I often have apps on my Mac or iPhone that ask for permission to see my camera, microphone, contacts, etc etc that I don't want it to see. But I do want other apps to be able to access those things.
Being able to stop those apps from accessing before they do instead of trying to fix it after is incredibly valuable.
Sure some users just accept everything, but that is not an argument against them existing in the first place.
Even today, any rando application I download and run can read and/or write to any file on my system that I own and have permission to read and/or write, unless I go out of my way to run it in a chroot, a container, a jail or whatever. That's just poor security in a world where nearly every commercially developed application is an attacker.
If you install random apps and it destroys your PC, you can fix that by having backups. By contrast on work computers with important data, everything is supposed to be locked down and you can't install random apps. But then we started to increasingly connect devices to the internet.
Now gaining access over a smartphone essentially means being able to send payments via the banking apps. People are sending money with crypto so they are susceptible to simple clipboard swap attacks that are almost impossible for the user to detect until it happens. Then there is all the personal data that can be stolen that can be used for other attacks in the future.
Essentially the amount of damage you can take by losing access has increased much faster than the security devices meant to prevent.
To make matters worse, the security devices that are marketed to the average user tend to be exploitative rather than trustworthy (e.g. OneDrive).
It feels like instead of protecting users developers seem more interested in creating something that only does half of the job and then blaming the user for not knowing how to do the other half, so a comprehensive solution for the problem is never created.
1. Protect users from attackers external to the computer
2. Protect users from attackers who are other users on the computer
3. Protect users from applications run by other users on the computer
4. Protect users from applications they themselves run on the computer
5. Protect unprivileged (non-root) users from their own actions
6. Protect privileged (sudo/root) users from their own actions
OSes have been historically OK at 1-3. Not great or even good. There have been a lot of remote code vulnerabilities and local vulnerabilities over the years.
OSes have pretty much ignored 4 until maybe a decade ago, and are making token progress toward it, but I don't think many of them take it very seriously.
OSes have instead started to crack down on 5-6, which I'd argue isn't even the job of an OS.
Literally all security features carry the hazard of being used for oppression and being ineffective or counter-effective. That's how constraints work.
You need two things for a security feature:
- a segmentation under which a behavior is considered unsafe / unsecure (arbitrary, subjective)
- a technical solution that constrains the behavior of <thing> in <usage context> so that the aforementioned is mitigated
So something being "a tool of oppression" or "a tool of safety" is a matter of your alignment with that segmentation. And it being a theater or not is a matter of functional soundness given a threat model. So is its tendency to become counter-effective.
Constraints are just constraints. Whether they're effective and whether you're disadvantaged by them are both separate, independent matters. Empirical too.
Sandboxing apps by default is not that. The principle of least privilege is good security. If I vibecode some quick and dirty hobby app and share it with the world, it's better if the robot's mistake can't `rm -rf ~/` or give some creep access to your webcam.
The user should be able to override that in any way they see fit of course.
I can see the rest, but why did you mix in Wayland, a open source display protocol?