1347 points by foxfired 219 days ago | 728 comments on HN
| Mild positive
Contested
Editorial · v3.7· 2026-02-28 07:41:00· from archive
Summary Privacy & Surveillance Advocates
This blog article advocates for users to prefer web browsers over native apps, arguing that companies leverage dark patterns and app permissions to extract personal data (contacts, location, microphone access, installed apps) primarily for surveillance and behavioral control rather than user benefit. The editorial content champions privacy rights and consumer autonomy against manipulative design practices and data extraction. However, the site itself implements Google Analytics tracking, creating a structural-editorial tension that undermines the credibility of the privacy advocacy.
I don't even get "The Unseen Cost of Convenience" as frequently the app is not "convenient", it's just worse -- especially on tablet platforms where a desktop site is just fine, and a desktop site at AAA accessibility is perfect.
I don't know if they're affiliated but I recently came across one after already knowing of the other. The name means something like "app compulsion" in both languages, as in being forced to use apps. Very much in line with the submitted article above
Is there such a resource for English already? A place or movement we can link to
Don’t agree, but to each their own. The native app experience for every app noted in the article is better and smoother than the mobile web version, in my opinion. Lots of people hate Electron apps, which suggests to me that my preference for native apps isn’t unique.
Web apps can ask for your location or microphone the same way native apps can. Just reject it, there’s nothing that says you have to accept on either platform, so to say that’s a negative for native apps is odd.
The biggest downside of native apps is you can’t customize them with extensions or user styles like you can with websites.
Don’t forget the ability to send push notifications. I think that’s one of the main reasons — it turns your whole relationship with a product on its head: you lose control over when you’re engaging, instead they can literally push their services and ads on you.
The Discord web app is nearly identical to the desktop app. The main things you are missing are global push-to-talk and rich presence (i.e. dicord spies on your process list and tells other people what games you are playing). I'm always surprised more people don't use it.
I understand but it’s not always with bad intentions.
In the Netherlands we have a system called DigiD to login into to most government websites like your taxes and city, etc.
When I contracted for the city of Amsterdam I learned they’ve been pushing hard for the DigiD app to two factor authenticate instead of text message, because of contracts Digid charges a lot per text message validation and none for app.
Idc about privacy, apps are just annoying cause even downloading free ones requires auth for some reason (on iPhone), then they always want to update, then your OS gets too out of date and they stop working.
just 1hr ago (1 AM local time) I saw 'your app is live on app store' notification on my phone and eagerly launched it... only to have it crash instantly. After a debug session I discovered an obscure bug in tflite library that only shows up in release builds. 20 minutes ago I pushed a hotfix with an expedited App Review request, hoping to spare as many users as possible from that crash. I can't wrap my head around how the appstore review missed it, especially after rejecting our last build 4 times over a barely legible location-permission alert description.
That said, I built my first mobile app 15 years ago, and to this day, building for mobile remains the most frustrating part of my programming life.
> If you've ever opened Reddit, LinkedIn, Pinterest, or practically any popular service on your phone's web browser, you've likely encountered it.
Another website that asks to Get The App is https://imgur.com/ , every time you open a link to just view that image you instantly got asked to Get The App. It's really annoying!
I cannot agree more and this has always been a pet peeve of mine.
Most native apps are some half gig large where even the heaviest website is a few mb. They dont let you highlight text and have other bizarre design choices. Even worse, they request importing contacts list which isnt even an option on the web.
Native apps could be butter but more often than not they are like margarine. Smooth, oily, and not good for you.
I think for companies, the main advantage of an app is the opportunity for uncontrolled data ab/use.
Let me explain. Say you order food online — you’d want a notification to update you, instead of having to manually refresh a webpage. So you prefer using the app. But what’s the guarantee the company won’t also send you marketing notifications? You give contact permission to access just one contact, but what’s stopping the app from uploading your whole contact list to their servers? You allow location for one check-in, but they start logging your GPS every minute? Every permission asked & given for right purpose end up as consent-full data siphons.
