> Most flathub apps have "access to all your information" one way or another.
I went thought some of the Flatpak applications I commonly use, and none of them had access to all my information. I'm not going to go through all of them, but this suggests that the quoted statement isn't true.
I stand by my original statement that Flatpak is the only system that tries to address this. The fact that you're suggesting two separate technologies in combination confirms this, in my opinion.
Examples of popular apps that can write to the host filesystem (and remember kids, the ability to write to $HOME always means full account takeover, followed shortly by root access if your account can sudo):
The applications above also provide other dangerous privileges, but they pale in the presence of filesystem access.
Examples of applications that have full device access (which is considered insecure and called "not ideal" in the flatpak docs), as well as sharing a bunch of namespaces like network and IPC (meaning these parts are not sandboxed):
Of all the applications I sampled (some by popularity, some random I knew), all gave full device access and disabled network/ipc sandboxing. A significant chunk gave filesystem=host access (not even home, host!).
(I am however happy to see that the number of filesystem=home/filesystem=host manifests seem to have dropped.)
> The fact that you're suggesting two separate technologies in combination confirms this, in my opinion.
Whenever independent tasks need to be accomplished, independent solutions is the superior choice. The alternative are monoliths and semi-closed gardens.
> Examples of popular apps that can write to the host filesystem (and remember kids, the ability to write to $HOME always means full account takeover, followed shortly by root access if your account can sudo):
I actually use exactly zero of the applications you mentioned. The ones I looked at was:
Spotify - Only access to music and pictures
Element - Keyring and download. It does get all-devices though which could be a problem
Signal - Gets access to a bunch of directories such as desktop and documents. This is a bit excessive.
Tor browser - No access (I wouldn't expect anything less)
Climaxima - No access, but I wrote that application so perhaps that's a bit unfair
Those as the applications I most commonly use. However, now that I look through the list of applications I have installed, I see some that I'm really disappointed are requesting full filesystem access, including GIMP and Kdelive.
> Whenever independent tasks need to be accomplished, independent solutions is the superior choice. The alternative are monoliths and semi-closed gardens.
I don't disagree with this. It's most definitely possible that your proposed approach is better, but as of right now, no one is making that easy (i.e. you need to know what you're doing to benefit from the security benefits).
I went thought some of the Flatpak applications I commonly use, and none of them had access to all my information. I'm not going to go through all of them, but this suggests that the quoted statement isn't true.
I stand by my original statement that Flatpak is the only system that tries to address this. The fact that you're suggesting two separate technologies in combination confirms this, in my opinion.