https://bugs.kde.org/show_bug.cgi?id=479184
--- Comment #7 from Nate Graham <n...@kde.org> --- I appreciate your understanding. FWIW the sandboxing and portals systems seem designed to support a use case where we can't necessarily trust our own apps, more akin to the Google Play store on Android. However from my perspective this is ceding most of the field before battle has even been joined. If we can't prevent the user from installing actively malicious software on their system, I think we've already lost. Android shows us what this world looks like: 99% of the free apps on the Google Play store are garbage that's at best only mildly user-hostile and at worse is using every dark pattern in the book to try to harm you. Even the strongest sandbox is no protection at all for local software that can trick the user into giving it permission to do whatever it wants. This approach passes the buck by saying, "well, I told you there was a risk, you you clicked on the Accept button anyway!" But it should be obvious that this is not an effective system for truly protecting the user. We have decades of experience to show us that regular people will click on anything, won't read dialogs, don't understand digital risks, etc. Putting the responsibility on them is wrong. Personally I think what we should be striving for us to keep actively bad software out of our apps stores and software repos in the first place, and therefore off the devices of casual users who are least able to manage the risks of malicious apps. But this is a much larger topic. :) -- You are receiving this mail because: You are watching all bug changes.
