1. 43
  1.  

  2. 37

    It sucks for offline apps, but there is a sad rational explanation: in reality there are very few real offline webapps that rely on it, and lots and lots of trackers that abuse it.

    Any bit of persistent state will be abused for tracking, so sadly everything has to be blocked for as long as surveillance-based adtech thrives.

    1. 5

      Then we should block native apps that can communicate over the network from saving files to disk. ;)

      1. 15

        I get your point, but I think there’s a difference in user expectations between an app and a website. If I just visit a site to read one or two pages, that feels like it should be anonymous, whereas an app I use to do stuff feels more stateful.

        1. 6

          If browsers can require explicit permissions for accessing the webcam etc., why can’t they do the same for local storage? I think they can and should, and it would be way better than wiping the local storage after $num days.

          1. 7

            It will be another popup where 99% of the userbase shrugs and goes “yeah, I guess”.

            1. 3

              How do you know that’s what people do? :) I have no pity for people who choose the wrong option. But I must pity those who aren’t even given the option.

              1. 1

                I mean you do have the option of just not using Apple products. Seems like the best option imo.

                1. 2

                  Apparently Chrome is going down this route too on 2022.

                  1. 1

                    It boggles my mind how in-step Apple and Google are. One is always following the other when it comes to eroding our options and privacy online. Really makes me feel like a sucker for actually believing that a company the size of Apple could “care” about privacy any more than Google could. I guess we imagine the world as we’d like it to be…

            2. 1

              If browsers can require explicit permissions for accessing the webcam etc., why can’t they do the same for local storage? I think they can and should, and it would be way better than wiping the local storage after $num days.

              There’s a Firefox plugin that does something similar, but with a much better UI (ask forgiveness, not permission). The Self Destructing Cookies plugin moves any per-site storage to a separate location as soon as you navigate away. If you go back to a site and realise that functionality that you care about is broken then you can restore the state, but otherwise you just leave it and it’s eventually deleted in the background. I’d love to see that UI adopted more widely for cookies and local storage. 99% of the time, I’m happy for things to silently become session cookies. Having that as the default, with a working undo for when it isn’t, is a lot more user-friendly than asking people to allow or deny (which is the right UI for the microphone and camera, where you are likely to know if the site really needs these).

          2. 9

            Native apps are definitely full of trackers. They’re probably even worse than websites due to elevated privileges, easily obfuscated SDKs, and no origin separation.

            But the difference is in user expectations. Users freely jump from site to site, and can be visiting hundreds of sites. Many users hardly install any native apps.

            1. 7

              One interesting difference is that I firewall all my native apps’ outbound connections. So I’m acutely aware every time one of them phones home to report my activity to their overlords, or it’s simply blocked.

              I have to let my browser talk to arbitrary hosts on the internet for it to do its job. It doesn’t currently let me specify that an offline web site shouldn’t be able to do that.

              My outgoing connection firewall thus amounts to a more effective form of origin separation than I get from a browser.

              1. 6

                They’re probably even worse than websites due to elevated privileges, easily obfuscated SDKs, and no origin separation.

                I think the most prominent privacy issue is services tracking you across the web, which ads network do. Native apps [should] live in their own little world. Unless they abuse privileged access, which in most legit case they don’t. I consider Facebook and Google tracking my browsing habits much worse privacy-wise than Apple tracking which news I look at in the Apple News app.

                Native app are also getting better at letting users control access and I don’t get any surprise about random apps reading my contact list. I can easily review which app has access to what. This is in no way obfuscated, at least on OSX/iOS.

                1. 4

                  I hadn’t realized how bad the trackers were until I sent my iPhone’s/iPad’s traffic to my Pi-hole. It’s incredible how bad it has become.

                2. 6

                  The difference is that downloading a native app has a very different experience than just visiting a website. You know you’re downloading a thing that will store data on your device.

                  Ideally, the technical differences in implementation would be divorced from the UI differences, so that you could write an offline web app, make it jump through an equivalent set of hoops to authorize the use of local storage, and then it has privileges equivalent to native apps, but it’s not trivial to do something like that. As it stands, letting apps have free rein to store persistent tracking information isn’t a good policy.

                  1. 5

                    Ideally, the technical differences in implementation would be divorced from the UI differences, so that you could write an offline web app, make it jump through an equivalent set of hoops to authorize the use of local storage, and then it has privileges equivalent to native apps, but it’s not trivial to do something like that

                    It may not be trivial, but it does have a name – “electron”.

                    1. 1

                      It’s close to what I described, and worth mentioning, but there are still tradeoffs. At a minimum, Electron requires you to do go through the app store on iOS, right?

