually feel the need to increase your intake? (i.e. developing a tolerance)
3. Would you be embarrassed if a like-minded friend knew about your habit?
4. If you were suddenly cut off from it for a few days, how would it make you feel?
3 is really a societal measure - many addictions, like tobacco addiction and to some measure alcohol addiction, or caffeine addiction, are well accepted by the society and usually carry little shame to the addict.
I feel like addiction is a complicated label; this is a natural[0] desire. If it is agreed to be destructive to the pursuit of forming healthy relationships: any amount is harmful, or at least the start of something that will be more and more harmful.
[0] - natural like how we crave sugar for our health, yet harmful like I eat candy all day
There was a period of time at my high school where we would compile a default browser app in Borland c++ and it would let you access whatever it wanted. They noticed because they got proper filtering after that...
Seriously, using the internet/computers should be treated with the same level of caution as grown-up scissors or fillet knives; powerful tools, but they need training to avoid hurting yourself with them. If this is what you're worried about, why are you even giving them a small computer in the first place? Your kids will always be more cunning than your security policy (a hard pill to swallow for HN users), so control their access to technology unless you're ready to have a serious sit-down discussion about the internet, personal privacy, and all that jazz. Put yourself in their shoes; if you're given a small black brick with an indeterminate number of capabilities, wouldn't your response be pushing it as far as it can go? I know that was my reaction when I was a kid, after buying a Pentium desktop at a garage sale.
Says someone who doesn’t have kids. I really don’t think it’s a big empathetic leap to
imagine that young teens would want to take part in the modern world, and that includes some access to the internet.
And no, constant supervision is not an appropriate answer. Teens will want to research some things without their parents’ knowledge. That’s normal.
But it doesn’t mean that we should throw our hands in the air and make no effort to protect the majority of kids from the worst of the internet. Yes some bright sparks may find ways to circumvent the controls, but it at least makes it harder for them to send a disguised goatse link to their friends.
> Says someone who doesn’t have kids. I really don’t think it’s a big empathetic leap to imagine that young teens would want to take part in the modern world, and that includes some access to the internet.
At one point, "tak[ing] part in the modern world" included smoking, and lots of kids wanted to do it. Just saying.
Brilliant insight. Could you please convince my children's school that they do not need a smartphone? Because they f'ing mandate it and I have not found a way around this yet.
Not sure if bait but I'll bite. Flip phones in this day and age? Nobody even uses sms to text each other anymore. You'd be isolating your kid by not giving them access to WhatsApp and other messaging apps.
I pray you never have kids because from your other comments it seems like you had painfully low self esteem in school and now you've tricked yourself into believing that that's the norm.
This is such a naive take. I assume you don't have kids or teens?
Children don't exist in a neat subservient bubble. They have peers, social pressures, see advertising, consume television and movies.
Our kid's school had everyone buy an iPad. Already, at pre-phone age, so much socialisation has moved into the digital space. FaceTime, iMessage, Roblox, etc.
I was going to say banning phones would be like a kid in the 80s without television. But really it would be like being a kid in the 80s who wasn't allowed to have a TV, listen to the radio, have a phone line, and wasn't allowed to socialise outside of school.
In school I was embarrassed about the clothes I wore... also the calculator I had and my shoes and my lunch and my trapper keeper and my pencils...
Kids being embarrassed at school is unavoidable, being embarrassed is practically the job description of a teenager and younger students often have their own insecurities. There's an interesting debate as to whether these embarrassments are good or bad for us in the long run but we can side step all of that... not having access to a smartphone is important - it's important enough to warrant the slight amount of embarrassment.
All the mechanisms of the past that were geared for this no longer exist.
For example: Drive on the road, get to a toll, don't have a Transponder to pay the bill? No problem - just call a phone number. Uh, what if I don't have a cell? This literally never even occurred to them, there is no alternative way to pay the bill.
That's life today, and it applies to children as well. Want to go to some sports place that only caters to teens and above? Load this website on your phone and fill out an application. Don't have a phone? Borrow a friends phone.
Frequently at an increased rate. The garden isn’t fully walled yet, but they are closing in. I’ve already had to refuse to participate in social and work events that required me to download an app to my smartphone.
It shouldn't be a parental controls thing for IG, it just needs to be made so when you're using an in-app browser, you're using it for one reason, whatever site you clicked on. Leaving the domain ends the process or opens in another browser.
I think you're seeing this as a "take away this choice from society to protect the children" kind of deal, but to me it seems more like the argument is to give choice to parents and addicts to control their own devices more completely. All other things being equal, why would a consumer want to not be able to control both the browser and in-app browsers as much as possible?
I have a browser based game I play that makes use of many userscripts and browser extensions to further improve/enhance the game. However mobile users suffer from a problem of not having such extras. There is a very nice app someone made on Android and iOS that uses in-app browsers in order to be able to add a lot of custom things.
There are many useful instances for the in-app browsers and I don't think they should be removed because of some bad actors. It's similar to how Android has had password managers making use of autofill tools via accessibility tools. Android was butchering that access, but luckily started adding some official autofill support.
I don't think removing capabilities in the favour of "safety" is usually the right approach in my opinion.
Most of the usecases mentioned in this thread wouldn't suffer if the in-app browser had to be invoked with a whitelist of approved domains/urls. Perhaps apps could request permission to run an unrestricted in-app browser, and that could be used to facilitate parental controls.
