Share this page!

Francisco Tolmasky Profile picture
Twitter logo
5 Aug, 4 tweets, 2 min read
This is a worrying pattern: eliminating web features in an attempt to play whack-a-mole with bad websites. We’ve seen this with breaking cross-site caching, font detection, and now prompt(). Perhaps we should be rethinking something more fundamental about browser UI instead.
Here is an example of a more generic solution for establishing trust with the user through a tamper-proof “Secure UI” area of the screen (in this case using the iPhone’s screen surrounding the notch):
Today I can easily draw an exact replica of the 1Password browser plug-in prompt using CSS & trick you into typing your password. But should we disable styling on the web as a response? That’s basically the stance we took with partitioned caching, and for lower stakes (tracking).
But why bother since at the end of the day it’s still pretty easy to just make a fake bank website. That’s the worst part about these mitigations: big sacrifices to remedy esoteric versions of these problems without making real headway on the more fundamental underlying issues.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Francisco Tolmasky

Francisco Tolmasky Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @tolmasky

Francisco Tolmasky Profile picture
7 Aug
We’re past the point where giving Apple the benefit of the doubt can be interpreted as anything other than willful ignorance from a place of Western privilege. These aren’t hypotheticals, we already have examples of Apple's policies failing people in other countries. 1/🧵
Case in point, while we argue whether sideloading would ruin our "experience" on the iPhone, the bottleneck of the @AppStore was already wielded against Hong Kong protestors when China forced Apple to remove HKmap.live, an app they used to avoid police violence. 2/🧵
If your takeaway is that this is merely a "troubling situation" in the "complicated relationship with China," then you aren't only demonstrating how you feel about people in other countries, but also living under a comfortable delusion that this couldn’t happen here too. 3/🧵
Read 11 tweets
Francisco Tolmasky Profile picture
5 Aug
This is in part because people have no framework for dealing with non-binary risk. People don’t understand “30% risk.” They just round up to 100% or down to 0. Everyday low stakes decisions reinforce this, like if there’s 30% chance of rain assuming 0% and leaving your umbrella.
But there’s no real logic there, you actually just don’t care either way. Worst case scenario, you get wet. That’s why we have this “what’s the point of living if we have to wear masks” logic: it comes from the same place as “you can’t spend your life worrying about umbrellas.”
The true test of appropriate decision making is whether you’d still make the same decision in the future when presented with an unlikely misprediction. E.g. in poker, just because an unlikely card comes out and you lose, doesn’t mean you’d negatively judge your play of that hand.
Read 5 tweets
Francisco Tolmasky Profile picture
9 Jul
A sad aspect of subscription software is how you’re almost necessarily making things that can’t last. Software has always struggled with ephemerality, but subscriptions are condemned to die with their owner (person or co.). I want to make things that have a shot of outliving me.
Forget even outliving you though, 5 years from now, don’t you want to be able to show people this thing you worked really hard on and were so proud of? Like, actually let them touch it, not dig up some video walkthrough on YouTube or something.
It’s funny because software contains the key building blocks to make truly timeless artifacts that don’t decay like physical items and can be copied effortlessly for safe storage. But instead, we’ve found ways of making the average lifespan of apps be less than a physical book.
Read 4 tweets
Francisco Tolmasky Profile picture
7 Jul
I think the @AppStore may represent a “Closing of the Frontier” moment (in the American history “Frontier Thesis" sense) that may in part explain the dramatic slowdown in UI and UX innovation in iOS (and even more so in iPadOS) following the iPhone’s initial dramatic launch. 1/🧵
It's no secret that macOS has… borrowed many of its now familiar workflows from 3rd party devs. Spotlight (Watson and QuickSilver), Widgets (Konfabulator), and iCloud Drive (Dropbox) to name just a few. And to be clear, this a good thing and has generally been wll received. 2/🧵
The key thing here is that these utilities started on the "fringe"... the frontier. They weren't shrinkwrap software you bought at Fry's like Microsoft Word, and they weren't installed by the same crowd that installed any old shareware game either. 3/🧵
Read 14 tweets
Francisco Tolmasky Profile picture
9 Jun
Thought experiment: if Apple said fuck it and just gave the new M1 MacBooks touchscreens and bare bones touch APIs, but no further direction or “UX investment,” then 5 years later which do you think would be home to more exciting touch apps and UX developments: macOS or iPadOS?
I say the Mac: if for no other reason that a tinkering community could actually exist. It wouldn’t be about wondering if *this is the year* Apple really decides to take the iPad seriously. Some passionate college kid could come up with a cool idea and ship it — for the whole OS!
But here’s another thing: either way we’d be maximizing our options. Currently, Apple has simply decided by decree that the future of touch has the evolve up from the a phone OS to Desktop workflows. They’ve forbidden trying to evolve down from an existing Desktop OS.
Read 20 tweets
Francisco Tolmasky Profile picture
7 Jun
This really goes to show how disconnected Apple employees and execs have become from the everyday experiences of users. When I first joined the iPhone team, I wasn’t allowed to do anything until I first went through a grueling hour-long user test of the then unannounced iPhone.
At the time, QA was desperate for new hires on the team to test with because, well, they couldn’t test it with anyone else! It was fascinating the care they went through for everything to “just make sense” with zero instruction & left a really positive initial impression with me.
This would ironically be harder today, *because* everyone has used an iPhone. It’s like trying to find an “untouched” jury for a high profile case where everyone has already been bombarded with news. But using the iPhone today, I don’t feel like even the spirit of that is there.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @tolmasky has new unrolls!

Check out other threads from @tolmasky!

Read all threads by @tolmasky

:(