> This feature is largely bad for the web and the industry generally, like all attestation (see below).
> That said, it's not as dangerous as the Google proposal, simply because Safari isn't the dominant browser. Right now, Safari has around 20% market share in browsers (25% on mobile, and 15% on desktop), while Chrome is comfortably above 60% everywhere, with Chromium more generally (Brave, Edge, Opera, Samsung Internet, etc) about 10% above that.
> With Safari providing this, it can be used by some providers, but nobody can block or behave differently with unattested clients. Similarly, Safari can't usefully use this to tighten the screws on users - while they could refuse to attest old OS versions or browsers, it wouldn't make a significant impact on users (they might see statistically more CAPTCHAs, but little else).
> Chrome's usage is a larger concern. With 70+% of web clients using Chromium, this would become a major part of the web very quickly. With both Web Environment Integrity & Private Access Tokens, 90% of web clients would potentially be attested, and the "oh, you're not attested, let's treat you suspiciously" pressure could ramp up quickly.
----
It's bad that Safari is shipping attestation, but a big reason why Safari often gets a pass on negative features that Google doesn't get a pass on[0] is because Chrome has a 60% market share, many sites are tested only in Chrome, and Chrome's marketshare is only likely to grow in the future once we finally get Apple to finally allow alternate browsers on iOS. In contrast, Safari's marketshare is pretty much tied only to iOS and Mac, and they don't even have a monopoly on Mac.
Like it or not, it matters more when Chrome breaks the Internet.
I'm not saying we should ignore Safari (we definitely shouldn't), but if that "double standard" makes anyone upset, perhaps that's a good reason to break Google up and introduce more browser diversity. If Chrome didn't have a 60% marketshare over the entire web, it would be possible to extend more grace to the people proposing experimental features within Chrome.
The extra scrutiny and tougher standards, and even the lower leeway to make mistakes are partially consequences of being the dominant browser in the marketplace. I'm sorry, but the standards are higher when you're in a position where it's possible for you to break everything.
----
[0]: see Manifest V3, which is also based heavily on Safari's own adblocking restrictions, which are similarly harmful to adblockers but tend to get a lot less attention.
"Tired of seeing all those captchas? Get an iPhone or a MacBook."
If that bothers you, support browser competition and consider breaking up Google. I'm sorry, but it is a fact that it is more dangerous for Chrome to take harmful web positions than it is for Safari to take harmful web positions. That's just the consequence of having a browser monopoly, and Google has to live with that consequence.
Morality has nothing to do with it. I don't support attestation on Safari, but it matters more when Google does it. It's not "fair" because the market isn't fair, there is a dominant player and their actions matter more. Again, if that upsets you, get upset at the unreasonable power dynamics that Chrome has over the Internet. They are the reason for the extra scrutiny.
Once the majority of users are on Apple's platforms, the open web doesn't matter. It is whatever Apple wants it to be, which is most likely "dead".
The rules have to be the same for everyone, and the discussions around the WEI on HN have made it clear they aren't. The other threads are filled with massive rants about how evil Google is and how amoral anyone working on this project must be.
But then this thread on how Apple has been doing exactly the same thing has people for the first time engaging with the technological parts, and suddenly the critiques have turned to full-on excuses. "Oh, it's just a little bit bad when Apple does it."
At which point we'll start criticizing Safari more frequently than Chrome. But I don't think you need to worry about that, I can't even run Safari on Linux or Windows in the first place. I already don't test any of my web projects in Safari specifically because I can't, I don't own a device that I can test Safari on. So good luck getting devs to build Safari-only websites. I think it's misguided for us to worry so much about a theoretical future monopoly that we avoid correctly prioritizing efforts to combat a present monopoly.
Of course incidentally, "we" (whatever that means on HN) do criticize Safari all the time. "Safari is the new IE" didn't come out of nowhere. And another reason why this issue in particular matters much less for Safari is because those criticisms seem to have worked and I fully suspect at some point in the next 5 to 10 years it's very possible that Apple will be required by regulators to open up iOS to support multiple browser engines.
And that will be great for certain parts of the Open web, I'm hoping that if iOS opens up its browser restrictions PWAs might get a lot better. But it's also very dangerous because it means Chrome's monopoly will grow even more, and it makes it even more pressing that we deal with specifically Chrome's dominance on the web. So there are plenty of areas where iOS presents a larger threat to user autonomy than Google/Android does (app store policies, user lock-in, sideloading, etc), and I have no shame about subjecting Apple to stricter standards than Google in those areas. This isn't one of those areas.
> and suddenly the critiques have turned to full-on excuses
I'm not offering a single excuse for Safari, it's bad that Safari implemented attestation. I am offering an accurate assessment of the threats that Safari and Chrome currently pose to the Open web.
My standard rule -- consistently applied to everyone in every situation -- is "don't break the Open web", and even with both browsers implementing attestation, Google's implementation is breaking the Open web more than Safari is right now.
> The rules have to be the same for everyone, and the discussions around the WEI on HN have made it clear they aren't.
I don't get to set the rules, or else nobody would be doing attestation anywhere including on native app stores. But it is naive to look at a browser with 20% marketshare doing something harmful and to say, "well, this deserves exactly the same amount of attention as Google." It doesn't. I criticized Brave inserting its ads into webpages, but I'm not going to pretend that my reaction to Chrome doing the same thing wouldn't be a lot harsher, because Brave is not the dominant browser on the web. It's not a double standard to take context into account when prioritizing where coordinated community efforts should go.
In this case, "fairness" for outrage over browser features effectively means ignoring the largest threat in the room to the web and pretending that we're not in a market with a dominant browser. But we are.
Huh, funny that being equally outraged about both isn't an option for you... It would pretty obviously have been useful for achieving the claimed goal of suppressing this feature.
If there had been this kind of backlash (rather than universally positive press) when Apple did it more than a year ago, maybe it would have sent a message.
But since Apple gets a free pass from people who think like you, the outrage didn't happen, and this is now de facto a reasonable feature for a browser to implement.