The web is more than good enough. There's just a lot of people drinking the kool-aid and believing big tech's subtle and not so subtle messages about the web being shite. Of course the web is shite on devices from companies that compete with the web. They actively undermine it.
For content delivery, yes. For deeply-interactive apps, not in my experience: every vendor that went web-only that wasn’t just serving up text, in the end, forced me to a competitor.
In my experience, the only people drinking kool-aid are those claiming that the web is good enough, and failing to deliver web apps that can do anything beyond the absolutely primitive stuff.
With very few notable exceptions which are notable precisely because they are so few.
The web is absolutely more than good enough for the vast majority of apps. I was playing Quake Live in the browser on a thermally throttled dual core laptop 15 years ago, but the hive mind here at HN will have you believe that the generic social media apps that dominate the charts all need to be "close to the metal": https://apps.apple.com/us/charts/iphone/top-free-apps/36
Just because you played Quake doesn't mean the web is good for "vast majority of apps".
The web can barely display simple text and images without jank because that is inherent limitation of the DOM that you cannot escape (that, and the absolute dearth of useful controls and utilities in the browser).
You could of course build stuff with canvas/WebGPL/WebGPU, but then you have to reinvent the whole world from scratch because those are low-level (and in case of Canvas quite limited) APIs
> Just because you played Quake doesn't mean the web is good for "vast majority of apps"
It means that at least 15 years ago it was more than powerful enough for all of the 2D Candy Crush style games which make up the overwhelming majority of mobile gaming apps.
> The web can barely display simple text and images without jank because that is inherent limitation of the DOM that you cannot escape
I've seen you repeat this phrase over and over again like a mantra on HN, but without examples I can't really gauge the performance problems you've run in to. The overwhelming majority of jank on the web that I've experienced is due to advertising bloatware (an adblocker is indispensable), and occasionally bad engineering (e.g. someone forgot to make an event listener passive, or isn't debouncing an event) not some inherent limitation of the platform. What are some examples of popular apps that you think require the full brunt of a modern chip? Every M3 iPad review I've watched ends up saying essentially the same thing: "this chip is powerful, but besides Geekbench benchmarks we have nothing to use it for".
One thing I can quantify directly: in Zoom's native Windows app I can reply to a question and share my screen essentially instantly. That is to say I can do like "you can see here" and I've shared my screen before I've finished speaking, in the Google Meet PWA I have to say "here let me show you..." and pause while I wait for the screen share UI to load, I find the button to share the correct screen, and go.
I don't think it's an exaggeration to say that Zoom saves me 5 minutes out of every 30 in meetings, in fact it might be conservative. And this isn't just a question of the chips (though native Zoom does make better use of it) but also display, audio input/output, even global keyboard shortcut handling.
After some of the CVEs linked to the Zoom desktop clients I wouldn't touch them with a ten foot pole [1][2], but I don't want to move the goalposts since we're talking about performance here. It's hard to tell whether or not the disparity is due to a Screen Capture API performance issue, or just bad engineering from the front end team at Google Meet, or even just bad UI design. Hiding features behind buttons and menus will always add a noticeable delay to an action, but that's just bad UI design, not a technical problem.
> but also display, audio input/output, even global keyboard shortcut handling.
I personally have never had a display or audio hiccup that I could attribute to a browser limitation. I don't even own a device with a display powerful enough to max out Youtube.com's 8K video resolution limit. I'm not sure why you've had issues with keyboard shortcuts. Keyboard events are well established and widely supported [3].
All I can tell you is that Google Meet is thoroughly inferior to native Zoom, and the browser-based Zoom is also inferior. If you don't use both apps professionally, you don't have a feel for what it means to rely on such features working for effective communication, you don't have a basis for comparison. It's hard to quantify the cost of security, and it's equally hard to quantify the cost of bad UX.
Definitely during the pandemic - good UX meant I got to feel more present with friends and family and that was well worth any security cost.
I've used Zoom professionally in the browser literally within the past week, and it ran smoothly. We can trade anecdotes here, but it won't be very productive.
