But as much as *I* care about that, it's something of a minor point in the grand scheme. The big issue here is privacy. And WebViews are even worse than just letting the app itself sniff and rewrite all the pages you see... ...remember those out-of-date WebViews?
-
Show this thread
-
Attacks against WebViews aren't just attacks against the pages, they're attacks against *the host app*. Everything you trusted it with.
1 reply 0 retweets 6 likesShow this thread -
Now, again, OS vendors are doing a ton to try to fix webviews...but the model is just busted. The attack surface area isn't just the web platform, it's every API the host app bolts on or intercepts. Disaster in the making.
1 reply 0 retweets 6 likesShow this thread -
WebViews for non-app content are a choice that apps make. Other, better, more respectful and secure choices are available to them. Apps that insist on not taking you out to your browser when you tap on links, but also do not take advantage of CCT/SafariViewController are *bad*.
1 reply 3 retweets 8 likesShow this thread -
Cannot stress this enough: the only reason this happens is because apps are jealous of your time. They build these upside-down "browsers" because they don't want you to go to your real default browser. They want to keep you in-app. They *worked* to break this.
2 replies 3 retweets 20 likesShow this thread -
The default behavior for navigation intents is to launch your default browser. Many apps felt this wasn't in their interest, so they put your privacy and security at risk. Demanding they adopt CCT is the *least* we can ask.
3 replies 5 retweets 13 likesShow this thread -
So when companies start taking about taking privacy seriously but still default hundreds of millions of users to this dog's breakfast of a broken, privacy violating web experience, don't believe a word of it.
1 reply 2 retweets 11 likesShow this thread -
Replying to @slightlylate
What’s the difference between trusting Facebook with your browsing experience and trusting Google? Chrome can do far more nefarious things if it wanted to than any app using a webview.
1 reply 0 retweets 2 likes -
Replying to @ZackArgyle
Apps that use CCT don't trust Google with anything. CCT is a protocol that respects browser choice. Set FF or Brave or Samsung Internet (etc., etc.) as your browser and no Google code sees any of the traffic.
2 replies 0 retweets 4 likes -
Replying to @slightlylate @ZackArgyle
On a different but related note, if I want to use some kind of caching proxy or alternative protocol (like DAT) is the only answer to be a new browser?
1 reply 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.