I’m a stubborn person. Sometimes to a fault. It’s a blessing and a curse.
The incessant “install our app” messages on Reddit are a major turn off and one of the reasons I use Reddit so little. There’s no reason Reddit can’t work just fine in a browser. The only reason to encourage the app so much is if it benefits Reddit. At that point our relationship becomes adversarial and there’s no reason to continue.
Nothing here is surprising. The app was clearly user hostile and doing something nasty, now we just know what it was doing.
I've been a narwhal user for several years, its a third party reddit app and there are other more up to date ones.
Your post is interesting because I never thought about reddit's poor mobile user experience bouncing people, I think of it is as just one implementation of their API and the content is still fire
Apollo is also maybe the only iOS app I have used that put real thought and effort into idiomatic 3d touch/pressure/etc UX patterns. It's lovely and pro was like $3? $5?
Both Reddit & Quora has this sort of "annoying" pattern (In Quora it turns into a dark one as you're not allowed to scroll down on a page after a certain point).
On Reddit, on my opinion it seems how bad the page looks on mobile is on purpose (Compared to, say, HN).
Besides that, I don't understand how clipboard access is not something the apps should ask permission for (And be able to work without it, obviously).
Finally, considering the obvious use the clipboard has, there should be some sort of "this time only" permission possible.
If clipboard is mostly copy text, paste text into form field it shouldn't have anything to do with an app, there is no need for the app to have clipboard access, this should be managed by the OS. Only if you have "take license key from clipboard" or something like this, the app should ask for a one time permission as you've said.
There is nothing wrong with e.g getpockets functionality to show the url that you have in your clipboard and offer to add it.
There is something wrong with sharing that information anywhere else - which should result in a permanent revocation of the dev cert for the organization that has produced it, as should any type of telemetry (spyware, as we called it in the old days).
I wonder if there's a correlation between pushiness to use an app and nastiness of the app itself's behavior. I feel the same way about a lot of this crap, and it's everywhere these days; even my bank has a shady 'Continue' button on its Use Our App modal which takes you to the damn app rather than continuing to your bank account. To get to the account and actually continue, you have to click a much much smaller "Not this time" or something below. Awful stuff.
It's actually still so much better to pinch and zoom on the old site. The new one is super janky and totally broken on mobile. The app is just a pain to use anyway.
At this point, I do slightly wonder whether a significant number of people are using the "new" Reddit at all, or whether it's just being kept online as a face-saving exercise. The publicly visible feedback seems to have been overwhelmingly negative and remains so, and I can't remember ever seeing anyone comment anywhere that they actively prefer the new version. I use old Reddit routinely myself. I quite often see advice to use old Reddit, such as the parent comment. I do occasionally see an indication that someone is using the new interface, for example because they used the ``` notation for code on a programming subreddit, but this seems relatively rare compared to encountering criticism or advice to avoid it.
Even when I set that I still get redirected to the new version. I guess I've just learned to cope with the new design and all the stuff being added into it that make it even worse.
This whole obsession with reducing information density and making more space for ads and huge 'cards' or pictures is pretty much a UX anti-pattern as far as I'm concerned. It's like how 'minimalism' is considered a rich-person's hobby because everything's spacious and clean, rather than small and cosy. Web minimalism takes up more space to do less, while tending to cost a lot more in terms of bandwidth used.
I did try that for the first six months or so, but I noticed multiple cases where I was still being sent to the new one. Maybe Reddit has fixed it since then, but this plugin was way more reliable fix for me.
Plus when I share a link with friends/coworkers I know with old.reddit.com urls I'm not going to be sending them to the clunky new version, if they don't happen to be logged in or have the right settings. And I've been asked how they too can use old version multiple times already.
We all left Digg back in the day for Reddit for much the same reasons. And I'm usually a big proponent of modern JS frontends, assuming it's done carefully and performance-first. Reddit, like online newspapers, should be as simple as possible IMO. Like AMP minus Google.
I wish that there was a third party web-app that would be similar to https://old.reddit.com and https://ns.reddit.com without the bugging... and maybe combine it's own service with reddit. And eventually drop reddit....
but they don't have a web-app as far as I can tell... and their webpage is HTTP only with a self-signed certificate? that isn't acceptable nowadays: http://boostforreddit.com/ ... I do this but only on my local network...