What I can tell you is that I felt at ease using Zoom in the browser knowing that I wasn't opening my computer up to a remote code execution vulnerability. Your UX concerns are a bit nebulous, but I'd be willing to bet that the risk assessment departments at most organizations could quantify the cost of a hacker gaining access to one of their employee's computers. I also used Zoom during the pandemic but I wasn't doing a ton of screen sharing (I was more interested in seeing my friends and family members faces rather than their screens).
Another thing is that the native Windows app can support 50 simultaneous video streams, which makes it possible to see more people. I was in dance parties during the pandemic with enough people that it meant that I could see 50 realtime streams of people dancing. It wasn't the same as being in a room with 50 other people dancing in sync, but it was better than only seeing 25 people at once. My problems aren't so much nebulous as too numerous to explain, I could go on for a while.
Of course a lot of this is Zoom vs. Google Meet, I'm sure a lot of the things I like about Zoom work fine in the browser - but not as well as with the simultaneous video streams limitation.
You can cost out security, but a lot of the things that I love about Zoom's native app are truly priceless - it means I can see and hear more of people I care about. Another thing is supporting dual monitors with different screens, it makes it very easy to rearrange and see more than one person I want to see at a glance. You can do it with multiple browsers and so on, but it's more fiddly and you spend more time fussing with the screens, which means less time actually paying attention to the people.
We might simply have different value systems because I could never justify putting myself at risk of a data breach in order to badly simulate the experience of attending an actual social event and dancing with other human beings. That feels very dystopian to me.
We're getting really deep into the intricacies of Zoom and Google Meet here, and I feel like we're losing the larger plot. If you have a battle station set up for Zoom parties with multiple monitors with 50 simultaneous dancers that you need to keep an eye on, and you don't mind the security risks, then maybe you represent a specific edge case, but I think the vast majority of software users have different requirements that web browsers satisfy handily.
You're at risk of a data breach the moment you connect your computer to the Internet. You need to do a complete threat model and explain how Zoom contributes to that risk, and weigh that against the benefits. If you have zero tolerance for a data breach you should delete the data so no one including you may access it. Zoom is reliably effective at transmitting data, you can use less reliable methods but Zoom deliberately often makes the choice that delivering data is preferable to not delivering data. I think this is a valid choice and in security we sometimes have to say "would I prefer to open myself up to attack, or would I prefer not to deliver this message at all?" Both are valid choices in different circumstances. Practically speaking I have conversations in public places all the time and I don't stress about the possibility that someone might be recording me with a parabolic microphone.
> You're at risk of a data breach the moment you connect your computer to the Internet [...] If you have zero tolerance for a data breach you should delete the data so no one including you may access it.
To reason by analogy, this is like me suggesting you wear a seatbelt while driving a car and you responding by saying: "well you're at risk the moment you step outside of your house, so if you really have no tolerance for injury you should simply not leave the house". You're saying instead of opening Zoom in the browser I should delete all personal data from my computer, and for what end? I'm doing this so that I can attend virtual dance parties efficiently? I don't understand how any rational cost benefit analysis could yield such a conclusion.
> "would I prefer to open myself up to attack, or would I prefer not to deliver this message at all?"
This is absolutely a false dichotomy. The choice isn't between sending data and not sending data, the choice is between sending data in the browser vs sending the same data within a desktop application.
> You need to do a complete threat model and explain how Zoom contributes to that risk,
The Zoom desktop clients have had RCE vulnerabilities where hackers were able to remotely execute arbitrary code on victims computers with zero user input required from the victims (they demonstrated this by remotely opening the calculator app). It's very obvious how Zoom contributes to that risk. "A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. The researchers from Computest demonstrated a three-bug attack chain that caused an RCE on a target machine, and all without any form of user interaction [...] an animation of the attack in action demonstrates how an attacker was able to open the calculator program of a machine running Zoom following its exploit. As noted by Malwarebytes, the attack works on both Windows and Mac versions of Zoom [...] The browser version of the videoconferencing software is not impacted." [1]
> Practically speaking I have conversations in public places all the time and I don't stress about the possibility that someone might be recording me with a parabolic microphone.
