It’s not purely social. A lot of web apps are legitimately poor, probably because the web has become the go-to platform for those looking to cut costs, who aren’t willing to pay for quality talent. This why there’s such a gulf between VS Code (not technically a web app, but built with web tech) and MS Teams for example: the former has had no expenses spared to woo devs and give MS legitimacy in software dev while the latter only needs to technically function since its audience is captive, so quality can be an afterthought.

So really, people need to start rejecting poor quality or poorly performing web apps. The collective bar for “good enough” is far too low, and so cheapskates will continue to churn out garbage.

Re DJI Fly: a combination of WebBluetooth, WebRTC, the normal location API, offline web pages (through managed caches), regular browser video features, and a bunch of other web technologies.

Re SyncThing: there's the File System Access API. You can ask the user for a folder and then operate on the files and directories inside it. Also from a locally cached offline copy, of course. Serviceworkers are there to run in the background, though I'm not 100% sure if the FS API and service workers can be combined to be honest.

It'll need as much effort or maybe even more to port it to the web as it has taken to develop the Android app, but it's almost definitely possible, at least on Chrome.

As part of Google's attempt to break free from the iOS app store, they accidentally invented an alternative to their own draconic measures.

Then is now. Projects like Anubis and OpenStreetMap explicitly don't support uncommon setups, you just don't get to use those parts of the internet. When talking to e.g. OpenStreetMap sysadmins, the reason given was that they see no other way to keep the site online and available for anyone

The web is dying at the same time as mobile OS freedoms, while important organisations such as governments and banks are moving away from browser access and towards doing everything (including 2FA in one device) on a phone

Honestly, I'll be surprised if this plan doesn't break the DMA/DSA already.

Someone will need to collect the necessary resources to bring the fight to the courts, though.

EU (and the rest of Europe) are more concerned with controlling their own populations than keeping their data safe from the US. They are very much pro-big business dominance on the internet BECAUSE it makes it easier for them to regulate.

A lot of governments want to use American AI systems to run things to cut costs.

Has legislation been created as a result of that awareness?

And the vast majority of their awareness actually came from a failed counter-campaign by the opposition.

Yes. Not a rando online petition: “we have succesfully escalated complaints on this problem to consumer agencies in France, Germany, and Australia, and have brought forth petitions for new law on this problem to various countries.”

Petitions from verified voters are powerful. Triply so if done in person, because the infrastructure that can collect signatures in person can also e.g. back a primary challenge or plebiscite.

> What do I need to do to make a difference, and how much time will this take?

EU or US?

> what's the path? Legislation?

Send them a letter explaining why this is bad for you. Keep it strictly factual and ideally concise. Copy Google’s legal [1] and any relevant digital or markets regulators. (If in the US, don’t forget your state regulators.)

Wait two weeks and then call the elected. Make sure they’re aware, and talk through your options. Send a letter thanking them for the call, incorporating any new information and actions they said they would take, and copy all of the previous parties again.

More work: reach out to other top developers and organise an open letter. This will be hard because everyone wants to include their pet issue and everyone will fight over scope and language.

[1] https://support.google.com/faqs/answer/6151275?hl=en

You can't do anything with respect to legislators. In their eyes, your privacy and the consumer's rights are less important than some grandma, who lost a large sum of money by installing malware after ignoring multiple warnings.

If you want to make a difference, try to communicate with someone from OEM companies. Google is making their phones inferior and they'll loose money and market share because of it.

After this change, "I can install NewPipe and Ad blockers" will become a major selling point for Chinese phones among large and profitable segments of the population. And that high-end manufacturers might as well give up and let Apple take that part of the market. If OEMs can be made to understand that, that's going to be the end of this initiative.

JumpCrisscross's reply was really good, and I would like to add additionally that US congress representatives and senators usually maintain local offices in cities in their constituency, and a visit to these offices (usually you can make an appointment by calling them) to discuss issues in person is a very powerful way to be heard. If you aren't in the US, you'll need to find out if your government has anything similar.

I've got no evidence that they have an estimation of the volume or scale of the feedback.

But I reckon we can all make an educated guess that they did anticipate negative feedback.

Did the US government not give endorsement?

The fact that they haven't cited any endorsement from a first-world organization or government is interesting.

I'd be curious to know, if it was because they never asked for one or because they never got one?

FEBRABAN is an association that represents the banks at the federal level, but it's not a government entity.

First, web environment integrity was about the web as a whole, not about something that is completely owned and under their control. Second, they will not stop trying. It was not their first approach and it won't be the last.

So, I believe that if they decided this is the path they want to take - they will find one way or another. It's not that resistance is futile (it's not!) but I believe that petitions are not a good tool for the case.

I am not an iOS user, so I wasn't aware of how it worked. In that case the DMA is completely worthless.

Isn't Apple already getting sued for having that process?

I don't understand how side-loading would impact information marketplaces should provide. If it's side-loaded, that's no longer marketplace responsibility.

It's mainly the lack of emergency services support in my country. Every time I called the operator can't see where I am through GPS, first question asked was what state im in.