And honestly, if the app world hadn’t taken off, the web would have invented its own version of permission systems. So yeah, I dis/agree with the article’s title — web can do everything apps can; including the shady data siphoning.
Some people might argue that they need excessive data to serve right ads, make money and keep the app free — the only way. But I don't think so, even if you pay for the app, they will need excessive data to ensure you keep renewing.
I don't offer a native app for my business. We have a PWA. It works great on mobile. Yet users keep asking for an app. They're so conditioned to look in the app store now. I keep having to tell them to just pin the website to their desktop. Just a couple taps. All good.
I don't need or want their data. It's a liability. They pay a monthly subscription. I want their money. Not their data.
Needed a new SIM in the UK recently so ordered a pay as you go one from Vodafone. Discovered to my horror that the new payg 'plus' can only be used with an app (that's locked to UK Google play Store) and a credit card for monthly recurring payments. No possibility of buying credit on a website or In store. Presumably so Vodafone can slurp up credit card details and all the juicy data mentioned in this article. Tossed in the bin and found a regular old school payg sim that I can top up with cash from a corner shop, but presumably this won't be possible for much longer.
I was a heavy Quora user from 2014 to 2019 with fairly many answers and questions. In 2019 they essentially blocked website for mobile users and urged them to download the app. That's when I decided to respect my dignity and deleted my account.
If you have a website, everyone with a browser should be able to use it.
One big drawback is represented by banking apps, that force the usage of their apps to act as a 2 Factor Authentication mechanism, sending a request for logging in.
I would like to use only the browser, but unfortunately for some use cases it isn't really possible.
The problem is, this article assumes that you have an option to choose between the app and web page. This is not true in most important cases. The web site is gone or made a useless page which only tells you to download the app. Banks won't allow you to do much on their website. Infact, you can't login to their website if you don't have the app. I can't login into my work PC or laptop, if I don't use my company apps.
Same goes for every serious app which need to ID you. The app-based 2FA/MFA is becoming the standard for the web access. This is a need or pattern created by availability of a bad solution. Similar to how the cars created sprawling cities in the USA which prohibits you using your legs.
So, telling people to use website instead of app, is the same as telling them to walk to the corner shop instead of using a car. You can't walk to the many other essential places anymore, though.
You can escape from the car if you live a small village that has everything you need. But you can't escape from apps and internet if you need to feel that you exist in this world.
At AutoTempest we resisted making an app for years, because anything that a hypothetical app could do, we could do with the website. And in my opinion, when searching for cars, it's more convenient to be in your browser where you can easily open new tabs, bookmark results, etc.
And for years, it was our most requested feature, by far. We had instructions for how to pin the site to your home screen, and would explain to users how the website does everything an app can do. Still, constant requests for an app. Finally we relented and released one, and very quickly around half our mobile traffic moved to the app without us really trying to nudge people at all.
People just really like apps! I think it suits our mental model of different tools for different uses. We've also found that app users are much more engaged than website users, but of course much of that will be selection bias. Still, I can see how having your app on someone's home screen could provide a significant boost to retention, compared to a website they're liable to forget. For us now, that's the main benefit we see. Certainly don't use any additional data, though I won't argue that other companies don't.
You know what’s wild? We’ve reached a point where the “download our app!” pop-up is basically the digital equivalent of a mall kiosk worker chasing you down with a lotion sample. I just want to read the article, not sign up for a recurring relationship. The web is supposed to be open, frictionless, and—dare I say—fun. Instead, it’s become a minefield of dark patterns, nag screens, and “please enable notifications!” popups.
I love that this post is pushing back on the norm. Maybe, just maybe, we can start a movement to make the web usable again. Or at least make “No, thanks” actually mean “No, thanks.”
I have never liked notifications on iOS so I can't say for sure but I do know that on Android it's been possible to disable certain types of notifications or demote the urgency for at least 5 years now.
Whether or not most people are aware of this ability is another question, I guess.