As an aside, is giving parents the option to disable in-app browsers removing a capability or adding one?
Yes I think in app browsers should still follow parental controls, and I don't see why that wouldn't already be a thing on devices. If I can use a VPN on my phone and have that block sites for me, it seems like it should be pretty trivial for the phone to respect parental controls across all apps, not just specifically web browsers.
That would be an additional capability. But having to force a website to give specific apps permission to display them in-app seems like a removal. Some people are also suggesting removing in-app browsers which also seems silly.
Kiwi on Android is a Chromium fork that re-enables extensions on mobile. Works well for userscripts/extensions, though often times those UIs don't scale well to mobile.
Yeah, sure! The game is called Torn. It is a text-based MUD style game. People use lots of tools/scripts when playing it to improve things. Some mobile exclusive users do actually make use of apps like Kiwi on their Android phones in order to install userscripts and extensions. However some people have Apple devices (probably regretably) and as such are limited to less powerful solutions. Luckily someone made Torn PDA [1,2] which helps bridge this gap and give you some powerful tools that you can even use on iOS. If Apple was less restrictive with their browser it may be possible to do more in the browser without needing to resort to these in-app "hacks".
Yeah most people just call it Torn right now, but yeah the game is still going fairly strong. They released a mobile app which helped drive some more popularity to the game again. The mobile app is really just an in-app browser wrapper for the mobile version of their site, but it helped get them some extra visibility for the game via the app stores. Especially with how popular idle style games are right now on the app stores, Torn kinda fits in well with them.
It's pretty neat how long this game has been going for and how they still keep hiring more devs to work on the site! I'm sure if you checked out the game now it would look a bit different from when you worked on it 15 years ago! Though I'm sure some elements would still be a bit similar.
Ok guys, you’ve heard it, there’s an app that uses in-app browser to let you play some browser-based game! I guess we’ll just have to accept the status quo, otherwise the mobile players of this niche browser-based game would be inconvenienced!
Interesting! This reminds me of the classic Windows 95 bypass. You abuse the help screen to gain access to the desktop without having to login.[1]
I'm currently going through HTB Academy and once you mentioned unsecured in-app browsers, the first thing I thought of was either a Web Shell[2], or better yet, directing the in-app browser to a malicious website to download additional software to better exploit the phone. If the in-app browsers aren't filtering explicit content, I have to assume they aren't filter malicious content either.
If this isn't already a well-known route of exploitation, I'm interested to see how that might change in the near future. It sounds surprisingly easy to exploit, provided you can get momentary physical (remote?) access to the phone for a short time.
If someone is knowledgeable and committed enough to dig through all their apps, find any in-app browsers and try to break out onto the web, they will also realize that simply using another device will bypass all your silly blocks.
In the early 1990s, we used to break out of Macintosh's AtEase at our middle school by writing a two line MacBasic program which launched Finder. We would then bring games on floppies. Everything old is new again!
> Yes they are long, inefficient paths to reach the internet, but curious (or motivated) individuals or children will use almost any app to reach the internet.
I don’t think this can be overstated. How many people tell you stories of watching signal-scrambled porn on TV when their parents are asleep? How many of us waited until our parents are asleep to play video game late at night? How many millions covertly downloaded Napster/Kazaa/etc. and downloaded 30 versions of a song before they finally got the one they wanted?
Being “motivated” as a kid or a teen is a low bar.
I think on Android they could use Chrome Custom Tabs [0] instead of WebViews. IIRC this also protects the browser content from being accessed by the hosting app, but there is still a limited communication which is possible between the app and the tab.
> Nearly every app, even "safe apps" including children-rated apps, allow access to an in app browser. Even when iOs has locked down all access to Safari, a parent has removed access to all the "apparent" unsafe sites, there are still ways to access the unfiltered internet inside of these safe apps.
Last time I checked, WKWebView will follow the parental control settings set on the device.
Reminds me of stories I have heard about users of computer systems with “strong” access controls figuring out ways to make it to unfiltered internet; examples include: student/prisoner computer labs, public libraries, flight entertainment systems, public kiosks, operating system logins, etc.
...why wouldn't it be possible? iOS has application sandboxing, just drop all DNS requests for the webview that's outside a developer-defined namespace. I'm sure someone at Apple could find a better way to implement it, but we shouldn't accept lame excuses like this. Apple has 200 billion dollars in cash, this is not an advanced problem space.
This seems like a non-issue. Where's the damage? I'm tired of people using children and a miniscule population of users w/ severe content sensitivities as excuses to justify features that are really just tools for asserting norms. The children are fine. We've been talking about how bad the internet is for children so long that those children grew up, led fufilling lives, had their own children, and now those children are apparently being ruined by the internet. What children need isn't more protection it's an escape hatch from all the forces trying to manipulate them during their most vulnerable years.
>What children need isn't more protection it's an escape hatch from all the forces trying to manipulate them during their most vulnerable years.
Isn't addicting content a force that's trying to manipulate them? Porn, certain kinds of games, online gambling, etc can all get their hooks in someone. Prevention is better than having to fight the addiction in the first place, is it not?
I would argue TikTok is proving far more toxic to children than access to adult content and no one seems to care.
