Apple is requiring developers to use the following flow in their apps if they opt out of using Apple's payment processing:
Title: This app does not support the App Store’s private and secure payment system
Body: All purchases in the <App Name> app will be managed by the developer “﹤Developer Name﹥.” Your stored App Store payment method and related features, such as subscription management and refund requests, will not be available. Only purchases through the App Store are secured by Apple.
Here's another way of looking at it: Does this page really need to execute code on its users' machines? Why is this such an acceptable thing in the first place?
> Why is this such an acceptable thing in the first place?
Because before we had local desktop applications that were substantially less secure, with far greater default access rights (even root/admin in many cases).
Webapps that execute in a silo-ed virtual machine with only access to their own data (without express permissions), is a substantial security improvement (and also doesn't require the user to install anything).
To be honest the people who want to visit a website, for free, and then insist on how that website is delivered are super entitled. If you don't want to execute a site's code in a browser's secure context then don't, but you cannot whine about it like they owe you.
"To be honest the people who want to visit a website, for free, and then insist on how that website is delivered are super entitled."
This is a very poor argumnet - stealing data is a crime.
Why should people accept being victims of robbery just because they are in a free library or music concert?
Secondly, many websites have a paid plan - OneDrive, Xero, Flikr, LinkedIn, YouTube, etc. This is a terrible attitude: "I gave you candy for free, so don't complain if it's poisoned"
That’s a bit warped of a comparison - 99% plus of website JS isn’t a poisoned Apple that will cause some kind of real harm.
That (in your analogy) everyone giving candy on Halloween provides a potential threat vector for a serial killer to occasional slip one in is them taking advantage of an ecosystem that everyone desires, not a malicious act from everyone giving out candy.
> No, the site owner is usually gaining money from his users (through ads, tracking, etc). This is an incredibly dishonest statement.
Which you're purposely trying to avoid by disabling JavaScript, thus mooching and demanding that they design the site around your niche desires.
NoJs users are negative revenue users. They cost the same as a revenue user but block revenue streams. Then feel like more resources should be spent on just them.
You're then asking businesses to pay to place ads that you cannot assure them were actually viewed by anyone. It can work, but companies will pay more for ads that can prove they were even rendered let alone uniquely.
Many business models don't work with reduced revenues, thus you can embed ads in content, take the lower revenue, but then need to structure your business around the lower total revenue.
Typically, when businesses have goals like these they end up instead just doing a membership model wherein it is ad-less but the users/audience is paying them directly for content production.
Generally no, as botnets can and do trivially spoof that kind of activity to burn competitors ad budgets or generate more revenue for the ad networks or websites.
Yes, it does. Not using JavaScript to present documents is the default, you actually need to devote time to make it the other way. Relying on JavaScript significantly increases your failure surface. Outdated browsers, buggy extensions, network failures, poor error handling - it becomes much more likely for your content to not display even when the user does not actually turn JavaScript off.
I'm not sure what the ratio is. What I do know is that there is a concept that, to me used to be a well known concept, that web developer's are encouraged to follow called "graceful degradation". I wish more people would pay it some attention.
Whether it's due to capabilities of a browser or extra security measures a user would like to practice graceful degradation allows content to be shared with more people than not.
I have JS enabled, but don't allow third-party JS.
Sorry, for the author, but I'm not going to enable google-apis and other google spyware scripts to load on my browser just to see what they're up to in this blog post.
As someone who supposedly wrote an article about fighting spyware, they should know better that to require loading google scripts in order to see a simple page.
A better question is, what % of web developers test their JS rendering on the array of browsers it's guaranteed to encounter, or consider what happens when very basic privacy tools are in use?
Those aren't relevant questions for this case, however. The page isn't failing to render without JS, it's failing to render without third party JS. For a group whose nominal message is bragging about their hax0r skills, it's pretty clumsy to build in a single point of fail dependency on code they don't control, then require their users to run it.
No idea, but I browse without js (enabled on a case-by-case basis). I'd say 10-15% of the links from the HN front-page are broken without js, I generally move on to the next one.
Anecdotally, based on my own data, roughly 0.2% to 0.3% after excluding bot/crawler UAs (and I run a website more likely to be visited by "techy" users, probably lower for the general population).
