There have been alarm bells ringing in my head for a long time with all these settings, and the fact that they’re buried in the settings app gives me a lot of peace of mind. I’ll click through a lot of boxes and alerts and grant permissions that I shouldn’t. I’m SUPER glad that I won’t accidentally grant, you know, full disk access or accessibility to an app just by clicking on a box that appears at startup.
I remember back in the bad old days when I was constantly making extra user accounts just to run some program. Kinda sucked. Hard truth is, you sometimes want to run code that you don’t fully trust.
Well, if you feel that way, they do make platforms that sound like a better fit: iPad, iOS, even Android kinda fits that mold. I would call them "toy computers" but that is my bias. It's not a real computer to me if I am not even in control of what code runs on it.
Linux is also doable, but there’s extra work involved with setting up separate user accounts for running specific pieces of software, configuring namespaces for those processes, that sort of thing. But this is backwards. I’d rather start with a secure default state and have to configure exceptions. Back in the day I could get that from SELinux strict policies but it seems like those have fallen by the wayside.