-Targeting- children with content for profit should be banned, regardless of content. If the content is neutral and presented to all the same way then they get to choose to put in the work to find what they want to consume. When it is not neutral then it is the job of a parent to help tip the scales back to neutral with conversation or partially supervised device use.
Nudity for instance is only taboo in some countries, where others are whatever about it and will see women topless at the beach. Trying to censor things or target things is what does the most harm and creates closeted behavior IMO.
News flash to parents... when your kid is old enough to be horny they -will- find an outlet to see nudity be it in person or on a screen. On a screen is probably the safer default.
Do you have kids? It’s really not easy to withdraw all internet access without substantially disadvantaging them. But I don’t want them reading 4chan either. Anything which makes that less likely without fundamentally breaking things is welcome to me.
What do you think is more likely? That your child will stumble upon, correctly identify and successfully exploit an in-app webview, or that they will simply type "4chan" into Google on a school/library/friend's computer/phone?
Unless they are under constant supervision, they will find a way to access what you're hiding from them. And if they are, well then you don't need technical blocks in the first place, do you?
Does it take a year or three to walk to the school library? If they're young enough that that isn't the easier option, then there's no way they're capable enough to execute a relatively complex technical exploit.
I'm not telling not to worry about your kids' safety. I'm telling you not to worry about them dying from a lightning strike because they walk to school next to a 6-lane road full of drunk drivers every day. If they're going to get hurt, it won't be through the most complicated and least-likely way possible.
As a child of the 2000s: just let them look at the horrifying underbelly of the internet. One trip down grossout lane isn't going to undo all your parenting and make them some kind of perverted monster.
Back in the early 2000s we didn't have people actively recruiting young frustrated men into incel and far-right terrorist groups though. We didn't have people thinking it was cool and edgy to make jokes about gassing Jews. Hell even the pedo/grooming problem wasn't much of a thing. Yes there was porn and vile gore floating around and you had to take care to not fall victim to dialers changing your dial-up information to bleed your phone bill... but that was all in all harmless.
These days, the amount of utter idiocy is just unimaginable, "eternal september" style. You join some random online game discord and whoops half the talk is about rape fantasies, n-bombs and other kind of sickening behavior. Let it slip you're a girl and you'll get flooded with wiener pics, "cum tributes", disgusting fantasies, doxxing attempts, or flat out hate for standing in the way of someone. Go on Youtube, watch a couple of videos and your suggestions have antivaxx bullshit or "shocker videos". Games for children are filled with barely disguised pedos and "moderation" doesn't do shit. Not exactly an environment many people want to expose their children to.
Maybe not in the "early 2000s", but you'd have to be a child of the 90s, not the "2000s", to have missed it, because all of that was around by the second half of the decade (with perhaps the exception of the far-right recruitment, which didn't fully hit its stride until the early 2010s).
It's been out there since the beginning; the problem is not the access to it, it's relationship with the internet. Back in the day, you were told to never give your real name online, now you're expected to type it into forms three times a week, while you have a public profile of all of your picture that anyone can look up while an algorithm serves it to the whole world. And yes, some of it is because kids are getting access to this world as toddlers when we weren't able to get there until early teens or the end of grade school at least. Kids need to be taught digital safety more than we need to continue the losing fight about securing access. Kids are smarter and more motivated than you are, they'll find a way around it.
> Kids need to be taught digital safety more than we need to continue the losing fight about securing access. Kids are smarter and more motivated than you are, they'll find a way around it.
I totally agree. When the reports of how school-issued Chromebooks will monitor texts from any phone plugged into them came out last week, I was tweeting about how we need to do more to teach kids opsec and digital safety/rights. I got some pushback from people who either think that it’s common sense stuff (it isn’t) or that the solution is to legislate something, but I live in reality and reality, as you say, means fhaf kids are smarter and more motivated and will find ways around things.
We need to teach them to protect themselves from prying eyes and how to circumvent the systems their own way.
We also need to stop holding people hostage to stuff they said/did on the internet as literal children, but that’s a separate issue.
I don’t disagree that things are more extreme now and that the algorithm reinforces the most toxic stuff, but as someone who has been on the internet for most of my life , I can assure you that being a woman on the internet has always been terrible (I had pedos trying to get photos from me in AOL chat rooms in 1994 when I was 10 years old), there have always been edgy shitlords making Holocaust jokes, and the whole modern grooming discourse literally started with chat rooms in the early to mid 1990s.
Yes, it is absolutely worse in some ways now, not just because some stuff has become desensitized and de-rigeur, as well as the aforementioned algorithm, but let’s not create a hagiography around the halcyon days of “online” that never actually existed.
Like Bane, I grew up in this pit of darkness and was molded by it, and I have true love and affection for it, but like, this element has always been here. Always.
Why don't you just make sure there are no unsavory links on whatever page you are using the in-app browser for and disable/hide the address bar so they can't just jump onto the open web? Seems like you can have your cake and eat it!
I'm confused I thought Apple only allowed web browsing via Safari...
"2.5.6 Apps that browse the web must use the appropriate WebKit framework and WebKit Javascript."
If apps can use their own in app browser, why can't say Brave for example, create an app that does very little, except it browses the web with its own in app browser?
surprised this is at the top of HN. isn’t it obvious that every app does this? tiktok, snapchat, even linkedin all open links in their built-in browser and can track what you’re doing. click open in safari if you’re doing anything more than visiting a single page.