Mobile apps are so limited compared to an actual web browser's interface. The reddit mobile app only lets you view one topic/conversation at a time. Same with the IMDB app; it's impossible to do any research, like comparing actors or movies, using the IMDB mobile app because the flows are all captive and there's very limited ways to navigate between the resources. With a browser, I can open up multiple sets of content at once. So many mobile apps are just fixed views and offer no compelling interface for anything but the extremely limited way they want (force) you to use their app. The fact that a browser allows multiple tabs and can do bookmarking makes up for (works around) the relatively lack luster interfaces both website and mobile apps have.
The reason I believe the web experience is inferior is because companies put more resources into apps at the expense of the web.
Apps break often. They need a lot of support. Everything must be constantly updated. You never know when Samsung or Apple will push an update that breaks things because of some esoteric policy shift or setting change.
But the web? If you do it right, maintenence is much easier. If things do break: users can try different browsers or devices to get around instead of being bricked.
I can't be the only one who _never _ updates software on my phone until I absolutely have to. Everything is so brittle. I'm sick of being gaslit that apps make that better. Despite it's own horrible implementations, the web is far more stable.
I also lose the ability to keep my place in my browser when I switch to it.
(Yes, in theory, I could open another browser window for it instead of another tab. In practice, Chromium will pick the wrong window to remember the tabs from when it’s restarted, so I try to stick to one window.)
The author is not contesting that the app experience is better. Yeah, the web experience is worse -- because the product people are treating the entire web presence as a _marketing surface_ for the app. So, the web version is basically an ad for the app. This is true of Reddit, Yelp, and others. How could it not be worse?
It's too bad because it's not like the web is incapable of providing a beautiful ux for those products. But then so why do you think these companies employ massive teams of devs, for Android, and then again for iOS, reimplementing their functionality on every platform? All that to provide you with that sweet extra smooth native "feel", 2% nicer than the web could do? No, it's not for you...
>The native app experience for every app noted in the article is better and smoother than the mobile web version, in my opinion. Lots of people hate Electron apps, which suggests to me that my preference for native apps isn’t unique.
I want native programs on my PC, and fewer apps on my phone.
I get all my apps from F-Droid. If I need to use Steam chat or view the menu at Taco Bell, mobile website it is. I am not gonna put their proprietary software on my phone. This also brings up another interesting difference. There is no desktop program for Taco Bell, that would be super weird. I think other comments already addressed that, but a lot of mobile apps are basically just the website.
A game like Luanti or some sort of Tetris is something I'd want native in both places (desktop and mobile). Games in browsers are a mess.
In this case there is also a perceivable benefit for the user. SMS 2FA is vulnerable to sim swapping, this is not possible when TOTPs are delivered in-app. The app is also FOSS [1], so even if you're paranoid you can still inspect what data is sent.
There are also just some things you cannot realistically do in the browser (or over SMS) without having to ship specialised hardware to 18 million people, like reading the NFC chip of your passport. This is needed for DigiD Substantieel and Hoog, which are mandated by the eIDAS regulations.
The DigiID app could interact with websites, that's how it works for many other digital IDs in europe.
For example with bankID (sweden, and I think the norway version does the same) when you need to authenticate you either scan a QR code with the bankID app or select "on the same device" and then the website will interact with the bankID API to auth.
Either way you don't need your own app to get proper auth working with this sort of government login.
(With bankID the app devs still pay a per-auth price, but that is not due to any technical reason, just because its made by a profit-driven semi-monopoly)
True, but it does force citizens into a contract with either Apple or Google. I don’t think that is a good idea both from the perspective of individual freedom and national sovereignty.
I agree, I always use Discord web over the Electron app. Beyond what you said, using it in the browser also has better backward/forward behaviour and it's easier to handle media and links. Also, being inspectable is quite nice.
I use the web app on my phone as well, and it's... usable. The mobile app is quite slow, probably because React Native apps are far from being native, so in that regard the experience is the same. Being able to block all enshittified features is quite nice.