Just a note that you've framed the question as "without JS turned on" but it's not always a choice; there are people who don't have access to sufficiently new hardware or reliable telecoms that it will work as intended.
As an example, for the past ten years I have had to browse with a tablet that crashed every time JS was enabled (luckily I could recently justify the expense of a new one, so that won't be the case any more when it arrives)
I have JS turned on on my phone, yet this website did not render. I am using content blockers, yet there are no trackers on this site so I’m not sure what exactly is being blocked!
You’re leaving of a crucial part of that sentence: “…during an internal investigation”
With that, and “work phone” (presumably) implying the phone is Apple’s, she may have given Apple a reason to fire her, even if she deleted the app not to hide that she leaked info, but for other reasons.
But of course, that all depends on what exactly happened. Did she know Apple was investigating, did they tell her to hand in here phone for that investigation, etc.
Snowden advocated in favor of the government following their own law (not spying on people without judicially issued warrants). This 'whistleblower' is asking the government to violate their own law (the first amendment) by banning individual speech on these platforms.
EDIT: Honestly, I could care less about facebook. Although I think Mark Zuckerberg should be in jail (look at the allegations that his company knowingly experimented on people without their consent), individuals should have the ability to publish on the platform. If bakers must bake cakes, this is only fair.
> This 'whistleblower' is asking the government to violate their own law (the first amendment) by banning individual speech on these platforms.
I could be mistaken, but I don't think she is specifically advocating for that? I believe she is saying specific things should be regulated...mainly the ability to configure timelines, greater control on use by teens, etc.
I don't wholesale disagree with everything she has to say. As I've stated multiple times on this thread, I believe Facebook should be liquidated and its executives, including Mark Zuckerberg jailed.
> The result has been a system that amplifies division, extremism, and polarization — and undermining societies around the world. In some cases, this dangerous online talk has led to actual violence that harms and even kills people. In other cases, their profit optimizing machine is generating self-harm and self-hate — especially for vulnerable groups, like teenage girls. These problems have been confirmed repeatedly by Facebook’s own internal research.
While she is correct that facebook has allowed people to talk that's led to violence (some of it very justified... see the arab spring, etc), and that facebook contributes to division, I don't believe the government should be in the business of regulating the speech of individual users of these websites. Ultimately, that just means the government just gets to squash dissenting voices. Ending the 'dangerous online talk' may today mean stopping violent extremists, but may tomorrow become "Don't discuss anti-government policy messages because it may inspire some people to commite violence" which is a slippery slope.
For example, the whistleblower claims that some online talk amplifies extremism which 'undermines societies around the world'. Some societies deserve to be undermined. Few would batt an eye if Facebook were used by North Korean dissidents to organize around toppling that country's dictatorship.
You should pay attention to what's going on before commenting on out of date news.
Also, a similar case in washington of an old lady florist forced to provide flowers for an event she doesn't believe in. This is like asking a jewish deli to cater the nazis.
In that case, the SC explicitly denied the request, thus de facto legalizing forcing individual people with consciensce disagreements working in their own business to do business with those they disagree with. This is an obvious violation of the individual right to freedom of conscience.
Meanwhile, facebook, a multi-billion dollar powerful corporation, which does not enjoy constitutional rights neither by nature nor law, is given a free pass to exercise its conscience. Sorry... I'll speak for the little guy.
And having a gay wedding is indeed a choice, and Jack Phillips shouldn't be forced to participate if he believes that his belief in his god makes it so that participating is akin to taking part in evil.
No, Nazis aren't a protected class. The ACLU (correctly) argued that they've First Amendment rights just like everyone else; it has nothing to do with membership in a protected class.
They are not a protected class, which means you're allowed to do things like not hire Nazis without running afoul of Federal discrimination law.
I can be fired for being a Nazi, or a redhead, or a comic book fan. I cannot be fired for my skin color, or my national origin, or my religion. That's how protected classes work.
Okay, sorry, you're bringing in firing, but I'm talking about baking cakes as an individual proprietor of a business. If the claim is 'being conservative is not a proteted class'... okay, but religion certainly is, and my religion is more conservative than mainstream conservatism, yet I've still been subjected to facebook censorship. So, can I claim Facebook must let me post content, just like Phillips must bake a cake, because of my protected class status, religion?
If not, why not? If so, why? If the answer is not 'Yes facebook must publish', how do you square this away that the answer is 'Yes you must bake'.?