WKWebView can indeed be used to spy on users - clicks can be intercepted, URLs sniffed, and custom JS injected (including a way to call back to the app’s runtime via a WebKit message passing mechanism). Considering all other iOS browsers (ok maybe some still run UIWebView) have been made using this component (because App Store reviews enforce this), it’s clear that it has to provide extensive control over displayed contents.
SFSafariViewController is available as a safer alternative. Presumably at some point apple will deprecate and remove WKWebView for precisely the reasons mentioned in this article.
I don’t think they’ll ever remove that, because a decent portion of apps serve HTML from the app bundle (many hybrid apps do nothing else infact) and SFSafariController can’t hide its chrome. Many hybrid apps do need the delegation methods WKWebView offers, which are already way more limited than UIWebView was.
This is a policy problem, not a technical one. They'll keep WKWebView around but only for non-browsing purpose. Anything that resembles a web browser, SFSafariController or rejection.
I was/am a little surprised since I thought everyone had to use SFSafariViewController for stuff like this (which doesn't allow the developer to reach in). I "eject" out to Safari almost always when I get in in-app-browser (if only for cookies/logged in status) so this doesn't affect me much but it did come as a surprise.
It's so obvious to me I'm flabbergasted others here on HN don't think so.
In app browsers that display content unrelated to the app itself (like links from creators) serve zero purpose to the user and offer a horrible user experience. So why is the browser in-app then? I thought the answer was obvious: to track you.
Yep, this is a feature, not just for tracking but also containment when navigating to external links. Big reason why all of those apps and others aggressively push users from web to mobile.
It would be interesting if this violates rights of the website owner the user is visiting. I known that embedding content of other websites into your own via an iframe can be a copyright violation. And what Meta does here is more or less like an iframe.
Yes, but they don't secretly track you on the websites you visit.
They do it in some way, but not directly on the browser. More with settings sync, their search engines, ...
The thing about the law is, that some specific things are forbidden. And if you achieve the same goal, in another legal way, it is fine.
For example saving taxes: If you make a fraudulent report and save 1000$ this is illegal. But if you find a way to save 1000$ on taxes, by declaring something legal, the same 1000$ are fine. But in both cases you save exactly the same amount.
My god...you are like the 8th inactive HN user I saw that suddenly springs into action to suggest Brave or post links to Brave
I think we can see whats really going on here. Any chance to drop or mention Brave, after not being active for weeks or months, suddenly congregate to push Brave browser
Dang really needs to do something about this type of astroturfing
what are you suggesting? I didn't recommend Brave to anyone, it's just a comparable example to this issue. You can look up their legal issues and build your own opinion based on that.
And why are you suggesting i'm an "inactive user"?
Copyright violations stem from distributing an unauthorized copy of a protected work. Modifying an authorized copy shown to one recipient can't be a violation.
User agents are expected to be empowered to transform the data they receive to suit the rendering requirements of the end user. Having a third party perform part of the transformation by supplying supplementary code executed by the user agent doesn't change anything.
I believe so. Copyright and TOS of the sites. Copyright also in the sense that content have been changed. This should be on pair with banner swap techs.
If you insist on running Meta's spyware on your devices you can also use a service like nextDNS to block trackers at the device DNS level: https://apple.nextdns.io
This s*it should be illegal. Let's say Tiktok for example, it opens everything in who-knows-what-they-track webview that has even the copy to clipboard function disabled.
Where is EU when you need them??
Can you use an in-app browser to host a light weight proxy server? Thereby allowing a 3rd party to access anything behind the firewall as local traffic or pretend to be the machine.
Always thought Meta would absolutely do something creepy like this. Just ditched my app for the web app - bonus feature: No more ads (if you have a safari adblocker installed)
I assume any app can see everything I do if I use their in-app browser just like I assume every brick and mortar store can see everything I do inside their store.
> The [iOS] Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them monitor all user interactions
The allegation isn't that Instagram can do this but that they are.
I generally don't see any appeal to in-app browsers in the first place. They often have extremely broken navigation controls (i.e. attempting to swipe back to a previous page usually just returns back to the app), block the ability to navigate to a specific URL, content blockers don't work, don't allow opening "smart links" that would typically open in another app if opened from a normal browser, etc. From what I'm gathering from this article, it sounds like in-app browsing allows apps to give you all of the "benefits" of being tracked (for their benefit only), with none of the (actual) benefits of using a real browser.
I'm sure this has gotten better as people have become more used to smartphones, but I worked on a popular app for a big company a number of years ago, and we would send people out to Safari to open links. The number of customer service calls we got from people who couldn't figure out how to get back to the app after that was ASTOUNDING. We eventually gave in and did an in-app browser. Not only did it get rid of that category of call, but it also noticeably helped our key metrics because fewer people were leaving the app to never come back again.
I realize that doesn't address the appeal FOR USERS, but it is why we did it as developers.
I think Android's "custom tabs" functionality is a great compromise. Apps can open a separate instance of the user's default browser which becomes part of the app's activity stack and doesn't share tabs with the main browser instance. However the UI and navigation are controlled by the browser, not the app. Cookies and local storage are also shared with the main browser instance, allowing seamless SSO without the app being able to intercept the secrets.
