There is one interesting force acting against that though (or it would probably already have happened). It is the simple fact that most people that are competent enough to actually implement these things also understand the problems with doing so. For the most part anyway. If we could just agree to not do that... well, what are "they" going to do?
And of course: we owe it to the web to use Firefox. The Chrome clones are only stalling; not counteracting the impending monoculture even one bit. It doesn't matter how fancy their marketing is.
Yeah, chrome and google in general are the first in line to cause problems.
There are many browsers, many apps, many everything... you can switch whenever... but the DRM and attestation pushes with browsers (and mobile devices) means, that sure, you can use a different browser, but your bank, your streaming service, your newssite might not work unless you're using chrome with drm and hardware attestation. This is already true with many banking apps, where you cannot even start the app on a rooted phone, a phone with an unlocked bootloader or even just a phone that's "not on the list".
So yeah... google is the silent killer of the "free interet" and te world happily follows... sadly.
If the ecosystem is based on open source software, the community will fork it like it always does when someone tries to control it.
You’ll end up with a fork of Chromium/Blink that doesn’t have WEI. And it will be used to surf web sites. While the official browser from Google would be used to access sites that require WEI attestations. Just like the Bank of America app would.
Corporate power in pushing Chrome for everything can be limited if we have open source alternatives. Look at Firefox and what it did to M$IE, which had the full power of Micro$oft behind it. That only happened because Netscape chose to OPEN SOURCE their code base. They couldn’t beat IE on their own, but the open source community could.
Well, that and WebKit, which was basically adopted by Apple (Microsoft’s competitor) from another open source browser, Konqueror! And that led to Chrome, Chromium and Blink etc.
In short — open source is the best way we can check corporate power on the software side.
On the hardware side, it’s far more difficult, and if the vendors choose to ban any “unapproved” apps (eg requiring Safari WebView rendering engine in all apps on non-jailbroken iPhones) then the best tool we have is government antitrust laws. Maybe one day, in that area too, open source hardware will be the people’s best weapon. But not today :-/
Sure, but if netflix, your bank, your power and water service, and a chat app, where 80% of your contacts are only support chrome, what will you do? Many banks already require hardware attestation from google for mobile apps and mandatory 2FA via that app is a pain on a rooted phone and workarounds are painful.
I mean sure, you can just not-use those services and not chat with everyone else, but that's a bad solution.
I used to think this way and even made a browser extension to facilitate it (Browser Routr). Yet increasingly one must use Chrome or deal with random breakage and failed purchases because web devs cannot be bothered to try anything not Chrome. Sometimes even Safari is broken.
The problem is Blink might just be too big for what little community exists to feasibly maintain it. If it is just a Chrome that doesn't work an select asinine sites, it isn't in a great position to catch on. And perhaps most important; the point is to have something viable before that even needs to happen.
Then switch from these services while they are still only a few. Revenue is a language they understand. I never understood why anyone would even want a banking app though; there is nothing int can do that a website can't.
The browser war can at least still be won or settled; mainstream apps are a lost cause outside the legal arena.
Edit: and by switching i don't mean going to some tinfoil grayweb nonsense. Go to their direct competitor.
I think the problem with the revenue rhetoric is that these services are consumed by the general consumer and the people that read this discussion generally are only a neglibile size of that market segment. So, even if all HN readers affected and all wired reader, etc changed service due to this discussionit would still be a rounding error on that company's report sheet in the end.
> I never understood why anyone would even want a banking app though; there is nothing int can do that a website can't.
Some banks are phasing out code cards or SMS verification for 2FA, and the only way to get the second factor for logging into the online banking website on your computer, is to use the bank’s app on your phone.
Obviously other solutions could be implemented if the bank chose. But if the bank does not choose to implement those other options, and instead requires the use of their app, then that explains for the OP’s sake some of the interest in running the bank’s app instead of solely using the website.
Ditto. I must have spent 10 full minutes clicking all through my bank's website before I finally realized their phone app provided the only possible way I could make a Zelle transfer.
My HOA started mandating Zelle as the only way they will accept payments. So now it appears that I have no choice but to use a device that supports my bank's app if I want to avoid getting a lien put on my house.
> Does it not count as a debt, that they have to accept cash ("legal tender for all debts public and private") for?
Let me tell you how that tends to go down in the real world. The HOA doesn't have a physical office or anything. It's some random address and random suite. Maybe it's a document processing company or some other third-party processor. There's some non-trivial chance that some $15/hr kid who may or may not have been raised right is opening the envelopes and feeding the contents into a scanner.