                      1. 1

                        You can download and install it as you can with any other native appliication, which is the point: it behaves like a native program, so you install it like a native program.

                  2. 2

                    iOS apps are already heavily sandboxed, have heavy restrictions based upon what they can use for persistent identifiers, etc,.

                    The web, by necessity, requires an overly permissive model first and foremost. This is where advertisers are most sticky.

                    1. 1

                      If you just prevent the user from unlocking their device they don’t risk entering and personal information that could be leaked.

                      1. 1

                        What we spoiled block is the cause, not the symptom. We should block trackers. Make them illegal. Yes, it would be impossible to enforce. But at first, we kill off Google’s and Facebook’s ability to do this (and they couldn’t get away with it, they’re to big).

                        Then the small ones wont matter any more and within a few years, that particular problem is gone.

                      2. 2

                        I’m using this functionality to improve accessibility to slow connections.

                        Seven days is quite a short window.

                        1. 7

                          Saying “seven days” is incomplete enough to be effectively inaccurate. The more accurate statement is:

                          • For sites using local storage, it’s deleted if the user goes seven days without visiting your site in Safari
                          • For web apps installed to the home screen, it’s deleted if the user goes seven days without opening your app

                          These seem to be reasonable if you’re using local storage as a temporary cache, since every time the user visits your site or opens your app resets the counter for you (and also gives you a chance to make sure your locally-cached data is up to date).

                          1. 2

                            I don’t think it’s reasonable if you’re using localStorage to store a user’s private key for your site.

                            I think this is a valid use case, and the user will be severly disappointed if their key is lost after just 7 days of inactivity.

                            1. 5

                              Lots of sites would log me out if I didn’t visit for a while. And client-side storage has always been volatile and intended to support short periods of offline work, rather than an ad-hoc guaranteed-permanent filesystem substitute. The fact that a lot of people assumed it could be used as a permanent filesystem seems like an error on their part.

                      3. 8

                        Telegram have this feature that allows you to delete your account after a chosen amount of time without activity.

                        It would be nice to have a similar option for local storage: clear data from domains after 6 months, etc.

                        1. 5

                          This looks way bigger than “offline web apps”. It seems to delete any kind of script-writeable information after 7 days. That kills every kind of application with any kind of client-side storage.

                          Lots of applications use things like LocalStorage, or cookies written to by scripts, to store session tokens and such. This looks like it’ll break all of that, and the privacy improvements seem to be marginal at best.

                          1. 3

                            So you get automatically logged out if you go a whole week without using it. How is that disastrous? It just means you need to enter your username and password again, probably by clicking the “Log In” button and touching your finger to the home button for a few seconds.

                            1. 2

                              clicking the “Log In” button

                              It says “offline web apps” in the title. Sounds like you’re talking about a service with a centralized log-in server.

                              1. 4

                                I’m replying to the parent comment, not the OP:

                                Lots of applications use things like LocalStorage, or cookies written to by scripts, to store session tokens and such.

                                Offline apps don’t need session tokens.

                                1. 0

                                  I’m fine with session tokens expiring like that, for the reasons you stated. Again, maybe a bit of a short expiration period that would benefit from customization. I’ve even seen Safari for iOS ask, upon reaching the 100-tab limit, how often the user would like for tabs to be purged. This seems like an even more crucial application of such a prompt.

                                  I still think an exception should be made for websites a user has specifically placed on their home page, alongside all their other, “official” apps. Needless to say, though, this seems to be against Apple’s long-standing interests for obvious reasons.

                          2. 8

                            Ignoring the dialog on privacy or surveillance capitalism:

                            I’m selfishly happy. The best application experiences are native and this forces more shops to make native applications.

                            Now, if we could just kill electron…

                            1. 3

                              Then most of apps will be Windows-only.

                              1. 0

                                You’re wrong. The best application experience is with apps coded in <something> for <something>. Everyone knows that and no matter how good any other app appears to be, it isn’t.

                                I mean, anything that isn’t coded in Rust, compiled for a 64 bit ARM core, utilizing an embedded MongoDB and has been strictly linted will ever have any good graphical design or UX. Just plain logical.

                                1. 3

                                  Nice straw man.

                                  1. 0

                                    I was with you until the sarcasm. I don’t see why we should mock and caricature others’ preferences: we’re all here because we have weird & specific preferences ;)

                                2. 4

                                  I just wrote a further commentary about this post from Aral Balkan at my own blog: Private client-side-only PWAs are hard, but now Apple made them impossible.. I decided not to post as a new story as it is basically a “me too” with Aral’s post that further touches the topic of why private client-side-only PWAs are important.