AFAIK iOS supports something similar, but only for authentication use cases.
I'm the opposite, I hate in app browsers as a user. It's like having a bunch of extra poorly made web browsers that can only have one tab, and block me from using one of my apps. When I'm trying to find a tab I had open now I have to search both my browser tabs and every app in my app switcher. And if I want to keep using an app but it's showing an in-app browser I have to either throw away my tab, or navigate a menu to migrate it to my real browser to save for later, then switch back to the app and close the in app browser, and only then can I continue to use the app. It's a constant pain.
I feel like half the time I encounter them is when I’m already in my browser, click a link (probably search results), it opens the app, the app proceeds to display content in an in app browser.. and I’m just left think why, WhY, WHY?
That's a very understandable decision from an app developer POV. But the fault lies with the OS and ideally should be solved by it. This isn't a problem on real computers.
It's like putting a toilet in every room because people can't find the bathroom when maybe the bathroom shouldn't have been hidden down in a hatch under a rug. But you can't easily rebuild your house, and now there's shit everywhere, so what is one to do?
iOS 'solved' this by including a back button in the top left that takes you to the previous app, but now I sometimes misclick that when trying to hit a button/control in the top left of the foreground app. On a small 5 to 8-inch display, there's tradeoffs for every change they make and in every stage of the design process.
Same issue when your website opens a link in a new tab on mobile: many mobile users have no idea how to get back. The back button does not work and they don't know how to close/switch tabs. They're barely aware of the concept of a tab.
What mobile browsers actually have tabs that look like tabs? Honest question, I've only ever used firefox on android. If the others handle tabs anything like firefox does tabs are way more intuitive on a PC.
1. Nothing you visit gets saved in your history. So many times I'm looking through my history thinking "I could have sworn I read an article about this..." only to eventually discover (if I'm lucky) that it was in Twitter's stupid in-app browser. But oh well, never going to find that article again! The irony of the APP knowing everything you visit but you never getting to remember what you visited.
2. All your logins are gone! I actually pay a bunch of stupid newspapers just to click on links in Twitter and STILL be told I can't read the article because of course I'm not logged-in in the in-app browser. UGH.
You could imagine a world where iOS tried to balance the desire of an app to not bounce you out with a more "integrated experience" by providing an "in-app" browser that was completely controlled by the OS, modifying your history, keeping you logged in, running out of process, and being able to be "adopted" as a tab in Safari, but instead they just made "SFSafariViewController" which does none of these things and instead just makes it really really easy for all apps to incorporate these infuriating in-app browsers.
> instead they just made "SFSafariViewController" which does none of these things
Actually, SFSafariViewController acts as a full Safari without giving any ability to the developer to inject scripts or receive data to track you(except for ad taps through Private Click Measurement). It's actually a nice solution, it shares cookies(non-session ones) with Safari.
Right... by "none of these things" I meant... the stuff I listed, which for the record is not incompatible with isolating the browser from the initiating app. It would be totally viable to give SFSafariViewControllers "write only" access to your history (implemented as just an API call that SFSafariViewControllers makes to notify the OS of a page navigation, which it can then store the URL of in your history, so that when you go to history in Safari later, it would show up there). Similarly, there could be a very nice "adopt as tab" button that would "rip" the view controller out of the enclosing app and just plop it into Safari proper, complete with it's back-forward list/history, and make it really easy to transition from the app to Safari without the much less ideal "open in Safari" button that loses navigation/page-state/etc. In other words, the way SFSafariViewController could work is that you are in Safari (forcing the full screen experience), just with a "Done" button that takes you "back" to the app (or an adopt button that "solidifies" the app switch. Think something more akin to the "app banner" that Safari shows when you go to an app's page, just with a nice transition of the webpage coming in from the app, kind of like the old Mail animation from iOS 1). This actually accommodates both goals: you get the real "full Safari" (again, you have effectively opened the link in Safari), but a nice little "Done" button to let you get back to what you were doing in the initiating app, which is the only "good faith" thing the app should care about (obviously we don't care about accommodating tracking/etc.).
I like the "adopt as tab" button idea a lot and generally agree but I also see the associated risks with other suggestions.
For example, write only access to history will also mean SEO-consultant-type people paying app developers to write certain websites to the users history. When Safari does suggestions on the address bar, browsing history is a major source.
The only caller of said API would be the SFSafariViewController itself, the same way the Share Panel can see your Contacts despite you not having given the app that opened the Share Panel Contacts "access". This way, only organic page navigations get recorded (or at minimum is equally susceptible to any history pollution as a normal web page that you encounter). The idea was not to have SFSafariAddURLToHistory(), apologies if that's the way it came off.
The original SFSafariViewController did share cookies with regular Safari. The documentation says
> In iOS 9 and 10, it shares cookies and other website data with Safari.
I was also also disappointed that they removed it in iOS 11. But it's still a step-up from other even more horrible in-app browsers like in Instagram, which are implemented with WKWebView. I refuse to read anything in those in-app browsers; I always manually open them in Safari.
lol what you’re describing as a ‘feature’ is actually insecure & vulnerable. There are strong security reasons why Apple mandates WKWebView and bans SFSafari.
SFSafariViewController is not banned. It's recommended by Apple for some use cases. It says,
> If your app lets users view websites from anywhere on the Internet, use the SFSafariViewController class. If your app customizes, interacts with, or controls the display of web content, use the WKWebView class.
