Single page applications are only a necessity because pages are expected to be huge behemoths, so requesting a new page would take too long and put a burden on the server. And that is mostly the result of corporations bloating their sites with advertisement, to the point our expectations on what’s an acceptable page size became distorted.
(Note Angular was released by Google in 2016, and the anti-feature is from 2015. I don’t think this is a coincidence.)
SPAs have their place in the ecosystem and can do things that simply aren’t possible with page navigation alone. Don’t blame the technology for developers or more likely their managers being shitty.
If you develop some feature (or bug!) of course some people will find a decent way to use it. That doesn’t mean the feature should be there on first place, specially when the possibility of abuse is so obvious. Plus if the pressure behind this anti-feature was “only” single page applications, and nothing else, I bet it would be implemented in a different way.
Also, look at the big picture. In isolation, one could argue giving pages access to your browsing history was a necessary albeit poorly thought feature; but when you look at other stuff browsers nowadays are supposed to do, you notice a pattern:
Browsers giving more info to the page about your system than just “I’m a browser, I can browse pages”: the browser software, its version, the operating system, the fonts you have installed, your screen dimensions…
Letting pages decide the behaviour of mouse clicks. And if the window is focused or not.
The ability to show pop-up messages.
etc.
Are you noticing it? All those “features” are somewhat useful, but with such obvious room for abuse it would be insane to add them, in retrospect. And that abuse is usually from money hoarders, or people controlled by them.
Worse: all of them crammed into what was supposed to be a system to show you content, but eventually got bloated into a development platform, transforming browsers into those bloody abominations of nowadays, with a huge barrier of entry, dominated by a single vendor (and where the vassal of said vendor got ~3% market share). I’d say that not having a monopoly is more important than all those features together.
And odds are the ones pushing for those features (like Google) knew they were insane, and that they would raise the barrier of entry for new browsers. But that was their goal, innit? Enshittify the web while claiming control over it.
I think you are misunderstanding what is possible with the history API.
Pages can’t read your navigation history.
Pages can’t manipulate history prior to their loading.
The original history API is a careless mistake. It can:
Tell the browser to navigate forward n entries.
Tell the browser to navigate backward n entries.
See the length of the history stack.
Seeing the length is a privacy problem. Allowing arbitrary forward navigation is a usability problem that’s ripe for abuse. Allowing back navigation to be more than a single page is a usability problem.
The newer pushState and replaceState APIs are fine. As their names imply, they push a new URL or replace the current URL in the navigation stack. The URLs are also subject to same-origin constraints, so you can’t just replace the current page with an entirely different domain.
Using a replaceState followed by pushState to insert a dummy marker that runs history.go(1) when the popState event is fired allows pages to prevent users from navigating away from the website. That’s shitty and abusive, yes.
Back button hijacking is an infuriating problem, but it’s not a new one exclusive to SPAs. This fuckery has existed for a long time.
Edit: I don’t like the state of the modern web either, but as you also noted, the problem with it is by and large Google’s monopolistic dominance over web browsers and their incentive to not take privacy seriously. The only non-Blink browser engine with any notable market share is WebKit2, and that’s only because Apple is abusing their own position.
Single page applications are only a necessity because pages are expected to be huge behemoths, so requesting a new page would take too long and put a burden on the server. And that is mostly the result of corporations bloating their sites with advertisement, to the point our expectations on what’s an acceptable page size became distorted.
(Note Angular was released by Google in 2016, and the anti-feature is from 2015. I don’t think this is a coincidence.)
SPAs have their place in the ecosystem and can do things that simply aren’t possible with page navigation alone. Don’t blame the technology for developers or more likely their managers being shitty.
If you develop some feature (or bug!) of course some people will find a decent way to use it. That doesn’t mean the feature should be there on first place, specially when the possibility of abuse is so obvious. Plus if the pressure behind this anti-feature was “only” single page applications, and nothing else, I bet it would be implemented in a different way.
Also, look at the big picture. In isolation, one could argue giving pages access to your browsing history was a necessary albeit poorly thought feature; but when you look at other stuff browsers nowadays are supposed to do, you notice a pattern:
Are you noticing it? All those “features” are somewhat useful, but with such obvious room for abuse it would be insane to add them, in retrospect. And that abuse is usually from money hoarders, or people controlled by them.
Worse: all of them crammed into what was supposed to be a system to show you content, but eventually got bloated into a development platform, transforming browsers into those bloody abominations of nowadays, with a huge barrier of entry, dominated by a single vendor (and where the vassal of said vendor got ~3% market share). I’d say that not having a monopoly is more important than all those features together.
And odds are the ones pushing for those features (like Google) knew they were insane, and that they would raise the barrier of entry for new browsers. But that was their goal, innit? Enshittify the web while claiming control over it.
I think you are misunderstanding what is possible with the history API.
Pages can’t read your navigation history.
Pages can’t manipulate history prior to their loading.
The original history API is a careless mistake. It can:
nentries.nentries.Seeing the length is a privacy problem. Allowing arbitrary forward navigation is a usability problem that’s ripe for abuse. Allowing back navigation to be more than a single page is a usability problem.
The newer
pushStateandreplaceStateAPIs are fine. As their names imply, they push a new URL or replace the current URL in the navigation stack. The URLs are also subject to same-origin constraints, so you can’t just replace the current page with an entirely different domain.Using a
replaceStatefollowed bypushStateto insert a dummy marker that runshistory.go(1)when thepopStateevent is fired allows pages to prevent users from navigating away from the website. That’s shitty and abusive, yes.Do you know what else can do that, though?
Or
Back button hijacking is an infuriating problem, but it’s not a new one exclusive to SPAs. This fuckery has existed for a long time.
Edit: I don’t like the state of the modern web either, but as you also noted, the problem with it is by and large Google’s monopolistic dominance over web browsers and their incentive to not take privacy seriously. The only non-Blink browser engine with any notable market share is WebKit2, and that’s only because Apple is abusing their own position.