88 comments

[ 3.0 ms ] story [ 185 ms ] thread
They are mad they will have to maintain 2 browsers (one for the EU and one for everywhere else), that's it. I'm not sure what they expected. I don't doubt that Apple will be forced to allow third-party browsers in more regions now that this exists. Now countries can just point the DMA (or parts of it) and say "That, I'd like that please" and Apple can enable it in their region (I know it's not that simple but it is built now, more countries are going to require it assuming the EU experiment doesn't fall flat on its face).

Of course we are still waiting to see if the EU accepts Apple's proposal. Anyone that's ever submitted an app for review (to Apple or Google, but let's be honest more-so for Apple) know this feeling of uncertainty and it's a bit a schadenfreude in that for sure. As much as I like Apple's products I can't but hope they get a few bad "reviewers".

I think it's worse than that: Apple managed to wrangle it so the new rules apply specifically to iPhone, and not iPad [1]. So the new rules apply only to iPhone devices in the EU. So then there's the absurd situation that, say, a Firefox user in the EU using the Firefox browser on both iPhone and iPad will in fact be using two entirely different browser engines. Imagine what a burden on support that will be, having to answer questions like "why do websites look/work differently between iPhone and iPad when I'm using Firefox on both?"

[1] https://9to5mac.com/2024/01/26/ios-17-app-stores-and-more-ip...

Have you ever asked a lay-person which browser engine they prefer? It’s like asking which map tile pyramid renderer you prefer, Google Maps or Apple Maps, or Mapbox? No not the content or the features, the renderer. That abstract thing behind the scenes that is far from the forefront of your mind when you’re engaged with actual content.
right, which is what they parent commenter is talking about - since the user will not understand this level of abstraction how do you answer why does it work differently between iPhone and iPad?

Or perhaps I'm misreading you and your post is just in agreement?

To be clear they didn't manage to wrangle that yet. They're currently trying to argue that and are just behaving as if that's already the case; the actual question on if the iPad counts as a separate store hasn't been decided on by the EU.

Personally I highly doubt this trick will work in court; moreso than any other Apple product, iPad and iPhone are running the same software and the stores have enough overlap that you can find iPhone apps in the iPad store.

It's no surprise that Apple will use every dirty trick they can find to keep their advantage. Hopefully, the EU takes a short look at Apples proposal, laughs and tells them that if they want to sell their products in the EU they will have to provide choice for everyone.
Why would EU care? EU is about protecting EU residents. They don't have jurisdiction for what non-EU companies do outside of the EU.
Because it hurts EU customers by not applying the rules worldwide.
EU has no legislative powers outside EU.
Oh, but you know they would love that.

I kind of see the EU legislation similar to California. After CA passes laws, eventually, the other states do as well. I'd imagine that the EU hopes that their legislation will influence others at some point too.

What CA laws do the other (presumably most or all) states pass?

Some CA laws only have an effect outside California because the state has so many people (with money). So if you are designing a physical product to sell, it is cheaper to just make one that complies with California.

Exactly, with automobiles being the most obvious. At one point, if you bought a car outside of CA, you might have needed to make physical modifications to it before it could be registered in CA with the catalytic converter being an example that jumps to mind. Eventually, all of the other states required them as well, and the auto manufacturers just made all of there cars compatible with the CA reqs anyways.

There are non-physical product laws as well. CA was a leader on medicinal cannabis, minimum wage, etc

Doesn't need to: You want into the EU market? EU demands this for the whole world. The EU can set any requirement it wants for market access. Such is the power of governments. And since someone will state that then other countries can do the same: Correct. And then companies will have to decide if the market in question is big enough to play by those rules.
No, the EU cannot dictate what companies do in other countries. They can only require them to meet standards for services and products that are sold in the EU (or maybe if the companies are headquartered in EU).
You're being really obtuse, aren't you. The EU can say "If you do not implement that functionality on all iPhones world-wide, then you are not allowed to sell any iPhone at all in the EU".
I mean, of course they can say it, but it would lead to a legal and trade agreement shit show.
Didn't eu/uk do exactly this by blocking an acquisition of an us company by another us company and the company listened?
Which one?
Adobe / Figma, and Amazon / iRobot.

