Flatpak's "sandbox" is mostly theater, and it gives little when it comes to privacy. Apart from the obvious that packages sometimes come with overly broad permissions to be usable at all (but you are still given a marketing pitch about enhanced safety, granted, flatpak.org doesn't do it but flathub does), the fact that some paths are denied or some access is revoked is also a data point.
I'd like to have a system where I can choose to give any bitmap, movie, or blank screen when an application asks me for permission to use my camera. It shouldn't know that I have denied it. When it asks for my microphone, I should be able to choose to make it think I allowed it microphone access with dummy audio stream with no audio or audio of my choice. When it asks me to open a file, or a directory, it should invoke a system dialog that cannot be faked, and when I pick a file/directory for it, that directory or file should be bind-mounted into its mount namespace without giving it extra information about other files beside it, or indeed what's the full path of the file. When recording a screen, I should be able to pick which regions and which applications it should be able to see, and the system should make it think it's all there is.
All the while the application doesn't even have to cooperate. This is the important bit.
I think the pieces to do this are mostly there already (portals, Pipewire, namespaces), it's just a lot of faff to actually implement.
forty · 38m ago
If this is not AI generated, this is well imitated (with the many bullet points in particular)
kstrauser · 29m ago
I never understand these comments. This adds nothing to the discussion. And as the editor of Linux Journal, I bet George has written plenty of bullet lists over the years. Maybe the AIs are copying him, you know?
duskwuff · 8m ago
It's an expression of concern - is this article actually an expression of someone's thoughts about a topic of concern, or did someone just ask ChatGPT to write them an article about Flatpak security?
WesolyKubeczek · 29m ago
I can speak in listicles and use em-dashes — correctly, mind you! — using only organic neurochemistry-based intelligence of my brain.
I'd like to have a system where I can choose to give any bitmap, movie, or blank screen when an application asks me for permission to use my camera. It shouldn't know that I have denied it. When it asks for my microphone, I should be able to choose to make it think I allowed it microphone access with dummy audio stream with no audio or audio of my choice. When it asks me to open a file, or a directory, it should invoke a system dialog that cannot be faked, and when I pick a file/directory for it, that directory or file should be bind-mounted into its mount namespace without giving it extra information about other files beside it, or indeed what's the full path of the file. When recording a screen, I should be able to pick which regions and which applications it should be able to see, and the system should make it think it's all there is.
All the while the application doesn't even have to cooperate. This is the important bit.
I think the pieces to do this are mostly there already (portals, Pipewire, namespaces), it's just a lot of faff to actually implement.