I wish the thing is that simple. The reality is more concerning than petty data gathering. Today's smartphone users don't use the generic web browser. When they heard that there is a trending web service X and they decided to try, they search from the app store for the X app, blindly install the top hit app completely disregarding whether it's official, unofficial or complete malicious fake app.
That's why most of the modern web service must provide the brainless apps that is just a wrapper of the browser. Otherwise, people use whatever random garbage app they found at the app store that contains the service name and believe that is the web service you provide.
It is my opinion that smartphone makes people dumb. Or maybe it's reverse so the smartphone allow even the dumb people get access to the computer and the Internet.
On a related note, does anyone here use, or know of, a good, Raspberry Pi-based content proxy server? Pi-hole is only a DNS server, so it wouldn't block half the nonsense on the web today.
Thanks. The last time I considered doing this was a decade ago, before "https everywhere."
Is it some kind of wildcard cert that covers the entire internet? I'd have to research what it would break, and the security ramifications. Probably not worth it :(
Reddit has, on more than one occasion, outright blocked me from reading posts from the phone's browser, demanding that I download their garbage in order to continue (I did not, of course).
Feels like perhaps some sort of intent-based subscription would be good. I quite like the feature of prompting for clipboard stuff since copy and paste is awful on iOS.
Apps allow far deeper and richer access to various data structures than what should be allowed; this has been proven time and again since mobile OS existed, I think both Apple and Google are to blame for ever allowing developers to freely access whatever they wanted, whenever they wanted, to upload it to any server, without any transparency or oversight (and that's a huge problem on Android, still).
If you can, use the browser (the new Firefox for Android is quite good), which at least limits your exposure to these third parties accessing information they should not.
old.reddit works okay in the browser, I am not so sure about LinkedIn as I don't use it. These days I just rely on using TOR for things like email, Protonmail has a .onion address which is a nice bonus.
I carry very few apps on my device, and I make an effort to exclusively use those found on f-droid, open source, not many permissions.
It's the biggest perk of Android; you can use any store you like, and most APKs install absolutely fine. Disable Play Services and various other tweaks and you're okay.
Plus then you wouldn't need to give apple 30% of your money, and spend hundreds or thousands of dollars on an Apple product, and pay for their dev kit.
I've found little value in native apps over a bookmark on a homescreen. Where I've needed apps I try to restrict permissions as much as possible, or disable/remove them completely if they're infrequently used.
It's really sad that the Web, full of terrible JavaScript and tracking, is being pitched as the safer alternative to applications. Keep in mind that unless you somehow run a version of a Web application locally, every interaction with it is traceable. Advertising parasites have eaten the world.
Traceable but not the kind of access an app has. Traceability can be spoofed not the data that app is reading from your device. No website is ever going to ask your contacts permission to proceed further while their are tonne of apps that won't let you use app if you reject that permission.
For example, GPay in India needs freaking location permission. God knows what it does with that data.
Websites request access to my location data constantly. They also likely have some semblance of where I am even before they ask due to IP geolocation. If I'm using an offline application this transaction wouldn't be happening.
My point isn't that either apps or the Web are better. It's a more fundamental issue of software I use constantly talking to systems I don't control. It just so happens that the Web only exists if I accept that this will happen. Applications can exist even if I don't.
Apps are definitely a train wreck in terms of privacy and security, and it's definitely at least partly the responsibility of Apple and Google for allowing that abusive behaviour at OS/API level in the first place.
Then again, take a look at your desktop/laptop OS, and by comparison mobile devices are almost fortress-like in their protections. We're still using security models based on the threats of several decades ago, with barely any attempt made by any of the major desktop OSes to develop a suitable defence to the biggest threats of 2020.
The real problem here, IMNSHO, is that most users don't take privacy and security seriously, which in turn is at least partly because most users lack even rudimentary understanding of what is happening and what could be done about it. Almost everyone suddenly has a life full of small, somewhat independent devices with significant computing power, sensors, and external connectivity. Even people who choose not to use such devices themselves will still find themselves affected by this technology because so many other people around them do use it, so unless you're willing to become some sort of modern-day hermit, you can't entirely escape the trap.
