Now, again, OS vendors are doing a ton to try to fix webviews...but the model is just busted. The attack surface area isn't just the web platform, it's every API the host app bolts on or intercepts. Disaster in the making.
-
Show this thread
-
WebViews for non-app content are a choice that apps make. Other, better, more respectful and secure choices are available to them. Apps that insist on not taking you out to your browser when you tap on links, but also do not take advantage of CCT/SafariViewController are *bad*.
1 reply 3 retweets 8 likesShow this thread -
Cannot stress this enough: the only reason this happens is because apps are jealous of your time. They build these upside-down "browsers" because they don't want you to go to your real default browser. They want to keep you in-app. They *worked* to break this.
2 replies 3 retweets 20 likesShow this thread -
The default behavior for navigation intents is to launch your default browser. Many apps felt this wasn't in their interest, so they put your privacy and security at risk. Demanding they adopt CCT is the *least* we can ask.
3 replies 5 retweets 13 likesShow this thread -
So when companies start taking about taking privacy seriously but still default hundreds of millions of users to this dog's breakfast of a broken, privacy violating web experience, don't believe a word of it.
1 reply 2 retweets 11 likesShow this thread -
Replying to @slightlylate
What’s the difference between trusting Facebook with your browsing experience and trusting Google? Chrome can do far more nefarious things if it wanted to than any app using a webview.
1 reply 0 retweets 2 likes -
Replying to @ZackArgyle
Apps that use CCT don't trust Google with anything. CCT is a protocol that respects browser choice. Set FF or Brave or Samsung Internet (etc., etc.) as your browser and no Google code sees any of the traffic.
2 replies 0 retweets 4 likes -
Replying to @slightlylate @ZackArgyle
In that context, I guess your question sort of presumes something that isn't true, so non-sequiter...if that makes sense?
1 reply 0 retweets 2 likes -
Replying to @slightlylate
You are always putting your security on the line when browsing the internet, whether it's Safari (can't trust Apple), Chrome (can't trust Google), an IAB (can't trust apps), or other browsers. Is your frustration less about security and more respecting user choice? I get that.
1 reply 0 retweets 0 likes -
Replying to @ZackArgyle
Maybe you aren't *intending* to engage in whataboutery, so let me bring this back down to choices: app developers make choices and users make choices. Is your argument here that FB's insecure, likely privacy-invading IAB should suborn user's browser choice? Why?
2 replies 0 retweets 2 likes
Also, given what I presume we both know about the relative sizes of the security and privacy teams at Real Browsers vs. FB's IAB team...are you actually suggesting there's an equivalence?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.