So I stuff my HOA dues in cash in an envelope and then go down to the post office to stand in line and get it delivered certified with a return receipt. I get the return receipt. Then the HOA puts a lien on my house. I say, "But I made the payment on time!" Then they say, "Naw-uh." Then I say, "Sure I did, I sent it in cash and I have a return receipt." They say, "We have no idea what you're talking about."
<sad trombone>
> Or there should be the option of opening another account, at a less tyrannical institution, to use for those payments.
How can I find out which ones let me use Zelle through their website? I don't trust anyone I can find at a branch or on the phone to give me the correct answer, because chances are they all personally use the phone app and really have no idea. I guess I can start opening up random accounts with random banks until I find one that works. For now.
I think we're missing the point entirely by talking about cash and hopping around banks and all that. The point many people are trying to make here is that life is already being made unreasonably difficult for those of us choosing to use Libre computing platforms, and there's a plausible reality in the future where choices go from inconvenient to scant to nonexistent.
I did, i use firefox for example, but with mobile phones, what's the alternative? Apple and its walled garden? And when filing my taxes only works via chrome, how do i switch countries easily? Move because of a browser limitation and leave everything behind?
Not that it is for everyone; but i have used Sailfish OS for just about 10 years, and it has been quite fine.
Any country that isn't a total sh*tshow will have accessibility regulations around that. Let the accessibility folks fight for you.
That same logic says you should not vote either.
If even some 10-20% of IT professionals (with salaries to match) up and leave for a less shit bank, trust me, they will care.
You assume there is a “less shit bank”. Not everywhere is like the USA with a wide choice of banks. In some countries the banking landscape has, through mergers, become limited to just a few choices, and they all require SafetyNet attestation for their phone apps.
"voting makes no difference" is one of those rules which apply really well to the individual, but if you apply them to a larger group of people, they become wrong.
You would be trading one kind of "shit" for a much more real and serious kind of shit - at the new bank, you'd either be more likely to get your account drained in ways that are hard to reverse, or you'd be forced back to using dedicated hardware smartcard readers of the type that were common before mobile apps became widely used (at least were common in Europe).
If your bank account gets drained and you'd made a big song and dance about how you selected that bank specifically because it had less security on its mobile app, well, nobody will have any sympathy for you.
If your bank is equally secure but uses dedicated hardware devices instead of smartcard readers, then all you did is swap one bit of secured hardware for another, making your life less convenient and in return for what?
A bank has to know it's communicating with the real human who owns the account and not a hacker. It's going to achieve that one way or another. You'd be much better off accepting the tech and finding ways to achieve your goals within it, like by setting up a project to maintain whitelists of known good/secure OS builds. You can then make libs that wrap SafetyNet and eliminate the false positives. Even if banks don't start using it anytime soon, other smaller companies might and it's a place to start. Of course the fact that virtually nobody cares about custom operating systems to begin with is the biggest hurdle you'd face, not the tech or business requirements, but that is partly on the OS developers. You can't complain nobody cares about if you're not giving anyone a reason to care.
You use the word “forced” like it’s a problem? I hated it when my bank got rid of a nice secure card reader (which required my physical card and pin).
If my phone breaks or is stolen, I can’t actually buy a replacement phone now, as that requires spending money, which requires 2FA which requires my phone.
> That same logic says you should not vote either.
Indeed.
> If even some 10-20% of IT professionals (with salaries to match) up and leave for a less shit bank, trust me, they will care.
That's an impossible number of people to coordinate on something like this, and even if, I doubt banks would care. There exist no less shit banks, and retail is a rounding error anyway.
Banks aren't shit because of incompetence or a not-give-a-damb attitude. They're shit because it makes them more money, both directly and by reducing risks.
>I never understood why anyone would even want a banking app though; there is nothing int can do that a website can't.
A mobile phone app can let users "deposit paper checks from home" without ever driving to the bank branch by taking a photo of the check with the smartphone camera. Last time I looked into it, a desktop website couldn't enable check deposits with a webcam. (EDIT: I don't mean technically not possible. I meant that the banks deliberately chose not to have the websites utilize desktop/laptop webcams as an alternative to smartphone apps.)
Smartphone bank apps also have "push notifications" to immediately alert you of suspicious activity on your account.
But if one never uses the extra features that smartphones bank apps enable, then yes, desktop bank websites can be seen as perfectly equivalent.