Do you yell out your bank account number and routing number in public because you think the user experience of finding a private place to talk is too burdensome? Because that's metaphorically what you're arguing for.
> The Zoom desktop clients have had RCE vulnerabilities where hackers were able to remotely execute arbitrary code on victims computers with zero user input required from the victims
There have been RCE vulnerabilities in browsers too. Do you have an example of a Zoom RCE vulnerability that wasn't fixed? The example you gave was one where Zoom was proactively publicizing their own work to recruit researchers to find vulnerabilities so they could be fixed before they caused actual issues - and Zoom fixed the issue, you're using Zoom's good behavior in security testing their app against them.
> Do you yell out your bank account number and routing number in public because you think the user experience of finding a private place to talk is too burdensome? Because that's metaphorically what you're arguing for.
No it's not, I wouldn't transmit my bank account number and routing number or similarly sensitive information over Zoom.
> This is absolutely a false dichotomy. The choice isn't between sending data and not sending data, the choice is between sending data in the browser vs sending the same data within a desktop application.
The choice is in fact between sending data and not sending data. I've given you one example (the limited number of simultaneous streams) where you're opting not to send data. You're just pretending that use case is invalid. There are other examples I could give, but they require more explanation and you seem determined to dismiss any examples I give.
> There have been RCE vulnerabilities in browsers too.
We're not comparing the security of web browsers as a whole to the security of the Zoom desktop client, we're comparing the security of the Zoom web app to the security of the Zoom desktop app. Can you find a single example of an exploit that allowed a hacker to execute arbitrary code on a user's computer after visiting zoom.com (even one that was eventually fixed)?
And also, almost all computer users are running web browsers (they come preinstalled on most consumer operating systems). So by downloading Zoom you're adding an additional threat vector on top of whatever threat your favorite browser already represents.
> The example you gave was one where Zoom was proactively publicizing their own work to recruit researchers to find vulnerabilities so they could be fixed before they caused actual issues - and Zoom fixed the issue, you're using Zoom's good behavior in security testing their app against them.
Every reputable organization has a bug bounty program (including browser vendors). You don't get a participation trophy for having a bug bounty program. You're missing the entire point which is that Zoom offered $200,000 to security researchers to find a vulnerability in their products and both of their desktop clients produced critical vulnerabilities yet the browser version did not. Which I would infer means that the browser version is more secure. Once again, do you have any examples of Zoom exploits in the browser?
Zoom can't keep producing vulnerabilities and getting a pass because they eventually fix them. This exploit's existence was publicized before Zoom fixed it. What if it was sold on the dark web and exploited in the interim?
> No it's not, I wouldn't transmit my bank account number and routing number or similarly sensitive information over Zoom.
People are absolutely transmitting critical information via Zoom. Courts literally use Zoom to remotely administer proceedings. I've heard of companies that ask employees to hold up sensitive documents in front of the camera to verify their identity. Hiding your head in the sand and saying "just don't send sensitive info via Zoom" is disingenuous at best. And even if you did buy in to the "just don't send sensitive data bro" argument it doesn't matter because an RCE exploit could potentially expose information that you never transmitted via Zoom that just happens to be sitting on your filesystem.
> The choice is in fact between sending data and not sending data. I've given you one example (the limited number of simultaneous streams) where you're opting not to send data.
The overwhelming majority of your examples have been cases where you've begrudgingly admitted that there's a way to accomplish your goal in the browser, albeit less efficiently. You started this conversation by admitting that you can share your screen in the browser, but doing so via the desktop app saved you a few minutes. I haven't found any published documentation from Zoom in regards to the streaming limit and I'm not willing to call up 49 other people to test this for an HN debate, but like I said, the vast majority of users can fulfill their needs in the browser. The average Zoom user is not hosting digital raves. I couldn't even imagine wanting to have 50 videos playing on my screen vying for attention. And again, there's no technical reason for why you couldn't implement 50 streaming videos in the browser. Maybe Zoom should spend that $200,000 improving their browser product.