                                  1. 6

                                    I’ve never tried a “private client-side-only PWA”. I’ve never tried a PWA that was as good as a native app. And I could not name a PWA, offhand, that is better than a normal web site.

                                    Is it possible that they are killing off a very small amount of value here relative to the surveillance crap that they are, and absolutely should be, eliminating? Or am I overlooking a mass of valuable things that I will be sorry to see gone? If it’s the latter, can you give some examples of where a PWA outshines a native app and a normal web site, and would be eliminated by this move in Safari?

                                    1. 1

                                      Be aware that this is not PWA specific, this affects any kind of site. PWA is just a marketing term, they are normal web sites that are progressively enhanced by new APIs. All those websites that you don’t use often but you have data saved for, will have such data emptied.

                                      There are many good PWAs out there which are as good or better than native apps. A good example that you might want to try out is the Kindle and Spotify ones. I’m usually on a Surface Pro X so I don’t have those apps as native “aarch64” binaries available for me but thats OK because the PWAs work just fine.

                                      As for “private client-side-only PWAs” not being a thing, it is because the web is kinda rigged towards a client/server paradigm and doing many things client-side-only is a bit hard. Take a look at the apps that Hundred Rabbits is putting out, they are transitioning away from Electron into pure client-side PWAs and their work is amazing and inspiring, not all apps are in that stage yet but IIRC Dotgrid and Orca are. They tweeted about it couple days ago.

                                      1. 2

                                        Thanks for some interesting examples.

                                        I’m conflicted. I see the usefulness of some of these, but I don’t want most sites to be able to store data on my system (and read it back again) for much longer than a session.

                                        Maybe a good compromise to ask for would be that these restrictions be eased when a user goes through the interactive steps necessary to “install” a PWA on their system.

                                        1. 2

                                          Then the solution is for the browser vendors to provide an easy to use option to set for how long such storage should live for a given site. So that for sites like this, you could tell the browser “erase this when the session ends”. Currently you can erase a site’s data on the browser options, or if you never want that browser to retain data after a session, you can use a private window. That data is erased when the window is closed.

                                    2. 2

                                      Just for clarity, what is a PWA?

                                      1. 4

                                        It is a “Progressive Web App”. Sorry for the jargon usage without explanation. Basically it is a marketing term used to place some new web APIs and best practices into an umbrella of a “near native UX on a Web App”. What it usually means is that your application is:

                                        • Served from a secure context (a requirement for the other APIs anyway).
                                        • Has an application manifest (this contains metadata about your web app and is used by browsers and OSs to add icons, names, themes, etc)
                                        • Has a service worker (which enables your application to potentially work offline beyond what other cache solutions did in the past)

                                        So with these in place, browsers can offer a “Install this site and an app” feature which allows the site to open in its own window, with its own icon and name on the launchers and home screens.

                                        1. 1

                                          Thanks for clarifying. Are there any “mainstream” PWAs that I (as a nerd) might have encountered?

                                          1. 2

                                            Probably many as PWAs are normal web apps, they just progressively enhance themselves depending on your usage. The most noticeable way you can spot a PWA is when you’re browsing in a mobile chrome and it asks you if you want to install it. I think that is the only browser that actually asks it in an active manner like that. Many others have APIs to do it or menus. IMHO a good PWA is invisible, you don’t notice it inside your browser. It just works. If you’ve experienced sites that cope well with offline or intermittent connections, added a site to the home screen and it appeared in its own window without chrome, or even just a web app that is behaving really fast and snappy, you might be dealing with a PWA.

                                            As I mentioned before PWA is more of a marketing term to draw attention to a collection of APIs and best practices that moves the web forward and provide a better UX for the user. It gives us jargon to use in marketing copy and also jargon to discuss stuff among ourselves, but it is not a separate thing from the normal web. The important word in PWA is the W. It is still just the web, it just learned new tricks.

                                            One good example in my opinion are the instagram and the spotify web apps.

                                        2. 2
                                          1. 2

                                            I just updated the post with a definition and link to learn more.

                                        3. 3

                                          I think that Apple replied in the original post (in the section “A Note On Web Applications Added to the Home Screen”):

                                          As mentioned, the seven-day cap on script-writable storage is gated on “after seven days of Safari use without user interaction on the site.” That is the case in Safari. Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer. We do not expect the first-party in such a web application to have its website data deleted.

                                          If your web application does experience website data deletion, please let us know since we would consider it a serious bug. It is not the intention of Intelligent Tracking Prevention to delete website data for first parties in web applications.