But until public awareness is increased, until these issues start becoming a matter of real competition and hitting inferior product developers in their quarterly results, until there is enough concern over the more serious abuses for politicians to learn about these issues properly themselves and legislate or regulate accordingly, trying to stay off as many radars as we can is sadly the only realistic strategy. You can avoid installing untrusted software on your computers and putting IoT devices in your home, and that's a significant improvement, but it's still far from ideal.
> We're still using security models based on the threats of several decades ago, with barely any attempt made by any of the major desktop OSes to develop a suitable defence to the biggest threats of 2020.
If you think in terms of who the paying customers were/are for desktop OSes (by-and-large, corporations and governments), the "threats of several decades ago" were—and continue to be—real threats to them (vis. industrial espionage/cyberwar); whereas the modern "threats" aren't things that threaten their interests at all, "only" things that affect the lives of individuals. A corporation won't lose money because a rival knows everything about its employees shopping habits.
Insofar as nobody's currently making money selling a desktop OS to consumers (Microsoft sells cloud with the OS as a loss-leader; Apple sells the hardware with the OS as a cost-center; and RedHat, Canonical, VMWare, etc. only make money from enterprise support) there's nobody incentivized to protect the wellbeing of individual customers on the desktop.
Insofar as nobody's currently making money selling a desktop OS to consumers...there's nobody incentivized to protect the wellbeing of individual customers on the desktop.
This looks like the root cause of the problem, except that in reality users are still paying for their OSes in many cases, it's just bundled in with the cost of the equipment and they don't see it as a separate line item.
However, given the huge barrier to entry for any new competitor, not only in building a better OS but also in developing the ecosystem around it, I am increasingly sceptical that this offers a realistic route out of the current hole we find ourselves in, at least not any time soon. That's why I favour better public education, and ultimately relying on competitive and/or statutory forces to push developers in a healthier (for customers/society) direction.
For time being. It was never improved and was lacking in some aspects and now videos won't open on it but the new mobile website. It's just a matter of time before they scrap i.reddit.com
The sandboxed-by-default experience offered by browsers is an excellent security boundary these days. Decades of experience has built a very good process around how arbitrary code should run (or not run) on client devices.
Sure, you still have to deal with tracking cookies and the like, but this a tiny amount of pain compared to what a full native app could do to you without your awareness. Wiping the slate with a web browser is a fairly trivial exercise too.
Progressive web applications are the best and brightest future we have. I can only hope that some sort of antitrust shake-up forces vendors like Apple to fully-embrace PWAs and other such alternatives. When looking at the technical specifications, there isn't a whole lot of good reasoning for requiring native apps outside of exclusivity and control over their ecosystem.
Google and Apple have massively dropped the ball with their app stores, especially Google. They're straight-up malware distributors, plain and simple. They need to reign in this crap to achieve even a modicum of respectability.
Apple tolerates a great deal of apps tracking users. Tracking users is not against the app store's terms of use. Cell phones have been made into data mining devices thanks entirely to Apple and Google. They can stop it, and they choose not to. The stores ought to have a much stronger focus on review and keeping vendors in line and much less focus on wringing money and data out of consumers. Apple spends their time strong-arming developers into adding microtransactions and other anti-consumer features in the name of their already astronomical bottom line.
I think there needs to be a balance. Too many restrictions are also user-hostile. The only sure way to stop all tracking is just close down the app store and the entire 3rd party ecosystem.
No love for these spying apps, but pretty sure PIA should not be throwing stones after climbing into bed with Kape. Or maybe this is part of a PR strategy?
Its great that Apple has finally put this permission / reporting in place with iOS14. The reason it is happening is simple - it was possible to do so with the platform with no checks. Similar to how blanket permissions for contacts still allows apps to read all the contact info, including birthdays and notes etc. Apple is reportedly very privacy conscious but it takes 14 iOS releases to figure out apps are accesing your clipboard. Duh !
