Who is this actually useful to though? These sorts of arguments get floated around all the time but the reality has been that digital privacy only draws attention when there's political capital like shaming a company that worked with the opposing party. The mainstream opinion, informed or not, has rapidly shifted towards the belief that after all these data breaches it's a lost cause because the information is already out there in triplicate. Hell, if someone genuinely wants to stalk Joe Random they can just pay give bucks to one of the many websites that compile and sell person searches.

On the other hand, people are scared of 'hackers', who are rarely presented accurately in media, taking control of their devices and spying on them or stealing whatever personal garbage is on their machine.

From that perspective there's almost zero reason to iterate in the direction you've suggested. Especially since, even if you got people to listen, they'll most likely just argue that if Microsoft, Google, Apple (who will probably keep doing their own thing) can't secure their data then no one can.

And from a company perspective this is similarly great, designing for a future where the OS is just a middle-man between the user and the browser means that you have more ability to wall out third parties and users who have problematic update needs/demands suddenly become much less problematic. Sure, the small fry will fight to prevent themselves from getting boxed out and succeed for a time. but you're a Megacorp who has bottomless resources to throw at development, you're looking at the long game. Eventually the cost to compete will simply be too high to be practical and when that happens you have a thoroughly cemented position in the future of the market and all it cost was forming a small alliance with other Megacorps.

Who else is there to object? China rolls their own way, Europe is trying a little but have yet to demonstrate the ability to overcome the obstacles that prevent them from being competitive, and when the American Fed does decide to take an interest it's for wildly exotic problem spaces (looking at you Ghidra and Tor).

The wall of text above TL;DR: "Just give up your privacy like everyone else and enjoy the web features you didn't ask for and you don't need." It's really not more that this.

It was a bummer read but what did it say that was wrong? It's not like they weren't right about the direction things are going.

Making you give up your privacy is a general software trend already implemented at the operating system level. Web technology is orthogonal to it.

> And yet, sites exfiltrate enormous amounts of behavioral information. Whereas with a desktop app, I can just put it in a sandbox without network access and I am 100% sure that no data gets uploaded to anyone.

I don't see how that has anything to do with the security of the platform itself. Sure, some desktop apps can be sandboxed. Others don't work without some form of network connection. It's up to the developers what to (not) do here.

> While unfettered access has larger consequences, it is a relatively rare occurrence, whereas unwanted extraction of personal/behavioral information happens continuously.

A website or web app can not access any personal information that you haven't entered into it or its "partners". If cross-site tracking is your concern, there are ways to mitigate that.

Just as there are ways to mitigate the dangers of running desktop applications. Point is: Web is not inherently better for your privacy or security.

> Web is not inherently better for your privacy or security.

Nobody said that. The point I'm making is that it is not "fundamentally insecure and wrong", especially compared to native applications.

As for security, there's some nuance there, but legacy desktop applications that are exploited can certainly do more harm than anything running in a web sandbox.