Meanwhile most of the world hasn't used checks in 20+ years. Thank god for that.
But for completeness; browsers have been able to use cameras since before smartphones. So of course it can work just the same there.
"Suspicious activity" is such a bad strawman argument, i'm not sure how to address it.
"Just thought you'd want to know your money is gone, lol."
Either you do N+1 factor authentication for real, or you just shouldn't bother.
Browsers have had push notifications for quite some time now too... so even if it was a worthwhile feature, it doesn't need an app.
>Meanwhile most of the world hasn't used checks in 20+ years.
True, but the key word you used is "most". E.g. My home insurance refunds an annual dividend back to me and their method to pay me is paper check. Not an electronic direct deposit, nor a VISA giftcard, nor even a "credit" that can be applied as a discount off year's premium. It's a paper check.
>So of course it _can_ work just the same there.
Sure but that's talking in hypotheticals. Today, I have the reality of a paper check to deal with and Bank of America and Chase websites do not have options to upload images of checks for deposit. (Chase does have a paper check scanner option that doesn't require mobile phones but that's only for commercial accounts: https://www.chase.com/business/banking/services/quick-deposi...)
>"Suspicious activity" is such a bad strawman argument, i'm not sure how to address it. "Just thought you'd want to know your money is gone, lol."
No, you misunderstand. The better banking smartphone apps will require interactive approval from you to allow a particular suspicious transaction to happen. This prevents your money from being gone. (Example screenshot: https://www2.bac-assets.com/online-banking/spa-assets/images...)
> Browsers have had push notifications for quite some time now too...
No, web push finally came to Safari in iOS 16.4 which was just a few months ago in April 2023.
From the tone of your reply, it seems like you'd rather be argumentative instead of acknowledging that bank apps have some extra features that's convenient for some users.
The paper check scanner from Chase also (last I looked) cost a few bucks and needs an app on the Windows PC to process the data. That hardware is only useful when you process 100s of checks (eg: grocery store).
The real use for notifications is to sell things or get paid for services in-person without cash. The notification provides certainty that you've been paid, so you can hand over the item/stop hanging around after the service waiting to be paid.
Of course, a bank should be able to send you a text on the service of your choice. But they won't.
? Suspicious activity isn't about this. For instance my bank reports me when I get a double debit (e.g. go to a restaurant and get charged twice), when a regular expense increases (e.g. some monthly payment that suddenly goes up)...
My credit union let me deposit checks via uploaded picture on browsers back around 2008ish. Don't get me wrong, I did this by taking a picture from my phone and emailing it to myself to upload - the smartphone UX simplifies that. But this is a trail long since blazed.
Yes, this is one of those things that banks will sell as an add-on because capitalism. Credit unions will either just not have their act together on it (i.e. they contract with a bad service provider) or will have all kinds of useful stuff like this for free.
I really want a general-membership credit union with stellar technology, but I haven't found one yet. Does your credit union by chance offer open membership?
If you're in the US, write to the FTC and complain that this is discriminatory toward the disabled who may need special user agent accessibility features unavailable in Chrome.
Not if one doesn’t want to end up supporting Chromium in any way. Which one shouldn’t if they believe “chrome and google in general are the first in line to cause problems”.
On macOS, that leaves essentially Firefox and Safari. Except Firefox has no support for AppleScript so it’s excluded from a ton of useful automations and is thus not suitable as a daily driver for many people. So Safari remains. And Orion, which is also based on WebKit. Both are closed-source.
There are indeed many browsers if all you want to do is display webpages. But as soon as you have any hard requirement, be it ideological or technical, the choices drop dramatically. Unless you don’t mind supporting Google, that is.
Disagree. Money is a hell of a motivator. I know multiple people who say “yes my employer XYZ is doing horrible things. I’m at peace with it because they pay so well.”
> It is the simple fact that most people that are competent enough to actually implement these things also understand the problems with doing so. For the most part anyway. If we could just agree to not do that... well, what are "they" going to do?
Which is why we should shame every one of us that does do it.
> Which is why we should shame every one of us that does do it.
I don't tend to have the issues people are describing using Firefox for banking, paying bills, etc. And when I'm shopping for something at random and looking for the best price, if one site I've never heard of doesn't work (typically Cloudflare) I just go somewhere else. But Verizon reworked their back end within the last month, causing UBlock Origin to SCREAM (over 2000 blocked scripts and counting when all was done), although the real trick was spoofing as Chrome because until then only the page headers and footers would appear, not the body with the "Pay my bill" button. Opera was even worse, so somebody screwed up something badly! I was chatting with support all this time and they logged at least one ticket.