So since this is so pervasive... curious if anyone has actual facts as to whether this is:
1) A common UX pattern to detect relevant clipboard links in the app (e.g. open a reddit link automatically) -- many apps do this type of thing (e.g. Photoshop will use the dimensions of a clipboard image when creating a new image), but nobody's pointed out specific such functionality in LinkedIn (or reddit)
2) A third-party library (analytics, advertising) which does this automatically, which the app developers (LinkedIn, Reddit, etc.) weren't even aware of. If so, why though -- is there some particular analytics, tracking or fingerprinting reason? I'm having a hard time thinking of any particularly good one
3) Something else, like a common text editor library that checks the clipboard by default for some legitimate reason like preparing for formatting, images, etc., that is maybe just lazily coded (checking clipboard on every keystroke, rather than just a paste command)
I'm just curious if anyone has facts. Because there's a world of difference between good intent, questionable intent, bad intent, and lazy intent.
One common use case with a third-party library is for deep linking [1]. The deep link is copied with javascript in the browser, then after installing the app it can open right to where you were on the web.
also looking at what they were trying to do in the first place -- check if contents was pasted... and whether the text would be autocorrected?! -- it all looks to me like apple has a bad, or not well understood, clipboard API.
apple needs to set guidelines around the clipboard API.
Facts as you define them would be impossible to confirm. You would need to trust the stated intentions of each app and framework found to be doing this. Nothing short of legal discovery will have a chance at defining facts about their intentions. We can only evaluate their response for maturity, competence, and authenticity, and combine that with past knowledge to try and evaluate whether their stated intentions are an accurate reflection of their true intentions.
For example: "Did they honestly make this mistake or were they planning to use that innocuous framework call to implement clipboard-theft?" cannot be proven to be "honest" as a lack of evidence of dishonesty will be interpreted by doubters as "we haven't found the evidence of dishonesty yet". There are no facts that can usefully satisfy this question.
It would speak highly of LinkedIn, though, if they were to announce that they've also evaluated their Android app (where this warning is absent) and identified and removed code there as well. But that, itself, is no proof of either honest or dishonest intentions, any more than any other facts will be.
It’s not legal assuming they do any processing of that data and you’re in the EU. There they need to have a legal basis to do that, the most common of which is consent. Unless you’ve given that they’re not allowed to process personal information, and that includes info they’ve randomly grabbed that they don’t know is personal or not.
It's not just an EU/GDPR issue in this case. The clipboard could contain any data, including health information, financial records, legally privileged discussions... Even in places like the US that have much less legal protection for privacy and personal data, processing some sensitive classes of data is still likely to be restricted by law.
I’ve found it breaks down surprisingly often (iPhone XR, Safari) which I can only assume is the site’s fault. I’d assumed it was a gradual neglect (or subtlety forced attrition?) intended to push people towards the new mobile site and/or the Reddit app. It’s bad enough that I stopped using it altogether; for me, the new mobile site is now more usable.
This should result in automatically kicked off the app stores... They do it for other privacy violations and abusing APIs. This sounds like a good candidate.
Most apps are being installed for access to notifications. Apple is incentivizing this behavior by refusing to implement browser notifs. The sad state of the web in 2020 is only matched by the irony of these companies being more profitable than ever.
You may find it more expedient to maintain a "ok to use" list. The number of apps I am willing to install on my personal android or iOS devices is somewhere between 5 and 10. Most of them are productivity tools from vendors I trust with my most sensitive IP.
Yeah. The thing is, though, that whilst I was entirely unsurprised by TikTok doing that, I would not have expected it from Microsoft. It looks a lot like a dodgy framework that found its way across way too many applications, in which case trusting the app's developper is probably not enough.
An engineer at LinkedIn says, "We've traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don't store or transmit the clipboard contents."[1]
All these apps could as well be using the clipboard content with good intent (no pun intended). But who knows apart from their respective developers?
In 2020 it's still not a given that we should be allowed to review and read shit that's running on our machines, to at least check this kind of things. It's okay to be surrounded with black boxes everywhere that one cannot study if they wanted to.
It's still not considered as a disrespectful and weird practice to not provide the source code with software being distributed. And people are not told they should expect software to come with everything possible to inspect what it does, to the community or themself can review it.
If someone is not providing the source code because they fear that something bad will be discovered about it, or that the user will change something to better fit their needs, well something is wrong and is working against the user, especially if the software is gratis anyway. Providing source code could allow users to remove ads? Right, downloading, running and looking at ads is not something many users want to do, even if you consider that ads are legitimate.
