tzeejay icon




Web APNS and It's future

In 2013 Apple introduced push notifications services (APNS) for Safari but so far the feature is only enabled on macOS even though the underlying code powering Safari on macOS and MobileSafari on iOS is both WebKit. I noticed this right away after watching the WWDC session video and was a little confused about it since the entire APNS infrastructure was specifically built for the release of iOS 3 in 2009.

As with every nice thing on the web, the initial idea may seem novel at first but will always end up being abused non-stop by “growth hacker” around the world. This is probably the reason why 5 years on iOS is still missing this feature. The WebKit team was probably already fearing this horror and didn’t want people to ruin the new platform. Maybe this order even came from a time when Steve Jobs was still alive, we can only speculate.

If used tastefully though and with explicit consent of the user one could imagine push notifications for websites being quite useful on iOS. Often times I find myself having to download an application only to gain this one feature I care about: the immediate flow of information.
With downloading these bloated piles of bad code though I then have to waste cognitive capacity on hiding the app in a folder titled “Trash” or “Sachen” in order to not clutter up my neatly arranged homescreen. To make things even worse these kinds of apps are more often than not just native wrapper around a website which scroll in funky ways, tend to always take up at least 100 MB for no damn reason, seem to break native behaviors we all expect and are generally very slow compared to native apps in every measurable way.

Looking at you Discourse, Amazon and various banking apps on my phone.

What if there’d be a way to get push notifications on iOS using already existing technology in the WebKit source in order to keep up with things on the Swift Forums or an online store you never shopped at before or will never shop with again any time soon? As with anything on the web, the sky is the limit.
I generally believe that this could be a great feature for a lot of users and even for organizations who simply don’t have the time or resources to develop a good native, mobile experience. Time and money are very good reasons for any organization to not commit to another platform but I’d still wish for a way to have third parties pass information along that I care about. Information is power and enabling third parties to easily empower it’s users with information that they care about is the right thing to do here in my opinion.
A lot of emphasis on “information they care about” is required here though, since the current push notification system for the web on macOS is being abused to the point where the WebKit team had to add a checkbox to Safari to never allow any website to send push notifications at all. This is not great in my opinion and is a last resort to allow users to defend themselves against modal pop ups immediately on almost every major website in order to increase “engagement”.
“Never trust statistics you haven’t counterfeit yourself” applies once again I guess.

A more relaxed permissions model on the web compared to iOS or macOS is the reason why people find these very useful features so gross on the web but allow any app access to almost everything without even thinking about the implications in native apps. People like Will Strafach are trying to combat these bad actors on the App Store. Native apps take all kinds of your data and send it to all kinds of places all the time. Will is bringing the heat to these data mining agencies and it’s enablers the app developers by spreading awareness amongst their users and will in the future outright block data from being delivered with the help of an app he is working on. He is only getting started and I can’t wait to see if he’ll be able to put some of these awful companies out of business entirely. One can only hope.

What I would like to see the the WebKit team implement is a permissions system more alike to the one on iOS for native applications, without separating themselves too far from the standards. Have very clearly defined rules in plain english (no lawyer-lingo) publicly available to anyone on and only enable these features for websites that opt into your rules with things like signed certificates or entitlements like on iOS. Websites that abuse the services could have their certificates put on trial after the third unique report by a user and put onto a watchlist with automated testing to verify the claims. I would like to see the WebKit team to be very strict and defend their privacy and usability highground like they recently did with ITP 2.0 and their incredible writeup on HSTS Abuse.

I want them to come up with clever ways of not allowing websites to ask for your permission to send you push notifications the second their JavaScript starts to run in the background. I want them to make things a little less predictable in order to force the ad, tacking and analytics industry to adapt to their policies. I want them to punish bad actors and force a better future for the web and it’s users onto web devs. I also want them to be criticized and their decisions discussed publicly in various badly informed hot takes. I want to read spiteful snark on Twitter about privacy features only to see them being copied 6 months later by the competition. All of it only helps spreading the message.
I want all of this because I know that they are the right about all of this for the web’s sake and I know that the WebKit team can take all of it because they’re usually right in the long run. WebKit may adopt certain features slower compared to Chrome or Firefox but at the end of the day they always have the users best interest in mind not anyone else’s best interest. After all a lot of people don’t mind giving up a lot of their data in exchange for a better service but none of it should be allowed to happen without the users understanding and the resulting explicit consent.

I will support them and I know many others who will too.