And to the point of the discussion, there are no "limits" to what jurisdiction governments have. Governments--the United States especially but many others--does it all the time, especially as concerns financial matters. Many countries have declared that they have jurisdiction over crimes against humanity committed any time, anywhere, by anyone. China has penalized American companies for activities involving Americans in America.

However the EU probably has self-imposed limits (or imposed by the member states) and as a practical matter only large or powerful states can get away with it.

Mergers are a different thing, though. In this case, it also impacts the EU - and you can't just say we won't merge in the EU but will merge in the US, doesn't make sense.

A more analogues example would be e.g. if the EU would have said "Hey Adobe, if you launch this feature in the US, you can't do business in the EU".

> China has penalized American companies for activities involving Americans in America.

What are you referring to?

> Many countries have declared that they have jurisdiction over crimes against humanity committed any time, anywhere, by anyone.

This is a whole different topic, stop moving the goal posts.

China has fined companies for referring to Taiwan as a "country" on websites in English, directed towards Americans, for instance.

Apart from financial crimes the US imposes US law on foreign companies all the time--e.g. companies that do business with embargoed countries.

Also the US considers things like "a transaction was conducted in dollars" as a hook for US jurisdiction.

mergers are different thing as the outcome, but the mechanism is the same> two companies based in US could not merge because EU said so. The fact that the outcome of the merge vs outcome of some implemented features are different are just details that are not relevant for this discussion. EU absolutely can impose it's will on foreign companies and if those want to be present in EU market, they'll follow the rules
Because two US companies merging has also a big impact on the EU market. A US company launching a feature in the US but not in the EU has no impact on the EU market. So no, it's not the same thing.
yes, as I said not the same thing as effect on eu market, but the final effect is the same: EU has the power to block a merger of two us companies at it's will even if for us govt the merger is totally ok and eu can bend this power in any direction including forcing a foreign company to implement a global policy
They can. Every country can. And they do in other cases - USA is perfectly Ok to sanction Chinese/UAE bank for doing business with Russian military. If it's ok to it with sanctions - why it's not ok to do it for market access? Yes, this could create situation where things EU requires worldwide are in direct conflict with other countries but it's rather unlikely to happen.
> EU can set any requirement it wants for market access

One, as long as it’s a land with the rule of law, it can’t. Two, this would constitute starting a trade war over…browser engines. Good luck getting people who depend on popular votes to back you up on that.

Nor do the US, but most legal impositions (no accounts under 13 years, dmca, etc) get replicated around the world because services want to work in the US market.

(Also, guess what happens if you copy Hollywood movies a bit too much? Jurisdiction goes out of the window... https://en.wikipedia.org/wiki/Kim_Dotcom#High_Court )

What happens when markets have opposing requirements?

Ex: China, Russia, KSA, EU? No, they cannot dictate rules world-wide. Each market can dictate market requirements but they can't have them imposed in other jurisdictions they have no control over.

Then the company in question will have to decide which market is more important to them and follow the rules of that market, while not being present on the other.

Others have already noted the risk of a trade war following from that, but that doesn't preclude the EU/US/China/.. from still doing it. It's just a matter of how important they think the rule is.

> Because it hurts EU customers by not applying the rules worldwide.

It’s an entirely expected outcome for wanting to enact one-of-a-kind laws that force a foreign company into doing something they’ve obviously wanted to avoid.

Ever feeling bored and want to ignite an online all-out war? Comment that the GDPR doesn’t apply to someone living in the US and running a web server there. Once that firestorm is rolling, observe that people would lambaste the US if it claimed its laws applied everywhere.

(I genuinely believe both of those statements, and don’t mean either of them as trolling. Boy howdy, does it ever have the same end result though.)

> [...] GDPR doesn’t apply to someone living in the US and running a web server there.

Only if they ensure that they have no EU-based users [0]. So yeah, unless you actively block "data subjects who are in the Union", it does apply to someone living in and running a server in the US. It's part of what makes GDPR so great for us citizens, the beauty that is the Brussels effect.