Give me the code already or I won't run your software because I can trust you on doing the right things and on fully help me out, otherwise you would not have problem providing the code.
A case could be made for paid apps: obviously, making the code available could endanger the business model. But at the end of the day, the community and I cannot check that the app isn't doing anything shady if it is sold without its source code.
Would I mind if an open source app read my clipboard content? No, because I can check that it's doing something useful for me. These useful features are simply not available to proprietary software without the risk of feeling creepy.
Have you noticed how we are mistrustful against our everyday apps and relying operating system developers to cover our asses with complicated permission systems to compensate? This feel this is very wrong, doesn't it?
(permission systems would be also useful in a world where every think is open source, though, that would be a defense against attacks. But that would not be a defense against legitimate software!)
I started using open source apps and limited the closed source ones to Google's (which can do what it wants with my phone anyway), WhatsApp (or I won't be in touch with anybody), Messenger Lite (I can almost uninstall it, it's a desert here), car sharing, banks.
AliExpress does this too. When you are looking at a product and want to share it, one of the share options is AliExpress code. It copies a message to your clipboard, which is this:
To view 【US $21.83 40% Off | 10 Pcs KN95 Face Masks Dust Respirator KN95 Mouth Masks Adaptable Against Pollution Breathable Mask Filter (not for medical use)】 on AliExpress with code #_qsrSbGW#, copy the whole sentence and open the app.
98 comments
[ 0.20 ms ] story [ 230 ms ] threadThe incessant “install our app” messages on Reddit are a major turn off and one of the reasons I use Reddit so little. There’s no reason Reddit can’t work just fine in a browser. The only reason to encourage the app so much is if it benefits Reddit. At that point our relationship becomes adversarial and there’s no reason to continue.
Nothing here is surprising. The app was clearly user hostile and doing something nasty, now we just know what it was doing.
Your post is interesting because I never thought about reddit's poor mobile user experience bouncing people, I think of it is as just one implementation of their API and the content is still fire
On Reddit, on my opinion it seems how bad the page looks on mobile is on purpose (Compared to, say, HN).
Besides that, I don't understand how clipboard access is not something the apps should ask permission for (And be able to work without it, obviously).
Finally, considering the obvious use the clipboard has, there should be some sort of "this time only" permission possible.
There is something wrong with sharing that information anywhere else - which should result in a permanent revocation of the dev cert for the organization that has produced it, as should any type of telemetry (spyware, as we called it in the old days).
It's actually still so much better to pinch and zoom on the old site. The new one is super janky and totally broken on mobile. The app is just a pain to use anyway.
https://addons.mozilla.org/en-CA/firefox/addon/old-reddit-re...
https://chrome.google.com/webstore/detail/old-reddit-redirec...
This whole obsession with reducing information density and making more space for ads and huge 'cards' or pictures is pretty much a UX anti-pattern as far as I'm concerned. It's like how 'minimalism' is considered a rich-person's hobby because everything's spacious and clean, rather than small and cosy. Web minimalism takes up more space to do less, while tending to cost a lot more in terms of bandwidth used.
Plus when I share a link with friends/coworkers I know with old.reddit.com urls I'm not going to be sending them to the clunky new version, if they don't happen to be logged in or have the right settings. And I've been asked how they too can use old version multiple times already.
We all left Digg back in the day for Reddit for much the same reasons. And I'm usually a big proponent of modern JS frontends, assuming it's done carefully and performance-first. Reddit, like online newspapers, should be as simple as possible IMO. Like AMP minus Google.
Mobile friendly, with Firefox extensions to auto-redirect on Android
That's why most of the modern web service must provide the brainless apps that is just a wrapper of the browser. Otherwise, people use whatever random garbage app they found at the app store that contains the service name and believe that is the web service you provide.
It is my opinion that smartphone makes people dumb. Or maybe it's reverse so the smartphone allow even the dumb people get access to the computer and the Internet.
Is it some kind of wildcard cert that covers the entire internet? I'd have to research what it would break, and the security ramifications. Probably not worth it :(
Yeah, you'd set up a new CA.
