Because installing a native app requires an enormous amount of trust. Every native app running as your user has read access to all data created by every other app including browsers and their secrets like saved credentials to sensitive websites.
The Linux ecosystem mostly got away with this by being too small to be worth targeting. But several recent events (like the attacks on the AUR) have increasingly shown that we’ve passed the threshold where that’s no longer true.
So, what am I to use when I don’t have the time to go through the source code of every new version of every single app with a fine-toothed comb? Well, browsers (while not perfect) have some level of sandboxing, doing an overall decent job of keeping websites’ (apps) data isolated from each other.
Switching to use web apps whenever possible meant (at least, in Firefox) giving up a lot of the functionality of native apps (like default file associations, dedicated entry in the taskbar, and so many others). They’re basically refusing to acknowledge the open web as a platform that solves a real need: providing security and escape from walled-garden app stores (which is the bigger problem on mobile). Instead they’re spending their funding on AI, and VPNs, and random other features nobody really asked for.
While I think it’s very important that there is more than one browser implementation in the world, I have 2 choices:
Use Chromium fork to get security and convenience and privacy.
Use Firefox (or its forks) to maybe get privacy at the expense of the other two.
That’s an interesting take. But you think its safer to use web versions? Sending your data out somewhere else? To keep tabs isolated in firefox I do use containers, so they dont interact, but I have never been a fan of making WPA’s, when I could just click on the tab its in or open it in the browser anyways.
Well, the isolation allows you select what’s appropriate for each bit of data.
For example, my financial data have to live elsewhere - namely the financial institutions I use. I’ve been paying Todoist $36/year for the past 12 years and they have zero pressure to enshittify, so I’m okay keeping that data elsewhere. I also outsource my email to Fastmail because it’s generally inadvisable to self-host email.
However, for most things that I’ve started using recently (karakeep, miniflux, baby-buddy, homebox, ghostfolio, and so many others), I’ve chosen open source apps and run their servers on my homelab. Linux on the server (unlike the desktop) is extremely well funded. There are a ton of different types of container and micro-vm configurations you can mix and match to give the exact level of isolation, resource, filesystem, and network access you’re comfortable with.
Also, I don’t think it makes much sense to use proprietary software for much in the future. The cost of software development has been going down at increasing rate for as long as I can remember for a variety of reasons, and LLM-assisted AI Agents is the just the latest iteration. With the latest SOTA models, it doesn’t take much to create an maintain a selfhosted OSS app - someone with the will to put in time and the most basic understanding of the basic fundamentals of software engineering.
Certainly not things I would trust particularly personal or sensitive data with. But remember that breaking out of server-side containers/micro-vms is really hard, and way beyond the capabilities of any AI slop.
So yeah, from what I’ve seen so far the best tools out there for enjoying the largest variety of software (including potentially undisclosed AI slop) safely is server-side Linux containers + client-side browser isolation. The closest thing we have to sandboxes in the desktop is flatpak, and it’s so trivial to break out that I’ve watched people do it unintentionally, just trying to make their app work in it.
All this over running web sites as apps? Why would I ever want a website as an app?
If I understand what you are saying correctly.
Because installing a native app requires an enormous amount of trust. Every native app running as your user has read access to all data created by every other app including browsers and their secrets like saved credentials to sensitive websites.
The Linux ecosystem mostly got away with this by being too small to be worth targeting. But several recent events (like the attacks on the AUR) have increasingly shown that we’ve passed the threshold where that’s no longer true.
So, what am I to use when I don’t have the time to go through the source code of every new version of every single app with a fine-toothed comb? Well, browsers (while not perfect) have some level of sandboxing, doing an overall decent job of keeping websites’ (apps) data isolated from each other.
Switching to use web apps whenever possible meant (at least, in Firefox) giving up a lot of the functionality of native apps (like default file associations, dedicated entry in the taskbar, and so many others). They’re basically refusing to acknowledge the open web as a platform that solves a real need: providing security and escape from walled-garden app stores (which is the bigger problem on mobile). Instead they’re spending their funding on AI, and VPNs, and random other features nobody really asked for.
While I think it’s very important that there is more than one browser implementation in the world, I have 2 choices:
That’s an interesting take. But you think its safer to use web versions? Sending your data out somewhere else? To keep tabs isolated in firefox I do use containers, so they dont interact, but I have never been a fan of making WPA’s, when I could just click on the tab its in or open it in the browser anyways.
Well, the isolation allows you select what’s appropriate for each bit of data.
For example, my financial data have to live elsewhere - namely the financial institutions I use. I’ve been paying Todoist $36/year for the past 12 years and they have zero pressure to enshittify, so I’m okay keeping that data elsewhere. I also outsource my email to Fastmail because it’s generally inadvisable to self-host email.
However, for most things that I’ve started using recently (karakeep, miniflux, baby-buddy, homebox, ghostfolio, and so many others), I’ve chosen open source apps and run their servers on my homelab. Linux on the server (unlike the desktop) is extremely well funded. There are a ton of different types of container and micro-vm configurations you can mix and match to give the exact level of isolation, resource, filesystem, and network access you’re comfortable with.
Also, I don’t think it makes much sense to use proprietary software for much in the future. The cost of software development has been going down at increasing rate for as long as I can remember for a variety of reasons, and LLM-assisted AI Agents is the just the latest iteration. With the latest SOTA models, it doesn’t take much to create an maintain a selfhosted OSS app - someone with the will to put in time and the most basic understanding of the basic fundamentals of software engineering.
Certainly not things I would trust particularly personal or sensitive data with. But remember that breaking out of server-side containers/micro-vms is really hard, and way beyond the capabilities of any AI slop.
So yeah, from what I’ve seen so far the best tools out there for enjoying the largest variety of software (including potentially undisclosed AI slop) safely is server-side Linux containers + client-side browser isolation. The closest thing we have to sandboxes in the desktop is flatpak, and it’s so trivial to break out that I’ve watched people do it unintentionally, just trying to make their app work in it.
But if you are self hosting, do you need to worry about that?
Either way, I appreciate the detailed response. And looking at the browser as a strong sandbox does seem smart.
Because it’s handy to have some apps as separate windows outside of the browser so u can quickly alt tab to them.