Right, I know. I mentioned SFSafariViewController in my post. I am saying, in the 9 years since SFSafariViewController was introduced, Apple could have made the experience with SFSafariViewController better, for example by having pages you visit in a SFSafariViewController get saved into your normal browsing history (this can be done without giving Twitter access to anything, it can simply notify the OS of an internal navigation, and then the OS can add that item to your Safari history. If SFSafariViewController runs out-of-process, then it can be even simpler than that). I then wouldn't have to keep a weird mapping in my head of what "app" I read an article in to ever get back to it. This would go a long way in closing the gap with the benefits you get from opening a link in Safari proper instead of viewing it in-app.
On everything other than iOS (desktop and iPad), I either use Twitter in the browser or it is reasonable to just have links open in the main browser. Using Twitter in Safari on iOS (on the phone, to distinguish it from iPadOS), you end up with kind of the reverse problem of needing to fish around for Twitter in tabs. If Safari on iOS had a better "save web app"/site-specific browser story, then this could possibly remedy some of these problems (or if they implemented some of the basic ideas I described, like storing history).
On iOS this is traditionally done with UIWebView or WKWebView(like the former but better performance, runs as separate process) and you are right about the problems it creates.
However, the developers do have options to incorporate SFSafariViewController since iOS9.0 and that gives the user full Safari experience with Autofill and everything and without giving access to its contents to the app developer.
It actually makes a lot of sense from users perspective when the context is that the app temporary needs to take you to a webpage for something with the intention of you going back to the app. With SFSafariViewController this is done securely and with good user experience but unfortunately most apps business model revolves around tracking everything you do and as a result, most developers would use UIWebView/WKWebView instead of SFSafariViewController just to be able to track you.
The UIWebView/WKWebView has legitimate uses like letting you sign in from a web interface and transfer the session into the app but I kind of feel like we would be better off to depreciate it in favour of using alternative methods to do the web/app connection and improve privacy significantly.
Personally, I would never do anything sensitive from within a browser that is in an app. It looks like very obvious attack vector to me.
Ironically the whole point of it originally was sandboxing, and it’s true at least on iOS. Thus, you won’t be logged into the same sites within an in-app browser, and clicking a link from within an app (whether it appears to be an link or not) can’t automatically connect you to cookies and any other tracking from your actual browser.
The point with firefox focus is that the whole browser is in private mode. And even another browser, so no shared sessions or anything with your normal browser or precious interactions/sessions.
Not sure if open-links-in-apps is comparable to that, never tried it (I rather prefer multitasking than doing it from within the app anyway).
I frankly am surprised why anyone would think otherwise? The “In-app” in the name should kind of give it away that it is, after all, in the app. Anything you do will be available for the app to track.
Consider the overwhelming majority of users are technically illiterate. Everything is just magic scrolling machines people learned to trust from watching people they trust use them.
I would sympathize with all of the illiterate users. But the person who reported this and the people on HN discussing the article would be considered a little more technologically literate I would assume.
Considering that a simple iOS privacy disclosure dialog box cost FB $10bn in revenue loss, I'd say there are a lot of things users would be surprised to know when it comes to how apps work and what they collect.
> i.e. attempting to swipe back to a previous page usually just returns back to the app
Is there any way to turn that damn functionality off? I can’t tell you how many times I’ve been navigating some newfangled web UI and had a swipe go “back”.
That and disabling pinch to zoom backing out to the tabs UI. I wanna zoom out dammit. Is hitting a back or tab button really so hard that you have to break basic pan/zoom mechanics?!
I know I’m putting off “old man yells at cloud” vibes here, but come on
Well, I'm sure there are "growth hacker" types out there abusing the ability to observe browsing. But I think the real reason they don't bounce you to Safari, Chrome, etc is because users don't stay in the app if they do that.
I think all of the various bad things people talk about here must happen sometimes, but it's mostly just retention I'd guess.
My assumption is that it is a Product managers play to get people to stay in the app for longer. If you give people a link out of the app, then they are less likely to come back after.
You get a bump in engagement and time spent in the app at the cost of UX.
The very first thing I do, every time, is click "open in browser", just because, if nothing else, the framing of the site always feels "off" to me when using one of those in-app browsers.
Meta (Facebook, Instagram, Whatsapp) is the sneakiest, impertinent and most evil company of all them all.
Much worse than the tracking and spying is how Meta does everything to make people addicted to their slot-machine like services and thereby destroying their mental health. Especially harmful for kids.
The world would be a much better place without it.
You get a link inside Instagram to some website that does not belong to Instagram. It is none of Instagrams business what you do on that website. People do not even realise they are still inside Instagram while logging into their bank account and Instagram keeping a log of some of their activity inside that bank website. It's insane.
Please tell every newspaper to publish this so Apple puts a stop to this. I have no idea why they allow this. All apps should use Safari unless they’re a browser and this rated “18+”
Well I like when browsing reddit that when I open links they are sandboxed. The in-app browser in that case has an easy button to open to get to my normal safari if I want to.
I’d much rather seen a system-wide “container” implementation a-la-Firefox instead. Safari is pretty good at this but not as good as Firefox. I really want my real-life accounts be segregated from the rest of the internet. Reddit should never be able to know what other sites I use.