Efficiency is very important. The whole point of using a video app is to communicate things you can't communicate as quickly without video. It would be much safer just to use text, even voice would be significantly safer.
And again, this is about messages simply being undeliverable without the native app. If the web app takes an extra 5 seconds to join the meeting (I think it can actually be worse than this in a lot of cases - minutes lost) and I've just reached the meeting at 2pm and the meeting starts promptly at 2pm, and the native app causes me to miss 5 minutes of the intro... what is the cost there? I think in a lot of cases it can erase the benefits of video.
Courts are famously overloaded. If a court can get through 10 cases over a 4 hour session, each taking 24 minutes, and if each case loses 5 minutes of time due to using the browser app, then that's two whole cases worth of time they've lost. And it's not just about being able to handle a larger caseload: in a lot of cases inefficient communication results in incorrect communication and incorrect decisions.
Broadly though, you're taking it for granted that it's easier to make a browser app efficient than it is to make a native app secure. I'd actually wager there's a ceiling to how efficient you can make a browser app, and you can make the native app at least as secure as the browser app while also making it more efficient. Zoom has the money, they don't need to cheap out and do the browser app, and they shouldn't because efficient communication is a matter of life and death and their whole reason for being. Yes, it should be secure, but you can't just dismiss efficiency, being inefficient can cause security problems and it is often a matter of life and death.
> And again, there's no technical reason for why you couldn't implement 50 streaming videos in the browser.
Their docs specify that there are minimum system requirements for doing 50 rather than 25. This is an efficiency problem at the end of the day - the browser app is less efficient and can't handle as much info at a time with the same hardware.
> The whole point of using a video app is to communicate things you can't communicate as quickly without video.
The 'whole point' of a visual medium is not just to communicate ideas more quickly. Having eyeballs does not merely grant me a speed boost, it allows me to experience things that are simply ineffable otherwise. People didn't Zoom/Facetime their family members during the pandemic just because it was more efficient than texting them.
> And again, this is about messages simply being undeliverable without the native app. If the web app takes an extra 5 seconds to join the meeting
You're misusing the word undeliverable. Undeliverable means 'can not be delivered', not 'delivered 5 seconds later'.
> Zoom has the money, they don't need to cheap out and do the browser app
They're already doing the browser app. I'm saying they should do it well.
> Their docs specify that there are minimum system requirements for doing 50 rather than 25. This is an efficiency problem at the end of the day - the browser app is less efficient and can't handle as much info at a time with the same hardware.
You originally claimed that there was a hard limit to the number of simultaneous video streams that the browser version could handle, and that this was the difference between sending a message and not sending a message, and now you're walking that point back and saying that the browser version can't do it with the same hardware. So you're tacitly admitting that you were originally presenting a false dichotomy.
> being inefficient can cause security problems
There are multiple confirmed security flaws in the desktop Zoom apps (which you claim are more efficient), and your conclusion is "inefficient = insecure"? If anything, the opposite appears to be true according to your own claims.
> I'd actually wager there's a ceiling to how efficient you can make a browser app, and you can make the native app at least as secure as the browser app
Zoom themselves wagered $200,000, and the result was a critical RCE vulnerability in their desktop clients, and nothing in the browser version. But keep postulating with hypotheticals and ignore objective reality.
> if each case loses 5 minutes of time due to using the browser app [...] because efficient communication is a matter of life and death
First of all you've been throwing around this '5 minute' figure throughout this discussion, but there's simply nothing to substantiate it. Your entire argument hinges on this flimsy point derived from anecdotal evidence. I've never spent 5 minutes trying to set up Zoom in the browser. I predicted several days ago that this discussion would degenerate into anecdote trading, and here we are.