Also uhh the default search engine in mobile Safari. Just Google searching gives you a half-page notice to install the app. If you have the app, it's a half-page notice to use the app. And guess what's inside the app, a website.
I believe that's done based on user-agent header; but it shouldn't be surprising that the UA on a mobile browser is the hardest to change, showing once again that users' control of their computing devices is extremely important. With the appropriate UA, imgur will just give you the raw image data directly.
The "download app" notifications on reddit are like some kind of art project to maximimally annoy you. Probably the worst offender is facebook where they have what can only be called an intentionally broken mobile website - the idea of losing the person's name if you edit a comment, the page deciding to reload you back to the main page if you switch tabs to research something or the post box clearing out if you switch focus, the comment box being nearly impossible to navigate through with the cursor, these are all profoundly egregious bugs that have been there for years.
Basically if you intend it to do something more substantive than comment a series of emojis, they have a bunch of bugs that block you.
I'm guessing someone has made the calculation that being terrible in these ways are more profitable.
Maybe people doom scroll more if the content is vapid?
I'd love to see the user stories. "Brenda is a 52 year old professional who likes commenting "Happy Birthday" to AI generated images of people with cakes. She loves multilevel marketing and buying stuff on Temu. Her husband Greg, reposts memes programmatically generated by content farms using LLMs and topic trackers"
With exception to Reddit, I generally prefer apps to sites because mobile process management is considerably nicer than browser tab management.
App processes are sorted in order of most recent use, keeping the most relevant ones at hand, and those that aren’t used for a while just silently go away without much fuss.
In comparison browser tabs aren’t organized unless the user does that themselves, and so with each web app tab management overhead increases. Some browsers have an idle tab auto-close feature, but that closes the wrong tab (usually a page with info pertinent to something I’m working on) quite often. “Installing” PWAs can be an ok-ish workaround, but the problem there is that a lot of sites don’t have the little bit of manifest magic that makes saving to home screen “install” a PWA instead of just opening a browser tab.
I also hate obligatory mobile apps, especially when they’re linked to hardware: At the battery company I work for - pilaenergy - we’re aware that our hardware may well outlive our software, so we’re providing a mobile app that’s accessible over an WiFi access point or over your local WiFi, as well as the traditional mobile apps. This way - the software comes bundled with the hardware and can’t be sunset. Something that has long been an issue with IoT products.
I hate Imgur. Even with the app installed I find it doesn’t work well. I don’t understand why people use it — does it just work for them in a way it doesn’t for me, or are they more tolerant of its terrible usability?
Funny cause I was just thinking about the tradeoff of "internal wasm app" vs "internal native app".
The former has convenient distribution, but worse performance and other limitations.
The latter can be tricky to keep updated, ensure the environment is the same for everyone and/or cross-platform differences, etc., but significantly better/faster.
But both binaries about the same size. Assuming using something like sokol or SDL3.
A lot of native apps are just wrappers around a JS context with a few bridges into native APIs and they are pure data grabs.
Reddit always asks you to use its native app, for example. Why the fuck would I care so much about Reddit that I want it outside of my browser? Same goes for any other website.
Most apps, these days, seem to be “hybrid,” where they use a system like Ionic or React. These systems usually slap on some considerable libraries.
I understand why, but I’m not a fan of hybrid apps. I like to do native, which results in much smaller, faster, and more efficient apps. It’s just not as cost-effective, if you want to support multiple platforms.
However, native apps aren’t automatically well-behaved ones. In fact, they usually have access to even more tools for eroding privacy or user agency.
Good behavior is up to the app developers, and that doesn’t seem to be much of a priority, these days.
The worst for me is when you open Google Maps in the browser and the appears with the blue continue button. If you click it, it opens the iOS store page. If you then move back to your browser it re-opens and focuses the iOS store page one more time.
On Android/Graphene, I recommend permanently turning on do not disturb and adding apps to the allowlist. Opt in to notifications, rather than opting out.