"If the best Facebook can come up with is this disgusting attempt at character assassination, Haugen is telling God’s own truth. We should listen to her."
>Facebook PR: “Today a Senate Commerce subcommittee held a hearing with a former product manager at Facebook who worked for the company for less than two years, had no direct reports, never attended a decision-point meeting with C-level executives — and testified more than six times to not working on the subject matter in question.”
This doesn't sound like character assassination, it's Facebook claiming that she wasn't informed enough. It would be like the NSA telling us not to listen to Snowden because he didn't actually work on the programs that he obtained documents about.
I believe that the term of art is "backgrounding".
As in the company provides "background" information such as seems to be the case here. Of course, this is really the company framing the conversation and deflecting the criticisms without addressing them.
I see the discussion here is largely fixated on whether this constitutes a "smear" or not. So, it seems to be working from Facebook's point of view as we are not discussing the actual allegations against them.
It’s a rather unconvincing but mean way to discount someone. If anything, FB saying how unrelated she is to these problems absolves her of being a part of it. Focus on the documents.
Despite that, not everyone has the will to connect these dots.
You're not wrong. But Facebook's attempt to discredit Frances Haugen is poor.
From the congressional hearing today, she did not answer questions beyond her expertise [1], and she had over a decade of relevant experience in Engagement Based Ranking algorithms [2], which was largely the focus of the hearing.
Sounds to me this type of language can also backfire; next step of Congress could be to then subpoena someone who did work on the subject matter and did have C-level exec access...
What a heavily editorialized statement for something that isn't marked as opinion. The whole article reeks of being written by someone who literally hates Facebook.
And the use of the term "God's own truth" feels like a really underhanded and unjustified rhetorical trick. To use a analogy, It feels like they are declaring a winner during the opening argument of the prosecution, before the defense has even had a chance to fully respond: "If Facebook had evidence, it would show it." Doesn't the author realize that kind of counter evidence will come later?
No, the author doesn't hate Facebook, nor does the "whistleblower". This isn't being drive by hate, it's being driven by love: love of government-mandated censorship. They're not alone, either, Zuckerberg himself is a huge fan; that's why his pushback here was so weak. Facebook was running TV commercials last summer calling for tighter legal restriction on social media.
The use of "God" in that statement refers to an objective source. While I'm not a fan of the phrase, it clearly means an absolute truth. No bibles necessary.
It's a cutesy way of saying the actual truth. Language is full of such ridiculous contradictions used to express things, I wouldn't use this one but I don't see how it is particularly objectionable.
What she's telling, or not telling, is irrelevant, and indeed, partly because she has little experience at FB and not in a position that would make her privy to nefarious plots.
What is relevant, is the documents, which are not being released in full. Only after they are will we see the full picture, so anything happening before that is just manufactured narrative to serve someone's purpose.
> Company researchers in 2019 set up a test account as a female Indian user and said they encountered a “nightmare” by merely following pages and groups recommended by Facebook’s algorithms.
> “The test user’s News Feed has become a near constant barrage of polarizing nationalist content, misinformation, and violence and gore,” they wrote. The video service Facebook Watch “seems to recommend a bunch of softcore porn.”
> After a suicide bombing killed dozens of Indian paramilitary officers, which India blamed on rival Pakistan, the account displayed drawings depicting beheadings and photos purporting to show a Muslim man’s severed torso. “I’ve seen more images of dead people in the past 3 weeks than I’ve seen in my entire life total,” one researcher wrote."
Facebook's default content consumption mode is to create a nightmarish experience. FB doesn't care as long as those ad clicks are working ok.
It's an interesting experiment, but is that realistic? It sounds like the test account just followed the first n things recommended, then the next n, then the next. Sort of like the game where one clicks the first link in the wikipedia article and ends up at philosophy.
Any real user doesnt follow random links, but ones he/she is interested in.
Its not like facebook has a monopoly--users would leave if they were genuinely dissatisfied.
Title: This app does not support the App Store’s private and secure payment system
Body: All purchases in the <App Name> app will be managed by the developer “﹤Developer Name﹥.” Your stored App Store payment method and related features, such as subscription management and refund requests, will not be available. Only purchases through the App Store are secured by Apple.
Action 1: Continue
Action 2: Cancel