[0] Article 3(2) of the GDPR

Absolutely and utterly wrong. The EU has zero jurisdiction in the US and no treaty covering GDPR. The US is not extraditing Americans to the EU for violating the GDPR, anymore than it is for violating EU, Chinese or Russian censorship laws. If the EU wants to setup their own Great Firewall and block off America that's their right, but absent a treaty and domestic implementation their laws are not our problem. No different from anywhere else. If the EU wanted to prosecute an American for it then sure said American should not travel to the EU ever but that's easy.
See? That’s the kind of thing I’m talking about.

Imagine me saying a US law applies to someone in Prague because the US law said it did. I’d be rightfully laughed at.

Why? That's already the case: US law applies to US citizens and there are already some laws that are extraterritorial and impose burdens that companies in other countries must comply with.

For instance, financial institutions in Europe have special reporting and KYC requirements for the accounts of American citizens, even if they're long-term residents in European countries and dual-citizens, because of FATCA.

Extraterritoriality is not unique to the GDPR and the EU, nor is it new.

> financial institutions in Europe have special reporting and KYC requirements for the accounts of American citizens,

Usually they just straight up ban americans from registering banking services.

That shift happened after the huge fine they got because of that.

> Imagine me saying a US law applies to someone in Prague because the US law said it did. I’d be rightfully laughed at.

That happens all the time. E.g., US tax laws.

For any of the US laws that are drafted in such a manner that they apply to US citizens outside the states, DC and the territories? At least not by me or anyone else who understand extraterritoriality.

No, you wouldn't be laughed at for stating that fact, nor would that be "rightful".

Those laws apply to US citizens. GDPR purports to apply to everyone around the globe. That's a substantial increase in scope.

I like the GDPR. For the most part, I think it's a good law. It has problems, like it's impossible to comply fully with GDPR and HIPAA at the same time, but I'm glad a major government is pushing so hard for something I support.

And yet I still give it the side-eye for claiming jurisdiction over non-EU citizens living and working in non-EU countries without having a realworld presence in the EU.

> Those laws apply to US citizens. GDPR purports to apply to everyone around the globe.

No, not to "everyone", only processors handling data that is covered as part of GDPR, which again, you are free to exclude if you desire.

So, to stay with US laws, what about, as one of a few examples, FATCA [0] in the case of US citizens being served by, e.g., EU financial institutions? Very much comparable to GDPR and non-EU processors handling data covered by GDPR. Both apply outside their government of origin for processors handling something connected to the government's citizenry, and both do not "apply to everyone around the globe"; simply don't handle US financials/EU data.

Again, GDPR is not unique in regard to extraterritoriality, nor is this something only the EU engages in. It is accepted, established and has been part of US legislation for an extended period prior to GDPR. And, just like with GDPR, FATCA applying beyond US based institutions is a positive attribute of that legislation, neither would work if only applicable within their respective territory.

[0] https://www.law.cornell.edu/uscode/text/26/1471 https://www.law.cornell.edu/uscode/text/26/1472 https://www.law.cornell.edu/uscode/text/26/1473 https://www.law.cornell.edu/uscode/text/26/1474

They care insofar it can affect EU residents outside the EU (this legislation ignores physical regions; it's your nationality in a EU country that makes you eligible for these rights). With the GDPR, the easiest solution is to make this info a voluntary choice for the user to say or to assume all your users are EU residents.

Microsoft is making their compliance with the DMA an option the user could pick during the OOBE. I assume Apple will use the region choice at the start of configuring iOS to do the same thing.

I can only think of one device maker that actively tries to region check the originating IP for legal compliance and that's Nintendo (who just start tracking you more if you're an EU citizen in say, the US.)

> I assume Apple will use the region choice at the start of configuring iOS to do the same thing.

Nope! New countryd process uses Apple ID address, course-level location/carrier country and device region to determine DMA region locking, unfortuantely.

If one thing's been clear though the Apple DMA stuff so far, it's that Apple will go to lengths to maintain their status quo in all aspects.

https://9to5mac.com/2023/04/25/ios-16-restrict-features-base...

https://9to5mac.com/2024/01/25/apple-check-iphone-eligible-s...

Why did I even think of offering them the potential of not doing it the most malicious way possible lmao.

Wouldn't be surprised if that's going to get smacked down - tying "requiring an Apple ID" to being able to exercise your rights doesn't seem like something the EU would be happy with, considering the GDPR 'n such.

