We Need Browsers as Platforms
post by jefftk (jkaufman)
It's fashionable to say that the web is bloated, and that the features
built to support webapps make it too complex. You
Documents: providing information. News, blog posts,
Apps: doing things. Email, spreadsheets, games.
(This is really a continuum, where a blog post with a comment
section is pretty documenty but also a bit appy.)
On one hand, I completely agree that supporting apps makes the
platform complex: browsers are incredibly complicated to build and
work on, with such a high ongoing maintenance cost that we only have
three rendering engines: Firefox's Gecko, Chrome's Blink, and Safari's
Webkit (Blink is a fork of Webkit). On the other, supporting apps is
much better than the alternatives.
Outside of a browser, there are essentially two models for getting
Independent installation. You download the program for the
manufacturers website, or loaded off a CD. The desktop model.
App store. Your OS has a list of programs that can be
installed, and which have gone through some amount of review. The
Independent installation is decentralized, but also a security
nightmare. Random users installing random software gives you botnets.
App stores are centralized, which puts their operators in a position
of enormous power over what users can run on their devices, and means
governments can require them to
The web has developed with the principle that it should always be safe
to visit a site. As new capabilities have been added this has
been critical to maintain. This means you don't need an app store,
with power to reject your app.
Ten years ago Mozilla posted Booting to the
Mozilla believes that the web can displace proprietary, single-vendor
stacks for application development. To make open web technologies a
better basis for future applications on mobile and desktop alike, we
need to keep pushing the envelope of the web to include—and in
places exceed—the capabilities of the competing stacks in
We want to take a bigger step now, and find the gaps that keep web
developers from being able to build apps that are—in every
way—the equals of native apps built for the iPhone, Android, and
The web platform has come so far in supporting apps over this decade;
we couldn't have made
web developer should be able to do anything native app developers can,
making apps for any device, free from vendor veto.
Comments sorted by top scores.
comment by jimrandomh ·
2021-02-09T20:54:19.748Z · LW(p) · GW(p)
There are a few places where the install-from-repository model fundamentally works better than the web model, or could work better if the repositories did a little better. One of the big ones is: when I download software (or load a webapp), I want to be sure I'm getting the same software/webapp as everyone else is. A webpage with a sandbox-escape vulnerability can serve malicious code to high-value target users, and avoid serving it to security researchers; whereas with something like apt-get or the Play Store, that sort of thing is much more difficult.
A repository/appstore also makes it feasible to refuse updates. A prototypical example of when you want this is illustrated by a recent Play Store security incident with a barcode scanner app: something which (1) doesn't have significant untrusted-network-data exposure so it isn't likely to need security updates, (2) has little room for actual improvement, and (3) is at risk of being taken over by a malicious actor, or its developer deciding to monetize it in a way that makes it worse. (I have Play Store auto-updates on my phone globally disabled for this reason, and am quite bothered by the inability to control auto-updates on a per-app basis. Chrome has a builtin outdated-version detector that will warn if using an insecure version, but most other apps with network exposure do not. So this is trading some RCE risk in order to reduce malicious-developer risk.)
comment by wolajacy ·
2021-02-09T16:24:10.918Z · LW(p) · GW(p)
Random users installing random software gives you botnets.
This is only true in case of insufficient security mechanisms. Virtualization/containerization (for example, docker model) would allow users to run independently installed applications safely.
Similarly, I guess that the motivation for centralized store (apart from the financial motive of the store owner: Apple/Google) is to provide security through the process of vetting the apps. But again, if we had proper virtualization software, there would be no reason not to allow users to add unofficial repositories, maintained in a decentralized way.
Of course, virtualization/containerization done on the OS level is (currently) quite resource-intensive. But the alternative is even worse - with everything moved to the web, we are building (we have built...) OS inside OS! With all the problems that it entails: this "new OS" supporting really only one language, having extremely limted set of protocols, overall not having anything close to the full environment of the proper OS.
Summarizing: why would you advocate this all just to solve intercompatibility and safety problems (which, if I read your post correctly, are the reasons for moving apps to web), instead of dealing with them properly, on the OS level?Replies from: jkaufman
↑ comment by jefftk (jkaufman) ·
2021-02-09T17:25:37.245Z · LW(p) · GW(p)
Android does allow sideloading APKs and installing third-party app stores (ex: https://f-droid.org/), though iOS does not. An unvetted mobile app is less risky than an unvetted traditional program (with full user-level access), but still more risky than a web app.
If Android and iOS (and Windows, Linux, macOS...) put in the effort to where loading a program was a safe as visiting a webpage, that would essentially be fine. I would prefer a world in which you could write for a single platform and then run on any device with a browser, but it's the gatekeeping I'm most concerned about.
On the other hand, I can't see iOS doing this when they don't even allow custom browsers.