Thinking through the "public shaming" bit, if the issue reoccurs next month, I'm going to the Better Business Bureau. While they can't guarantee a resolution, it is a very simple way to publicly shame a company doing wrong.
Long term, I'm thinking we need to add "user agent" to the list of "protected classes", i.e. gender, race, sexual preference, etc. to really hammer the point home. While it's just a piece of software, there is a real person behind it. Bots need not apply. And from there perhaps a law or FTC rule to state that public web sites must be accessible by the public.
Just forget about that. If you don't, I'll take the google software engineer salary and build it.
The issue is not technological, it's a natural outcome of how people work on and individual, and on a societal level. Regulation is the closest that can affect this situation, but as it turns out, no large entity has the same goals as "the people" - hence, I'm not holding my breath. I am using Firefox and other FOSS software though, and contribute back what I can, donations, bug reports. It's a nice privilege.
> And of course: we owe it to the web to use Firefox.
Mozilla is hanging tightly on the Google's tit though. It won't be shocking to see Firefox deteriorate rapidly should it start gaining ground on Chrome. He who pays the piper calls the tune.
The point is that for the Firefox to gain more foothold Mozilla first needs to break the dependency on Google's money. And this won't happen without deep restructuring of the Mozilla corp, starting from the top and shedding all the blubber all the way down. The chances of that happening are next to zero. You can label that as "defeatist non-arguments" all you want, but that's a very unfortunate reality. Saying this as a die-hard Firefox user of almost 20 years.
On the other hand Firefox development could be paid with a small fraction of Mozilla's current budget. They are doing all kinds of un-/semi-related stuff. But of course, it remains to be seen if the organization could survive such a financial drought.
Which, in this world, can happen. The part that irks me the most isn't so much that, but that Mozilla is more than happy to suckle at that teat and not change the current status quo.
It seems like Apple is intentionally dragging its feet in implementing new web standards in Safari (webusb, webgpu, webmidi, bluetooth, filesystem, etc) in order to keep native apps relevant (which is a big cash cow for Apple).
It is the one Chrome fork that sees some development.
(Yes, of course the forkage was the other way). So while they do have a seat at the standards table, i can't say i see much potential (or results). They also don't offer it outside their own locked-down platform by the looks of it. I.e. they have permanently kneecapped their market-share to near-pointless levels.
I think the ship has sailed for the web. Many apps don't even bother with making functional webapps any longer; the go to market are mobile apps for the censorship platforms.
The web lost. Now it's just a transport layer for mobile app API requests.
Apps shouldn’t be web apps anyway. Local-first apps should be the default, in the context of digital freedom. The only exception being self-hostable web apps.
I see your point, in the sense that local software is in theory more permanent, more reliable. But the issue is more subtle that you are describing. Is the local-first program* free software, or proprietary adware? Is its sole function to communicate with some particular company's API? What is better for digital freedom, the Reddit website or the official "Reddit app"?
If a company is going to be gating their API behind some proprietary shovelware anyway, I would rather they write it in a plaintext scripting language (JavaScript) that runs inside a free software virtual machine (Firefox) which lets me intercept and control it.
*Yes, "program". How I hate "apps". Perverse term.
You are right, we also need open protocols. With Usenet or IRC or email (or even Reddit and Twitter until recently), local apps are perfectly fine, because everyone can write their own client if they want. That gives you more freedom than being stuck with a proprietary web app.
How about the common person being able to host without having to sign up for a "business" plan. Lookin' at you Spectrum for not providing the capability to manage PTR records in DNS without an artificial barrier and rent-seek.
Companies continue to encroach on what should be basic freedom to do network management. It's entirely intentional; to the point that I've about accepted there's a high-level of society push to enact as many barriers to reasonable liberty as humanly possible, all in the name of "Public safety" or some other transparent on further examination excuse.
You misunderstand.
The point is that online services now come with apps for no reason. Very few things are so local that what you say applies. Though those few definitely should be!
And as you are already on to, not all web apps are cloud. What can be on-device webpages (e.g. routers) should be.
And of course: we owe it to the web to use Firefox. The Chrome clones are only stalling; not counteracting the impending monoculture even one bit. It doesn't matter how fancy their marketing is.