Default is to require auth for all installations - you can turn it off. For me, I keep apps to a minimum and haven't really run into too many app deprecations.
Core engagement. Article directly advocates for privacy rights, detailing how app permissions violate privacy of person, home, family, correspondence, and contacts. Opposes data collection and surveillance.
Article states: 'The web browser, in its own right, is a powerful and increasingly capable operating system' with limited access, thus protecting privacy.
Article concludes: 'My browser offers all the functionality I need, without inviting a constant digital spy into my pocket.'
Google Analytics tag (G-VTQTTHCSSH) embedded in site code tracks user behavior.
Inferences
The article positions privacy as a fundamental right and data extraction as a rights violation.
The GA implementation demonstrates a gap between editorial advocacy and structural practice—the site promotes privacy while collecting user behavior data.
This contradiction represents a form of 'saying one thing, doing another' that undermines the credibility of the privacy advocacy.
Advocates for informed decision-making and consumer education. Article provides detailed explanation of app vs. browser capabilities, enabling readers to form reasoned opinions.
FW Ratio: 50%
Observable Facts
Article educates readers: 'What can a website on your browser really get from you?' vs. 'Apps... are designed to integrate much more deeply with your device.'
Article concludes: 'take a moment to consider what you might be giving up', encouraging informed reflection.
Inferences
The educational approach empowers readers to form independent judgments about app vs. browser choice.
Open commenting and RSS feed support freedom of expression and information access.
Data collection and profiling deny users recognition of their personhood as autonomous agents; instead, they are reduced to data subjects to be manipulated.
FW Ratio: 50%
Observable Facts
Article states that apps 'build a more comprehensive profile of you and your interests' from combined data.
Article frames this profiling as enabling manipulation rather than service.
Inferences
The profiling practices described reduce users to data objects rather than recognizing their personhood as autonomous decision-makers.
Google Analytics similarly constructs behavioral profiles, though less invasively than described app practices.
Article implicitly argues that unrestricted surveillance and data extraction enable abuse of rights. Opposes dark patterns as mechanisms of rights erosion.
FW Ratio: 33%
Observable Facts
Article describes app-based surveillance as enabling manipulation and control over user behavior, which could facilitate rights abuses.
Inferences
The framing suggests that surveillance and data extraction are precursors to broader rights violations.
Privacy protection is positioned as a preventive measure against rights destruction.
Implicit tension between individual privacy rights and collective interest. Article prioritizes individual autonomy over corporate/state benefits of surveillance.
FW Ratio: 50%
Observable Facts
Article frames privacy as the overriding concern even when surveillance might benefit platforms or marketers.
Inferences
The article's stance implies that individual privacy rights should not be limited by claims of collective benefit from data extraction.
Article acknowledges that GDPR remedy is insufficient: data deletion from company database does not prevent prior sharing with third parties, leaving violations unrepaired.
FW Ratio: 50%
Observable Facts
Article states: 'regulations like GDPR can ensure that data is deleted from a company's database, they can't guarantee that data which has already been sold or shared with third parties will also be erased.'
Article frames this as a structural limitation of legal remedies.
Inferences
The critique reveals a gap between rights protection and remedy availability, suggesting that legal frameworks are insufficient.
This framing introduces a note of pessimism about the effectiveness of existing protections.
Google Analytics tracking present on site, contradicting the privacy advocacy. Creates significant SETL tension—the site claims to defend privacy while implementing behavioral tracking.
Article uses emotionally-laden framing: 'relentless push', 'tricking you', 'constantly fighting against the current', 'treasure trove of information', 'feels inevitable'. Creates sense of inescapable surveillance and manipulation.
loaded language
Phrases like 'every dark pattern in the book', 'relentless', 'tricking you', 'digital spy in your pocket' employ charged language to describe app industry practices.
exaggeration
Claims like 'practically any popular service' and 'every company' push apps, and references to 'every dark pattern in the book' slightly overstate the universality of practices described.