Under the implementation in the Reddit app I use (BaconReader), links open in a webview that is an isolated instance of WebKit or whatever the safari engine is called. So already Reddit does not know what other sites I use. Reddit does not have access to the content of my normal safari instance.
Awful stuff. I shudder to think what a Meta-run App Store or "metaverse" would look like from a tracking perspective. Meanwhile, the "dumb fucks" quote[1] remains evergreen.
>I’ve disclosed this issue with Meta through their Bug Bounty Program
lol. and this is why companies can be hesitant to run bug bounty programs. it's not a place to complain about things you don't like. Meta/instagram has made a design decision here. just because you don't like it, doesn't mean it's a vulnerability.
Remember this is the same company that just gave police DMs that aided in an abortion investigation. If those had been end to end encrypted that risk would not have existed, but they made a business decision to leave the application vulnerable to spying for profit reasons. That is a vulnerability, in the same way we call it a vulnerability when an entity man-in-the-middles a browser to spy on people.
Personal user browsing or communications leaking in plain text to private companies without explicit and obvious user consent puts users at risk, and is a vulnerability. It just so happens to be one arising from malicious profit seeking behavior that happens to be the status quo.
Not having https was once the status quo, and a boon for corporate spying, but we call that a vulnerability now because the abuses became too big too ignore.
I don't think the GP is saying that Meta should have ignored a lawful order. I think they're saying that they shouldn't have put themselves in the position of being able to render that information, and only have done so because it's profitable for them to do so.
It’s really painful to see all of these encryption holes in every product we use daily. Apple claims privacy, yet your whole phone sits unencrypted on their server ready to be served to anyone who asks (assuming you back up your phone to iCloud)
End to end encryption is only useful when the software on each end is open source and deterministically built/distributed by third parties with accountability.
Even Signal or Google/Apple could ship a bad Signal app update to targeted devices to dump convos if ordered. If you use Matrix with a client from an F-Droid build or a reproducible build from debian etc, then the Matrix developers literally could not comply with orders to obtain your plaintext content.
Encrypted but they have the keys so they can serve it to anyone who asks. That’s why “end-to-end” is subsequently mentioned as an “additional” step for certain data. It should all be end-to-end like iCloud Keychain is, at least on demand.
Users are given the choice to accept risks that are buried on page 7 of privacy policies only a lawyer could understand the tricks in.
Services knowingly endangering unknowing users for money should be like cigarettes and be forced to say on the signup page in big bold text they can and will sell user data to anyone, including law enforcement.
Users largely think free services are like public libraries and do not default to expecting they are being exploited for money. Element, Wikipedia, and duckduckgo exist for free without selling user data so it is not a given that exploitation is always present in free services.
This isn't a consumer choice issue. People love morphine too, it doesn't mean Amazon can sell it to them. If Apple enforced its own rules in this case, Facebook would just have to act like any other developer and find some revenue streams that comply with established privacy norms.
I can't imagine why anyone would expect otherwise. If you're still 'inside' an application, why wouldn't that app be able to track everything you do?
To completely hijack the discussion here, I believe that Apple is actually one of the strongest forces for anti-privacy in the world, because of their long-term, successful push for the convention of app > website (not fully supporting PWAs, disallowing web push, etc). A website may spy on you, but it can only do so in ways constrained by the browser, which has to serve many "masters". Mobile apps are completely unconstrained in their spying, and in-app browsers are just the logical extension of that pattern.
Thanks largely to Apple, we've conditioned ourselves to expecting that you can't have good mobile UX without a mobile-native application, and it's hard to imagine ever escaping back into the relatively open web now that we're this far down this path. Most people will never question the privacy implications of installing the Facebook app, and most of Apple's privacy-directed efforts on iOS are basically playing walled-garden whack-a-mole on problems that are better solved at a societal level with web browser standards.
Yes, it's quite likely that I'm scapegoating here, but it's the way I see it.
Apps that use Safari View Controller cannot view the page - of course Facebook doesn't use SVC for this reason.
While you're right that the Facebook/Instagram app can spy on links opened within the app, it can't plant cookies in your web browser - so those go both ways.
I thought Facebook/Instagram used a WebView for their in-app browser on both iOS and Android? Which means they can do anything they want, including exfiltrate your browsing.
Safari View Controller keeps the users cookies from Safari and prevents this behavior. For most apps, keeping users logged in without leaving the app is preferred, so they give up the ability to inspect the contents of the page.
GP a was referring to a specific “web view” implementation that offers an almost-complete browser implementation and security on iOS. Facebook does not use this but a regular WebView
I actually find Twitter’s mobile web app experience to be pretty good–they don’t nag me to install the app every 5 seconds, it’s reasonably performant, the back button works properly and even mostly preserves scroll position. All of the core functionality is there, except new features like Fleets I don’t care about anyway. I use it regularly and have been pretty impressed.
Reddit on the other hand is absolutely hostile and basically none of what I said above is true of their mobile web UI. I refuse to install their app simply out of spite for how aggressively they nag for me to use it. I’ve said no like 500 times at this point, will I change my mind on the 501st prompt?
I all I ever see when following Twitter links on mobile is the lower 1/3 of the screen with a "it's better in the app" banner bullshit. What web app from Twitter are you seeing that doesn't have that?