> I'd have to research what it would break
Initially, anything using HPKP will break, and any apps doing cert pinning will break. It's probably not worth it.
Not saying they should do that (probably should be a one-time "open link from clipboard" button instead).
Seriously. Stop.
Apps allow far deeper and richer access to various data structures than what should be allowed; this has been proven time and again since mobile OS existed, I think both Apple and Google are to blame for ever allowing developers to freely access whatever they wanted, whenever they wanted, to upload it to any server, without any transparency or oversight (and that's a huge problem on Android, still).
If you can, use the browser (the new Firefox for Android is quite good), which at least limits your exposure to these third parties accessing information they should not.
old.reddit works okay in the browser, I am not so sure about LinkedIn as I don't use it. These days I just rely on using TOR for things like email, Protonmail has a .onion address which is a nice bonus.
I carry very few apps on my device, and I make an effort to exclusively use those found on f-droid, open source, not many permissions.
It's the biggest perk of Android; you can use any store you like, and most APKs install absolutely fine. Disable Play Services and various other tweaks and you're okay.
Plus then you wouldn't need to give apple 30% of your money, and spend hundreds or thousands of dollars on an Apple product, and pay for their dev kit.
"Win win win"
The web would have won were it not for Apple's insurmountable power.
We have to break Apple and Google up or force them to make a first-class application marketplace they don't control and don't tax.
Traceable but not the kind of access an app has. Traceability can be spoofed not the data that app is reading from your device. No website is ever going to ask your contacts permission to proceed further while their are tonne of apps that won't let you use app if you reject that permission.
For example, GPay in India needs freaking location permission. God knows what it does with that data.
My point isn't that either apps or the Web are better. It's a more fundamental issue of software I use constantly talking to systems I don't control. It just so happens that the Web only exists if I accept that this will happen. Applications can exist even if I don't.
Then again, take a look at your desktop/laptop OS, and by comparison mobile devices are almost fortress-like in their protections. We're still using security models based on the threats of several decades ago, with barely any attempt made by any of the major desktop OSes to develop a suitable defence to the biggest threats of 2020.
The real problem here, IMNSHO, is that most users don't take privacy and security seriously, which in turn is at least partly because most users lack even rudimentary understanding of what is happening and what could be done about it. Almost everyone suddenly has a life full of small, somewhat independent devices with significant computing power, sensors, and external connectivity. Even people who choose not to use such devices themselves will still find themselves affected by this technology because so many other people around them do use it, so unless you're willing to become some sort of modern-day hermit, you can't entirely escape the trap.
But until public awareness is increased, until these issues start becoming a matter of real competition and hitting inferior product developers in their quarterly results, until there is enough concern over the more serious abuses for politicians to learn about these issues properly themselves and legislate or regulate accordingly, trying to stay off as many radars as we can is sadly the only realistic strategy. You can avoid installing untrusted software on your computers and putting IoT devices in your home, and that's a significant improvement, but it's still far from ideal.
If you think in terms of who the paying customers were/are for desktop OSes (by-and-large, corporations and governments), the "threats of several decades ago" were—and continue to be—real threats to them (vis. industrial espionage/cyberwar); whereas the modern "threats" aren't things that threaten their interests at all, "only" things that affect the lives of individuals. A corporation won't lose money because a rival knows everything about its employees shopping habits.
Insofar as nobody's currently making money selling a desktop OS to consumers (Microsoft sells cloud with the OS as a loss-leader; Apple sells the hardware with the OS as a cost-center; and RedHat, Canonical, VMWare, etc. only make money from enterprise support) there's nobody incentivized to protect the wellbeing of individual customers on the desktop.
This looks like the root cause of the problem, except that in reality users are still paying for their OSes in many cases, it's just bundled in with the cost of the equipment and they don't see it as a separate line item.
However, given the huge barrier to entry for any new competitor, not only in building a better OS but also in developing the ecosystem around it, I am increasingly sceptical that this offers a realistic route out of the current hole we find ourselves in, at least not any time soon. That's why I favour better public education, and ultimately relying on competitive and/or statutory forces to push developers in a healthier (for customers/society) direction.