[flagged]
> the very high caliber of software that must be put forth to live on Apple hardware

No offense, but... that's nowhere near the truth. There's a ton of horrible apps and scamware on their app store.

Yeah. If an app brings a high value to Apple with a low-nil chance of repercussions towards them, it has a very high chance of being approved for the app store. Quality or not.
> Apple isn’t serious about supporting web browser or engine choice on iOS

I don't think this is some big gotcha - this has always been clear.

Seems like there's just one rule they don't like, that it's EU only. Which is fair enough.

Personally, I don't see why this is the hill Apple's dying on. They seem to have put in a fair amount of effort into creating a problem and APIs to allow for other browser engines to exist as peers to Safari (allowing JIT, multi-process, hooks into Lockdown Mode etc), but then restricted that all to the EU. This one seems more ideological than financial (like the other DMA-forced additions Apple is doing).

But really - its not really clear to me what benefits users get from this. Safari (on iOS or Mac) hasn't stagnated and is a highly performing browser, better than Chrome and Firefox in some regards. It supports some APIs first that others lag on, while it lags on others. I am a web developer, and I really do not agree with any claims that Safari is somehow worse than other browsers.

Meanwhile, people are shipping 'new web browsers', that users seem to like, by using the webkit engine under the hood. UI, features, sync, etc are what actually matters to users.

> its not really clear to me what benefits users get from this

I really want to use a browser with uBlock Origin and NoScript, because the web is a fucking nightmare without them. To my knowledge, Firefox is the only browser that supports those on mobile, but it's Android-only, and I'm currently on iOS. Being able to use "real" Firefox on iOS would let me use the extensions I want.

You should give Kagi's Orion browser a try. Extensions were my biggest hangup using ff on iOS. Orion has been a joy since switching (supports ff and chrome extensions, they mostly work but I've encountered a couple bugs).
Thanks, I will give it a look.
Gave it a try and it looks like NoScript doesn't work :(
> Personally, I don't see why this is the hill Apple's dying on. They seem to have put in a fair amount of effort into creating a problem and APIs to allow for other browser engines to exist as peers to Safari (allowing JIT, multi-process, hooks into Lockdown Mode etc), but then restricted that all to the EU. This one seems more ideological than financial (like the other DMA-forced additions Apple is doing).

The more I look at this, the more I am convinced that Apple is trying to use the EU as a testbed before agreeing to apply these rules in more places. Third parties can make a browser, but they'll do it on Apple's terms - in a safe way, that doesn't eventually become a nightmare to maintain. Crucially, access to hardware will be mediated through API's and certain things will probably never be supported because of security or privacy concerns - so don't bother asking.

Glares in the general direction of WebUSB...

Maybe they are afraid that browser-hosted apps and services would cut into their app store profits.
"Google reportedly pays $18 billion a year to be Apple’s default search engine".

I'll let you connect the dots as to why Apple doesn't want other browsers to be able to beat Safari outside the EU.

I do not have any of the extensions that I've come to love on desktop firefox on iOS. Whilst I don't get containers on Android, I get pretty much everything else. We can't have that on iOS just because Apple is a dick. I'd almost be OK with not being able to install a browser from the app store, but I find it humiliating that I don't even have the ability to compile my own browser, with JIT and all, and install it on a device I own.
People who think (for ideological reasons) that the web should be the world's primary software platform don't like Safari.

Personally I hate web apps, so I am fine with Safari.

>Safari (on iOS or Mac) hasn't stagnated

I'm not sure I'd agree entirely with this, and regardless you're beholden to Apple on whether they will deem it necessary to add standards. They prevented web notifications for a long time so PWAs couldn't send notifications, just to push you to their app store.

The browser business is clearly worth billions annually given how much they pay each other for things like default search pole position.

Completely unsurprising that Apple is not going to throw in the towel when a single region mandates necessary changes.

If Apple maintains that it will only support new web engines in the EU, the EU will step in and force Apple to allow it worldwide. So it's a losing battle for them.
How pray tell is the EU going to tell Apple what they have to do in the rest of the world?
They could make it a condition of doing business in the EU (which of course leaves Apple the option of pulling out from the EU).

Not clear though whether they have any interest in doing that.