"Installing software" is the cause of malware problems where it is allowed to take place indiscriminately. Restricting which software can be installed is pro-end-user.

De-anonymization is being done for the same reason manifest v3 was - to help their youtube revenue.

I think there are a few main contentions:

- The requirement, unless I'm mistaken, would tie a real-world identity of the developer to an app, who may wish to keep that separate from a pseudonym they may normally release things with.

- Unwillingness to give Google PII or just not tie a particular pseudonymous identity to that PII on Google.

- It puts absolute control in Google's hands for whether any app is allowed to run on most devices. There may be concerns about the types of decisions that may arise from this, not merely from recognized malware. Certain governments may ask Google to regulate apps allowed on such devices via this approach.

- Once this globally rolls out in 2027 it will mean the audience for apps from devs who don't agree to this will shrink dramatically. Only those presumably with AOSP based custom ROMs will be able to use those apps which may have a knock-on effect for dev motivation.

Yeah,that's still really bad. I own the device, period.

I don't have figures to back that up, but I did read some figures on posts regarding this. my comment was based on real-life compromises observed.

Drivers and applications are not the same thing, certainly and no application is the same as other applications. browsers aren't the same as file managers. To users what matters is impact not category. A persons entire life can be destroyed because of one side-loaded app, much less so with a windows rootkit (because you don't have phone number/2fa app,etc.. on your windows box).

Users are free to buy devices that let them install any app. Google is responsible for the majority of users who don't care about installing apps from anonymous randos, but care much much more about their livelihoods and well being suffering at the hands of criminals!

> Those targets are rapidly disappearing. Alternative Android ROMs are dying one by one. Look at how few modern phones are officially supported by LineageOS. And many of those are Pixels which Google is no longer releasing binaries for (making ROM builders lives harder).

Ok, then let's talk about that, I'm all for sticking it to Google for all that b.s., but not for the topic at hand.

> But this measure will remove so much freedom from a much larger group of people, and therfore it isn't justified.

Maybe that's the disconnect here, because i don't think you/others lack empathy for regular people being victimized. You're incorrect about that figure, the people being actually impacted (not merely compromised but harmed, as in financial loss, job loss, harassment, or worse) is many times more than people who want to sideload apps.

Educating people doesn't work. We've been doing it with phishing for decades now , and it has no impact. in the moment, you're sure it's legitimate, so you won't look for obvious signs of phishiness.They use a lure to establish trust in the context, so you guards are down. Absolutely anyone can fall for deceptive lures. No amount of education changes that. You know what made a difference with phishing? Trust senders, DKIM/SPF validation, url-rewriting with sandbox detonation and global-scale reputation analysis/response (it means as soon as you hit one person, your domain/infra gets burned globally) ,etc..

It really frustrates me to no end, because it is the exact audience on HN that innovate and create software/apps but the level of ignorance on this subject is atrocious. I know you guys care as much as I do when people get hurt! It's just a case of knowing a lot about one domain and assuming you also know a lot about a related domain I think.

It's less about saving the concept of anonymous development, more about the tightening grip that the big three companies, Apple, Google and Microsoft (they're making their own moves in the same direction) have on home and personal computing. We would be giving up a lot; this would effectively kill any open source computing products from ever becoming viable. Platforms become fiefdoms, they become shit to use because there's no other choice and can never be. Any app that runs counter to the desires of the parent of the platform can be killed and it becomes impossible to build a competitive ecosystem because the chicken & egg software problem, something which open ecosystems can solve through compatibility laters, but that becomes unviable thanks to DRM and hardware integrity lockouts.

It's a nightmare scenario, our lives locked in to total corporate control. What do we get in return for that? Scammers won't be stopped by this, the key to grifting isn't technology but people. What you're suggesting is trading open platforms and open source and fortifying current marketplace monopolies for a marginal decrease in scams. For a while. Maybe. I suggest that is unbelievably stupid.

Yes, I do think the benefits of free speech outweigh risks from criminals who will publish bad software

There's many ways to combat crime. Banning free distribution of software is one of the options but not the one I'd pick from the menu first

I can't tell if your argument is a slipper-slope fallacy or a straw-man argument, has to be one or both.

When you sell physical goods, you have to have a business license right? To a small group of people you know, nobody cares. But to mass market goods or services, you need to give the government your id, and they need to be able to hold you accountable, in the event you decide to break the law and/or harm the public.

I think this is something governments should have enforced long ago. Even linux distros with > N number of users should be required by law to id-verify package publishers. Although, they sort of already verify identify, just not using a formal/official way.

You have the right to free speech, anonymity and privacy. But being able to reach and impact the public is not a right, it is a privilege.

You can speak with a loud microrphone in public anonymously, but if you want to arrange a protest, you must give your id for the approval. If you want to start a radio or tv station, you must give up your id for the FCC license,etc... software isn't special.

Non-certified phones won't be sold in Western markets. This whole scheme has one goal only, and that's to snuff out DRM-unfriendly third party apps like alternative Youtube clients, videogame emulators and P2P file sharing apps.