Sure it does! We just need sufficiently granular permissions for all of this stuff. “Do you want to give ClipboardManager access to your clipboard?” Yes. “Do you want to give TikTok access to your clipboard?” No. I agree that clicking a million permission boxes is annoying but ideally it should only be something needed for apps that don’t fit the media consumption model.
The real problem is that the desktop security model is outdated - it was designed for a world where software developers are trusted by default and users need to protect their data from each other. Today we can’t trust that developers will respect my data. I mean, the fact that any application I run or any npm module I transitively install could upload or delete any of my personal documents is insane. We absolutely need to preserve my ability to run software I write, and run screencast software, file servers, etc. But permission to read my data should not be given by default to any software I happen to run. The Epic thing makes me nervous but generally I think Apple’s direction here is the right one.
> I agree that clicking a million permission boxes is annoying but ideally it should only be something needed for apps that don’t fit the media consumption model.
Media consumption apps are nice and good but I think pretty much all innovation is dependent on media production apps. A permissions model that treats media consumption as the most important use case will necessarily inhibit artistic expression and utility.
> The real problem is that the desktop security model is outdated - it was designed for a world where software developers are trusted by default and users need to protect their data from each other. Today we can’t trust that developers will respect my data.
Why is it any different today? You can always only install applications you trust. It would be useful to have sandboxing for untrusted applications (especially when said sandboxing would also allow you to monitor what the application is doing), but not all applications are untrusted.
The UNIX permission system was designed when computers cost millions, they had lots of users through timesharing (many of whom were programmers themselves). And computers had comparatively little software. And most of the software that was on the computers was installed by the system operators; who could be trusted to not install software from disreputable developers. The threat model was malicious users accessing each other's files; so user accounts with limited permissions kept us safe.
Today I have several computers. Each computer only has 1 user. And yet my /etc/passwd file still has 110 entries somehow. And it doesn't really help - the thing I need to protect the most on my computer is my data, and most programs on my computer could read and modify all my data with impunity if they wanted to. The permission model nothing to protect my own files from the programs I run.
Using tools like homebrew I install new software very frequently, and I don't have time to vet the code I run. There is a staggering number of software developers who have contributed code that runs on my computer. Some of them work at companies in direct competition with each other. Some of those companies I don't really trust. (Hi Facebook). So I rely on sandboxing in the browser and on my phone to keep my data safe.
The UNIX user permission model just doesn't meet modern needs.
The real problem is that the desktop security model is outdated - it was designed for a world where software developers are trusted by default and users need to protect their data from each other. Today we can’t trust that developers will respect my data. I mean, the fact that any application I run or any npm module I transitively install could upload or delete any of my personal documents is insane. We absolutely need to preserve my ability to run software I write, and run screencast software, file servers, etc. But permission to read my data should not be given by default to any software I happen to run. The Epic thing makes me nervous but generally I think Apple’s direction here is the right one.