“Apple announces the formation of a new company - Apple EU”.
Well, telling is easy. You just tell them. What you're really wondering about is how they would compel Apple to do it, not just tell.

If this were found to be a violation of DMA, they could fine them for absurd amounts of money. If Apple paid the fines but didn't fix the underlying issue, they'd be fined even more. After suffient repeat offenses the EU would force Apple to make structural changes such as break up their businesses. If Apple chose to not pay the fines, break up, etc, they would need to stop operating in the EU, or run the risks of their assets being seized, their employees arrested, etc.

It's only at the point where Apple left the EU that there's no more leverage on them. And this is Apple, they're not going to leave a market with money. They didn't even leave China.

(But the real key question is whether there's a reasonable interpretation of the DMA where the companies need to comply even outside of the EU.)

Easy answer, create a separate company called Apple EU that licenses and resells services to the EU and follows EU laws.

They already do something analogous for taxes purposes.

Not sure what you're thinking it'd achieve. Apple already has a subsidiary like that[0]. And sure, that subsidiary is the only part that the EU can directly act on.

But the EU can definitely take into account the entirety of Apple when deciding what to do. For example, when Apple gets fined for violating the DMA, the maximum penalties are going to be based on their global revenue, not just the EU revenue going through their Irish subsidiary.

If you're proposing a fully independent public company rather than a subsidiary of Apple, it's true that the separate company wouldn't actually be able to fix any of their possible DMA violations. But that just means they'd not be complying, not that they wouldn't be breaking the law or that they're somehow immune.

The EU has no jurisdiction over what a company does outside of the EU or does not have a business nexus in the EU.

Just like the US couldn’t have jurisdiction over a company that only operates in the EU.

Apple could easily not make a subsidiary. But make it a fully independent legal entity that resales in the EU.

How will that entity continue operating in the EU when its only business is selling devices that are infringing on EU laws, and it is unable to reach compliance? It can't. Either the company shuts down, stops selling Apple devices, or the proceeds of their illegal sales will be garnished before they can pay Apple. It is a plan that is functionally identical to Apple leaving the EU.

Apple can choose not to operate in the EU. That's a totally legit and acceptable outcome. But that means they have to actually give up that revenue. Any attempt at laundering it will just mean that the penalties apply to whatever entity they try to use for the regulatory evasion.

(Or I guess shrink their presence to do small that the DMA no longer applies. But again, this is Apple. They'll rather hand out user data to the Chinese government than leave China and all their juicy money.)

The separately owned will have an App Store compliant with the DMA.
(As an aside, I think this discussion was about browsers, not about app stores. It matters a bit, because for browsers, the main complaint on Apple's proposal seems to be the geo-restriction, while for app stores nobody is complaining about that but there are plenty of other issues.)

If the EC decides to interpret the rules as requiring compliance globally rather than just within the EU, and the courts were to uphold it, it would be irrelevant that Apple's sales are being done via some shell company. If anything, it would probably be considered worse, since it'd be a clear attempt at circumventing the law. The products that the shell company would be selling would be found illegal, and one way or other the operation would stop. And the effect would be that Apple would have left the EU.

If your plan were actually a thing, every American company would already be doing it just to shield themselves against GDPR (which has fines based on global revenue, not EU revenue). But they don't do it, because it wouldn't work.

Companies are already blocking access to their sites in the EU because of the GPDR
Indeed! They're doing the one thing I've said in each of my previous four messages in this thread is the way to avoid being bound by EU laws: by not doing business in the EU.

What they aren't doing is trying your plan of creating a shell company to break the laws on their behalf.

Do you think that EU could have enforced browser choice on Microsoft worldwide? Patents? Copyrights?
The EU lacks the power to do that kind of enforcement. It surprisingly quickly turns into a military and hard power question, which the EU lacks considering it’s the GDP of all these evil tech companies that’s paying for their national security and health care.

https://www.nato.int/docu/review/articles/2023/07/03/defence...

https://thehill.com/opinion/healthcare/529049-america-is-sub...

How quickly, exactly? Do you think the US military would step in to resolve a dispute regarding a consumer electronics company?

> considering it’s the GDP of all these evil tech companies that’s paying for their national security and health care

I find the logic of the article you linked highly questionable.