Second of all, if I were dealing with a serious court case then one of my primary concerns would be maintaining confidentiality. You completely ignored the entire point of my court example which was to illustrate the fact that security has serious implications, and you can't simply wave them off by saying "I wouldn't transmit personal information via Zoom". You're trying as hard as you can to avoid the most important aspect of using Zoom in court: security. Instead you wrote a thinkpiece about Zoom hypothetically taking 5 minutes to load. Imagine being a witness in a high profile case, on the brink of going into the witness protection program, with your literal life on the line, only to find out that your private information was leaked because someone didn't like the UX of the Zoom web app. And you have the gall to claim that bad UX is a matter of life and death. Are you being serious here?
You yourself said "I wouldn't transmit my bank account number and routing number or similarly sensitive information over Zoom", and yet you want the Zoom desktop app to be used in courts? That makes absolutely zero sense. Do you not believe courts deal with sensitive information?
> Of course PWAs aren't popular on platforms that deliberately go out of their way
Strange how we went from "The web is absolutely more than good enough for the vast majority of apps" to "majority of mobile gaming apps."
> I've seen you repeat this phrase over and over again like a mantra on HN, but without examples
I mean, almost every single web "app" out there suffers from this. The DOM isn't built for highly dynamic interactive applications. It's a system to deliver static text and images.
> What are some examples of popular apps that you think require the full brunt of a modern chip?
Now you're pretending I said something I didn't.
However, it's funny how the amazing fast web sites that are more than enough for the majority of apps struggle with even the most basic tasks even on maxed out machines. I mean, Slack's app needs up to 20% of CPU even on an M* Mac (last I tried it was M1 Max IIRC) to render a few animated emojis.
It's a single example, but it's quite representative of the state of the Web.
> Of course PWAs aren't popular on platforms that deliberately go out of their way
You've got your signals crossed. That was another commenter who wrote that statement [1].
> Strange how we went from "The web is absolutely more than good enough for the vast majority of apps" to "majority of mobile gaming apps."
We didn't go from one thing to another. I addressed a subset of the app market: gaming apps. Just like your Slack example addressed a subset of the app market: chat apps.
> I mean, almost every single web "app" out there suffers from this. The DOM isn't built for highly dynamic interactive applications. It's a system to deliver static text and images.
This is not a technical argument, it's a philosophical one. The council of browser elders never convened to proclaim that web browsers are only meant to deliver "static text and images", that's just your philosophical viewpoint. In fact, Apple is currently pushing WebXR to support the new Vision Pro, so apparently they didn't get the memo about "static text and images" [2].
> Now you're pretending I said something I didn't.
You said that the web is not performant enough. CPU speed is a pretty big component of performance.
> I mean, Slack's app needs up to 20% of CPU even on an M* Mac (last I tried it was M1 Max IIRC) to render a few animated emojis.
Slack's desktop app or Slack's web app? If you're talking about the Electron app, well then yeah bundling Chrome is never going to win efficiency awards, but now you're pretending I said something that I didn't. I'm not defending Electron apps. Everytime I discuss the web on HN someone does a bait and switch and starts talking about Electron. Don't conflate Electron with the World Wide Web.
If we're talking about chat apps, then I've watched high definition streams on Kick, Twitch, and YouTube where the chat is streaming in over Websockets faster than I can read it. The human brain at that point becomes the actual performance bottleneck. But tell me more about how the web can only handle a few lines of text (by commenting on a website).
Plugins like Flash, Silverlight, and NPAPI were common at the time, but anything running in a web browser is still a web application. It feels like you're making a distinction without a difference [1]. Either way, the web can performantly do what Quake Live did back then without plugins today, and it can certainly handle the Flappy Bird and Angry Birds style apps that people are playing on mobile devices today. Just take a look at some of the Unity WebGL and threejs demos.
the web isn't shit per se. But it's horrible in the one way it matters to business; it is very hard to monetize web content compared to apps. That's a small part of why flash games quickly gave way to mobile.
But it's hard to deny there are quite a few technical shortcomings. Shortcomings only just now starting to dimish as WebASM/WebGPU gain traction.
