Imagine your friend that does not know anything about linux, don’t you think this would make them not install the firefox flatpak and potentially think that linux is unsafe?
I ask this because I believe we must be careful and make small changes to welcome new users in the future, we have to make them as much comfortable as possible when experimenting with a new O.S
I believe this warning could have a less alarming design, saying something like “This app can use elevated permissions. What does this mean?” with the “What does this mean?” text as a clickable URL that shows the user that this may cause security risks. I mean, is kind of a contradiction to have “verified” on the app and a red warning saying “Potentially unsafe”, the user will think “well, should I trust this or not??”
I like flatpaks and flathub, but this is just something they do badly. I think as well they also have “probably safe” which is just as unhelpful… And what does “access certain files and folders” even mean!?
I think they should just follow the example of every other app store; list the permissions in an easily understandable list and let the user decide whether or not they are comfortable with it.
Completely agree. Training normies to click OK on warnings like this is a no-good terrible idea.
Training users to click on this shit is the same reason people wipe their desktop by ignoring “Yes I know what I am doing” warnings.
This should have been much more well thought out The wording, image, buttons, specific wording for each page.
They really screwed the pooch.
Another 4-6 months minimum before release. But quarterly numbers must be met.
If you use Debian-based linux (Ubuntu, Minut, others), Mozilla recommends getting the package directly from their respository rather than flatpak or other repos.
Personally, I saw a major performance increase on my low-powered laptop when I switched from flatpak to the Mozilla package.
In defense of this warning, when I first put my application on Flathub, I had it because of how file i/o worked (didn’t support XDG portals, so needed home folder access to save properly). It did actually motivate me to get things working with portals to not request the extra permissions and get the green “safe” marker.
A lot of apps will always be “unsafe” because they do things that requires hardware access, though, so I could see them wanting something more nuanced.
Yes but surely you’re aware that even the most new-user-friendly distros and their tools aren’t necessarily aimed at new users.
That warning is a perfect example of how Linux developers choose which hill to die on. They post a warning for an app that everyone knows can deliver bad times to two camps of users; those that know and don’t care and those that don’t understand the warning. If we could quantify the helpfulness of that warning, odds are that it saved 0 users from malicious action from that avenue of attack.
Never expect Linux as a whole to be “helpful” to the new crowd.
To be fair, if a naive user is going to get a virus, there’s a very high chance a browser will be involved.
Good.
People need to view out of channel software with a hairy eyeball.
Hell, I run Debian all over and it’s absurd that the main repositories don’t do checksums on downloaded packages!
WAIT THEY DON’T ???
yeah apt just trusts the server if it properly identifies itself
the barrier to entry for attacking that seems pretty high though
if that freaks you out, switch to a rhel derivative, they got a shiny progress bar
Interesting, but switching will be difficult, unfortunately…
Thanks for the info
In my opinion, those warnings are not used to help users but to shame developpers for not trully sandboxing and verifying their apps. Developpers know that having this warning will decrease the number of users downloading it. The goal in the long run is to improve app sandboxing and security.
By not letting the user import/export addon settings, bookmarks?
Btw, i hate the opinion that the dev must babysit his users. It makes software worse, not better, look at Firefox’s profille folder for an example. If you have to, make an intro to train them.
I’m not 100% confident but I thought you could use portals to access individual files outside of the sandbox
You could but where is fails is when you open one html file that then needs to loads the other files that are needed by the first.
You can not allow chain loading like this, it would bypass the sandbox.
One way of working around this would to allow the option of passing a whole folder and sub folders to the program.
The other and much harder option would be a per program portal filter that can read the html file. then workout what files that html file needs and offer that list of files to the user.
The lazy work around is allow read access to $HOME and deny access to some files and folders like .ssh
They should be worried. We don’t want them comfortable.
So many negative things have entered our culture bc people don’t care about dangers. Nearly every app should have a warning
Nearly every app should have a warning
No. If you put a warning on every app (except for the most trivial ones that don’t actually do anything useful) then the warnings mean nothing. The become something more than ass-covering legal(ish) BS.
Apps could start improving to remove the warnings…
What do you mean by “improving”? This alarming warning appears because Firefox requires permissions. Let us look at the permissions listed there:
- “User device access”. From the docs, I’d say the browser needs it for rendering?
- “Download folder read/write access”. This one is obvious - the files you download with your browser go there.
- “Can access some specific files”. This one, I’ll admit, is a bit cryptic - what files does it need to access? But this one is on Flatpak for making the permission so general.
App permissions should not be about “this app cannot be trusted because it asks for scary scary permissions”. They should be about “take a look at the list of permissions the app requests and determine whether or not it make sense for such an app to need such permissions”.
To be fair, the fact that browsers are allowed to do so much that this warning has to be shown is more an indictment on the current state of browsers (which at this point are almost like installing VMWare and a virtual machine on your computer!) than on something something Firefox or something something Flatpak.
I mean yes, how exactly would you want the web to work? In order for it to be secure we need website code to run in an isolated environment. Modern web browsers have gotten pretty good at this.
Though we say it’s a JavaScript Virtual Machine it’s not the kind of virtual machine you are thinking of. It just means it’s being interpreted in a certain environment rather than compiles code running natively. It’s not like a whole OS. Running a web browser in a Virtual Machine is unironically a method to improve security; checkout Qubes OS for an example.
Also the permissions it’s asking for aren’t that serious. Basically GPU access and download folder access.
I mean yes, how exactly would you want the web to work?
Text and images and hyperlinks; maybe audio and video if you’re lucky and you can prove you can be trusted. No such thing as scripting, or if it’s allowed, only in a limited manner with no such thing as “eval” and obfuscation and no ability to add or delete nodes from the DOM (or if it’s allowed, those nodes must reflect under View Source / CTRL+U). No such things as loading a javascript audioplayer that tries to mix 123456 weird sources, just link me the .m3u direct to the audio stream’s .mp3 file, or even better an .opus.
Definitively no DRM.
If any such thing as GPU access is provided it should be to deposit data, not to run code.
Text and images and hyperlinks; maybe audio and video if you’re lucky and you can prove you can be trusted.
Those things still require a GPU to render efficiently.
All the other stuff you talk about don’t need a GPU or really any systems permissions at all. So even if the web changes to your twisted view the flatpak would still require the same permissions. All you’ve just proven is that you don’t understand technology.
If any such thing as GPU access is provided it should be to deposit data, not to run code.
You don’t know what a GPU is apparently. Regardless the same access is needed for both.
Also you use Lemmy, which requires scripting. Pretty much every online game, shopping website, calculator, and so on require scripting of some kind. Scripting isn’t just for bad things like tracking. It makes a lot of cool stuff possible, that you doubtlessly use everyday. As a plus it’s generally more secure to use a web app than have a myriad of different programs or applets replace all these different things, as websites are sandboxed. There is a reason JavaScript replaced Flash and Java applets.
You’re confusing a technology problem with a society/capitalism problem.