> Certainly it is more difficult than what drug companies do now, which is to set a high U.S. price, assuring profitability, no matter how thin the profit margin on European sales.

So there is a profit margin, right? Otherwise drug companies wouldn't sell their products in Europe. It seems that this article and the MFN legislation is worried about the high drug prices in the US. Fair enough, I suppose, but how exactly is that "subsidizing the European health system"?

> The goal of the MFN concept is to deliver fair prices to Americans without diminishing drug company profits.

So you are specifically protecting the drug companies' massive *profits*. Not research or production costs, profits.

> Since the introduction of the Medicare Part D prescription drug benefit, Medicare has been prohibited by law from using its volume-purchasing power to negotiate prices for the drugs it covers, while government-run European health authorities have used such volume-purchasing power to obtain drastically low prices.

That seems very dumb.

Well Moz and Google have more clout with the regulators than your avg joe. So hope they kick up a fuss on behalf pf all of us and not just their own interests (looking at you Google)
I wonder why apple is so hell bent on enforcing Safari/Webkit as the browser engine? My assumption is that if they allow Mozilla/Chrome to implement their own engines, they could add better support for PWA's, which would directly cut into Apple's AppStore business. But that answer doesn't seem satisfactory as you'd think that PWA's would be huge on Android devices without such restrictions but even then, PWA's are not very popular.

My personal bet: Apple will relent and roll out "browser engine choice" globally within 1-2 years.

It came out in the Eoic trial that 90% of App Store revenue comes from games and in app purchases. Those aren’t going to be on the web because of the lack of friction of in app purchases.
Mostly because they care about user experience of people using their phones. There is nothing that comes close to WebKit in terms of performance/battery life on Apple devices, even on desktop, where other browser vendors have been able to develop their rendering engineswithout restrictions, WebKit is still far ahead.
WebKit is also a bit better than other engines in “nativeness” too, with e.g. in-page widget behavior and such. Blink is second best here probably thanks to its shared heritage with WebKit, and Gecko is last with unstyled widgets and little behaviors being “off”.

The battery life/heat thing is big though, Safari is much better in that category and it seems like that property extends to WebKit browsers on Linux too in my limited trials with GNOME Web, so it’s not just a case of Apple using private APIs to gain an advantage or whatever. It’s a difference in architecture and likely dev culture — efficiency simply doesn’t get prioritized to the same extent by the dev teams of the other two engines. With Blink especially there seems to be more interest in coming up with APIs to give devs access to the contents of the user’s fridge or whathaveyou.

> There is nothing that comes close to WebKit in terms of performance/battery life on Apple devices, even on desktop

Now this is a true gem.

> I wonder why apple is so hell bent on enforcing Safari/Webkit as the browser engine?

security. browsers are famous for escaping their sandbox.

this is from November 2023: https://www.theverge.com/2023/11/30/23982296/google-chrome-b...

Historically, that's also been a huge vector of attack in iOS too. From the old and famous slide to jailbreak to more recent Pegasus.
Realistically support for more than one browser engine is going to increase security in aggregate since it would implicitly decrease the impact of a vulnerability. This has a compounding effect where a zero day for Safari would become less valuable on the black market and therefore become less incentivized to a degree.

To give an example: A single Safari engine bug could compromise all iPhones, but if the market share was say 50/50 with Chrome, then the impact of a security vulnerability would now be halved.

Just a desire to control this stuff probably. The WebKit browser choice is one of those super arbitrary things that Apple mostly does because it likes to be in control over what software manufacturers do.

They'll argue some customer beneficial reasons for it, but it all just comes down to Apple wanting control; it's what permeates every component of their software ecosystem, especially on iDevices; they control app installs, they control what kinds of apps can and can't exist on the iDevices and so on and so forth. This is the company that famously recommended anyone who wanted to view NSFW content to "buy an Android"; it's safe to assume that the wish for control is the endgoal in and of itself, given Apples clear desire to play a byzantine morality police in other areas.

Apple is the most textbook definition of a platform gatekeeper.

At least real life stores do not check, where you live or which stuff you already have before denying you access to buy something they sell.

Online dev world is so wonderful, cannot wait when money would be fully digital. So many opportunities