Sure, you still have to deal with tracking cookies and the like, but this a tiny amount of pain compared to what a full native app could do to you without your awareness. Wiping the slate with a web browser is a fairly trivial exercise too.
Progressive web applications are the best and brightest future we have. I can only hope that some sort of antitrust shake-up forces vendors like Apple to fully-embrace PWAs and other such alternatives. When looking at the technical specifications, there isn't a whole lot of good reasoning for requiring native apps outside of exclusivity and control over their ecosystem.
I never updated stock Droid OS on my 2017 phone. I disabled most google incl Google Play, Gmail, yet the system does not let me disable PLAY Services
How do you disable play services?
1) A common UX pattern to detect relevant clipboard links in the app (e.g. open a reddit link automatically) -- many apps do this type of thing (e.g. Photoshop will use the dimensions of a clipboard image when creating a new image), but nobody's pointed out specific such functionality in LinkedIn (or reddit)
2) A third-party library (analytics, advertising) which does this automatically, which the app developers (LinkedIn, Reddit, etc.) weren't even aware of. If so, why though -- is there some particular analytics, tracking or fingerprinting reason? I'm having a hard time thinking of any particularly good one
3) Something else, like a common text editor library that checks the clipboard by default for some legitimate reason like preparing for formatting, images, etc., that is maybe just lazily coded (checking clipboard on every keystroke, rather than just a paste command)
I'm just curious if anyone has facts. Because there's a world of difference between good intent, questionable intent, bad intent, and lazy intent.
[1] https://github.com/firebase/firebase-ios-sdk/blob/c8625ec52e...
also looking at what they were trying to do in the first place -- check if contents was pasted... and whether the text would be autocorrected?! -- it all looks to me like apple has a bad, or not well understood, clipboard API.
apple needs to set guidelines around the clipboard API.
For example: "Did they honestly make this mistake or were they planning to use that innocuous framework call to implement clipboard-theft?" cannot be proven to be "honest" as a lack of evidence of dishonesty will be interpreted by doubters as "we haven't found the evidence of dishonesty yet". There are no facts that can usefully satisfy this question.
It would speak highly of LinkedIn, though, if they were to announce that they've also evaluated their Android app (where this warning is absent) and identified and removed code there as well. But that, itself, is no proof of either honest or dishonest intentions, any more than any other facts will be.
It still works.
Why? What is the reason for doing that check?
1. https://twitter.com/eberger45/status/1278843576638570496
I've no idea if that is remotely valid as an excuse.
Related re TikTok:
https://news.ycombinator.com/item?id=23634138
https://news.ycombinator.com/item?id=23691190
In 2020 it's still not a given that we should be allowed to review and read shit that's running on our machines, to at least check this kind of things. It's okay to be surrounded with black boxes everywhere that one cannot study if they wanted to.
It's still not considered as a disrespectful and weird practice to not provide the source code with software being distributed. And people are not told they should expect software to come with everything possible to inspect what it does, to the community or themself can review it.
If someone is not providing the source code because they fear that something bad will be discovered about it, or that the user will change something to better fit their needs, well something is wrong and is working against the user, especially if the software is gratis anyway. Providing source code could allow users to remove ads? Right, downloading, running and looking at ads is not something many users want to do, even if you consider that ads are legitimate.
Give me the code already or I won't run your software because I can trust you on doing the right things and on fully help me out, otherwise you would not have problem providing the code.
A case could be made for paid apps: obviously, making the code available could endanger the business model. But at the end of the day, the community and I cannot check that the app isn't doing anything shady if it is sold without its source code.
Would I mind if an open source app read my clipboard content? No, because I can check that it's doing something useful for me. These useful features are simply not available to proprietary software without the risk of feeling creepy.
Have you noticed how we are mistrustful against our everyday apps and relying operating system developers to cover our asses with complicated permission systems to compensate? This feel this is very wrong, doesn't it?
(permission systems would be also useful in a world where every think is open source, though, that would be a defense against attacks. But that would not be a defense against legitimate software!)
To view 【US $21.83 40% Off | 10 Pcs KN95 Face Masks Dust Respirator KN95 Mouth Masks Adaptable Against Pollution Breathable Mask Filter (not for medical use)】 on AliExpress with code #_qsrSbGW#, copy the whole sentence and open the app.