Thank you!! I was unsuccessfully searching for something like this.
Btw I also see a full screen, not closable login nag when scrolling down a few tweets. The solutions is to tap on login and close the dialog on the following screen.
I won‘t make an account, twitter. Shut me out completely and I‘ll be gone, just like with reddit.
Its significantly less hostile if you use it as an web app, logged in. Even presents a PWA that is basically indistinguishable from the Twitter-Lite app served to data starved localities in Google Play.
Yeah, maybe, but A) I don't have a Twitter account and B) when following a link from some news aggregator showing a "news" story that is nothing but a string of Twitter posts, the user won't be logged in then either.
They also restrict your ability to copy links and text in apps, so that you can't open things in a non-walled app browser. This I believe is why sites like Twitter also uses URL conversion... There is a wild variety of ways in which they can limit where those URLs go, and I've noticed sometimes it even makes externally pointing links not work properly (Which can be turned on and off at will by the link service owner).
Those URLs also mask origination when they point to other sites, so that site logs don't provide any real specific data on where traffic to them is coming from.
The most Internet/user hostile era ever is probably going on right now. Will be interesting to see where this all goes.
I used this to reduce my usage of the sites. It's so terrible I'm in and out in just enough time to check notifications
Having said that I find Twitter to be quite usable in a mobile browser, it's one of the few that isn't awful
Facebook is by far the worst, image posts overlap the edges of the screen, terrible for anything with text overlaying[1]. You can use the mobile version instead but then you can't use FB messenger at all
Actually twitter is fine on a mobile browser provided you use an account.
What I miss is the multi-container extension on fennec/firefox mobile. I keep using those sites in incognito mode but that mean I can only use one at a time.
Within 3 days of registering a new account they will prompt you 'for a phone number, because we detected security issues with your usage'. Don't know how having a phone number helps with security issues like that, but again -user hostile-.
I'm not creating a Twitter account just to read their public site, because they are user hostile and privacy invasive.
It is infuriating that I can't browse certain Reddit pages because they want me to "use the app so they know I'm over 18". I first ran into this in my current attempt to play through Dark Souls 3. It seems like the community there has a lot of good discussions about beating certain bosses, but for some reason, Reddit has decided that the content in that sub-reddit needs age verification and they wall it behind the app.
I remember when the Twitter app asked if I wanted to sync the mobile contacts every time I opened the app. Thankfully Android has become better when it comes to this even if there are still flaws.
I just keep an old phone around for when I need to use apps (banking, especially). Can’t steal the information off my device if there’s nothing on there taps forehead
No wonder. I recently opened a link on Instagram and the website's responsive elements were completely broken. Then I opened the link in Safari and it worked fine.
Does this script injection break Apple's ToS?
I thought Apple required Safari/Webkit for all in-app browsers?
Zuckerberg has no shame.
PS. I hate in-app browsers. They don't sync with my main browser states such as authenticated sessions.
Click on "Sign In/Up with Google". Opens in app browser. Not logged in even though I'm with Safari. Type email. Type password. Get password wrong. Type password again. Get text/email with 2FA code. Every single time.
Or Gmail app. Click link. Open in-app browser. Not logged in.
Apple has been fine doing things that hurt FB, see not giving them special privileges' around the Ad tracking permission changes that were added to iOS.
Is this different from my android experience where I open a link from an app and it opens my default browser, Firefox, but kind-of within the app, but allows me to instantly switch over to the Firefox app instead using a drop-down menu option?
iOS provides a way of showing a browser that looks like it's within the app from which it is launched. This is not what Instagram is doing. Instagram is doing something different from what other apps like Telegram do, according to the article:
> Comparing this to what happens when using a normal browser, or in this case, Telegram, which uses the recommended SFSafariViewController:
> As you can see, a regular browser, or SFSafariViewController doesn’t run any JS code. SFSafariViewController is a great way for app developers to show third party web content to the user, without them leaving your app, while still preserving the privacy and comfort for the user.
I had assumed this with all browsers, otherwise why are they free?
Ive been told by a very destinguished person (Judge) that "if its too good to be true then its not (i.e. something expensive is rediculously cheap, its obviously stolen), and anyone with a highschool education +, could determine that."
why would a judge say that if its not true = must be true
when thats the way the law sees it, then its kind of hard to argue. "nothing in life is free"
I believe this is not legal. It is a grey area for users to do things like this but for a browser to change the actual contents is illegal on most sites. Or at least, there is no general way for a browser to validate if it is legal or not.
HN should really get rid of the down votes... Please explain why you think it is legal for a proxy to inject custom scripts. I am sure our TOS states that this is not allowed. Also, I think it basically is a copyright infringement.
It's really concerning that everyone treats their children like prisoners. Your kids are gonna find a way to look at what they want anyway, why make it MORE appealing to them by making it verboten? Are you protecting them or are you controlling them?
Some kids (and adults) literally aren’t capable of impulse control. It’s actually nice to be able to hand that control over to somebody else in some cases. And, as a parent if I know my child struggles with this it would be negligent of me to let them harm themselves knowing they can’t stop themselves. I have four children and if there is any generalization about raising kids that I have learned it is that each child has different needs.
Let websites framebust out of native apps - https://news.ycombinator.com/item?id=32418679 - Aug 2022 (37 comments)