Haskell programmers when you tell them the main function isn't pure

Sandboxes have been converted into quarantine bomb shelters, for child safety

That's why we have Wayland. :)

Wouldn't want bad actors to find privacy respecting software.

Sanboxed from prying eyes, it's completely safe.

Or actually do anything useful? No network, no filesystem.. it's a hello world app isn't it..

Oh come on, what modern program actually needs to communicate or access the file system?

The app can then declare the network permission and it will still be marked as safe.

Download the internet along with it!

it’s weird that android and ios already provide this but THE container standard doesn’t

Absolutely, permissions should be disabled by default, and only when the app needs to do something that requires a certain permission should it ask for it.

Maybe even do something like Android, where permissions automatically get revoked if you don't use an app for a certain time. I love that feature.

I've tried to combat this a bit with a global Flatpak override that takes unnecessarily broad permissions away by default, like filesystem=home, but apps could easily circumvent it by requesting permissions for specific subdirectories. This cat-and-mouse game could be fixed by allowing a recursive override, such as nofilesystem=home/*.

But even then, there is still the issue with D-Bus access, which is even more difficult to control ...

I think it is sad that Flatpak finally provides the tool to restrict desktop apps in the same way that mobile apps have been restricted for a decade, but the implementation chooses to be insecure by default and only provides limited options to make it secure by default.

It's actually Dippi but I don't want to look like I'm advertising it here

!peepee !< is safe

With a bit of modifying code to use the color picker and maybe rearranging the workflow to adapt to the new system, apps as advanced as DaVinci Resolve and LibreOffice can have permissions as restrictive as this (the network permission would of course may be needed but it would still be marked as Safe by Flathub).

You can use the file picker API to open the files or folders your app would need to access while having no filesystem permissions at all. You can access the camera, microphone, and GPS without the user devices portal, by simply using the respective portals where the user has the power to allow or deny access to such devices as they wish.

You can record the screen, take a screenshot, and pick a color in the screen by simply calling the proper portals, with the bonus that the user will be able to select if they want the entire screen, a specific window, or a specific area to be recorded/captured and whether the cursor should be shown or not.

Heck, even TeamViewer can be as this restricted without losing any functionality if they use the Screen Cast portal which allows apps to mirror input from a remote device! They would of course need the network permission, but that's still safe.

Yes, they can. There are app-specific folders in .local that flatpaks can read and write to specifically for this purpose, and also the file picking dialog may give access to the one specific file you picked.

Android IMO has great usability in exposing a database to apps, which means they aren't required to ship their own database engine.

But my 1998 Windows CE device that's made obsolete by those meddling modern security practices!

As well as FOSS too. Sandboxing is a security standard that should be followed by every software how open their code may be.

This could well be an advanced video editor or an office suite if they take full advantage of the portals API without losing any functionality. Well, they can have the network permission, it would still be safe anyway.