                                          As far as I understand, PWAs are not affected so…

                                          1. 4

                                            PWAs are not affected if they are installed onto the home screen, if you keep using them inside Safari they are still affected and so are all the other web sites. It is also a bit confusing because the wording under:

                                            Web applications added to the home screen are not part of Safari and thus have their own counter of days of use.

                                            Emphasis added by me to highlight that they are counting days for the installed PWA usage, which makes me wonder if they are deleting it as well or why they are counting the days of usage in such cases. I don’t know.

                                            1. 2

                                              I find the text incredibly confusing.

                                              have their own counter of days of use.

                                              So, what counts as use? Do I have to open the app? And after what number of days is my data deleted?

                                              1. 2

                                                What counts as use is opening the app from the home screen. Data will be deleted after 7 days without opening the app.

                                                1. 2

                                                  Safari: each day you use it counts as a day. If 7 days of usage have passed without you visiting a specific website, its data is erased.

                                                  Homescreened webpage: each day you use it counts as a day. If 7 usage days have passed without you visiting the website, its data is erased. But since you visit the website every time you click the icon on your home screen, the counter should never go above 1. (If you’re using some third party domain to store the data, if it gets erased depends on how the webpage works and what your user does.)

                                                  1. 1

                                                    I find it confusing as well.

                                              2. 4

                                                offline web apps

                                                They could be web apps or offline apps. No both at once.

                                                And I approve every measure to kill cancerous “webdev” in mobile apps. Just treat your customers right and deliver native applications, okay?

                                                1. 7

                                                  It can be both at the same time. You get the best of both worlds, the amazing distribution capabilities of the web and the offline features of a native app. The fact that you don’t like them shouldn’t preclude people from shipping them and those who enjoy them, from using them.

                                                  For example, my main machine is a Surface Pro X and I don’t get many native apps for my system but I can use PWAs on the desktop and they work great.

                                                  Also you mention:

                                                  I approve every measure to kill cancerous “webdev” in mobile apps

                                                  Which means you’re unaware that this affects desktop as well, thought you should know.

                                                  I find your phrase:

                                                  Just treat your customers right and deliver native applications, okay?

                                                  Disingenous are there are many reasons to ship a web app, among them is the fact that to ship an iOS application you need at least a Macintosh computer and a paid membership to Apple’s developer program, while to ship a web app you need nothing, you can do it from a cybercafe using nothing but online services. The Web is empowering, democratic as in most people can post, and interoperable. These qualities are not usually present in native apps. Saying that web developers are cancerous is quite bad. The Web is the only mass media communication channel available for mankind. It is how many of us are finding comfort and solace in this time of lockdowns and pandemic. It is how we’re learning new skills, finding new friends, recording our memories. Do not disqualify something that is larger than what your petty prejudices can reason about.

                                                  1. 7

                                                    Just treat your customers right and deliver native applications, okay?

                                                    This may be preferable for your existing mainstream customers, but it also makes sure that you become one more reason why any iPhone/Google Android alternative is bound to fail.

                                                    I hate web technologies as much as anybody else, but if it wasn’t for them I wouldn’t have Uber or Duolingo on my phone. If webapps is what it takes to have any chance at some mobile platform diversity, I’d happily waste some CPU cycles.

                                                    1. 3

                                                      Are you talking on the desktop or on mobile?

                                                      On mobile, as a consumer, I really don’t want apps I need to install and that spy on me. I trust the web browser sandbox plus plugins so much more then I would ever trust app reviews. And app stores are closed ecosystems and there are so few of them and they are OS specific – argh. Disgusting.

                                                      On the desktop, app sandboxes are premature. And often suffer the same problems as the app stores.

                                                    2. 2

                                                      I can’t imagine Apple would want websites to do app installs. Imagine the fraud, malware, backdoored crap that will get deployed and Apple can’t even begin to police it.

                                                      1. 1

                                                        Maybe we should stop trying to deliver applications via web browser. Just a thought. It’s wasteful, a terrible developer experience, and DOM + CSS is an awful fit for typical application UI. Just because you “already know javascript” doesn’t make the models any closer in semantics, wether you like it or not.

                                                        1. 1

                                                          Wow, I wasn’t aware of this and it seriously impacts almost every web app I’ve written. That’s rough. It does look like they’re excluding WebSQL though, probably because not many websites use it and it’s not supported across all browsers.

                                                          1. 5

                                                            WebSQL is not on the standards track AFAIK and might be removed in the future.

                                                            1. 1

                                                              Correct, it’s been on the chopping block for a long time.