> Desktop apps do have to adhere to the same system security permission that the browser provides.

A desktop app on an average users PC has access to most files on disk, including sensitive data. While a browser has that too, apps running inside a browsers sandbox do not.

> Desktop apps do have to adhere to the same system security permission that the browser provides. WebApps can be even more intrusive than a desktop app because you're constantly sending signals to a central set of servers with a unique browser fingerprint. You also lose control of updates, and would be completely unaware of new tracking dependencies being injected. The data you create with a web app is and always will be property of the company that manages it.

A browser is just an arbitrary binary, a desktop app is going to be capable of anything a browser is, but much much more.

Isnt flatpak's sandbox mostly snake oil? Has something fundamental changed recently?

Yes it's possible for web apps to integrate things like FullStory that let devs monitor people like a citizen of Zalem. But local guis are doing that too these days. For instance someone posted a show hn thread a few months ago of a terminal gui they built that had fullstory integrated. The author was like mea culpa and removed it, since all he probably wanted to do was fix bugs. But my point is that everything creepy browsers are able to do, local apps can now do too -- and then some. On the other hand, local apps can be positively the most secure and they're the foundation on which big companies are built. But what distinguishes the apps that empower you versus the ones that disempower you isn't obvious, so I'll explain how I do it.

The question people always ask is how can we build a technology that makes being evil impossible? Like sandboxing. And that's usually the wrong question to be asking, because it's a people problem, not a technology problem. What we need is transparency. The ability to monitor the monitors. If you can empirically see what a local app is actually doing, then you can say for certain that it's more trustworthy than anything else. So how do we do that?

Well, for starters, here's a 1KLOC tutorial (similar to Antirez's Kilo editor or Linenoise) on how to build your own version of the `strace` command in pure C. https://github.com/jart/cosmopolitan/blob/master/tool/build/... If you monitor the system interfaces then you don't need to read the source code. It's analogous to watching someone's behavior rather than reading their dna. But the nice thing about ptrace() is it gives you the power to control the interfaces in addition to monitoring them. For example, you can disable the socket() system call and see if it breaks. If it does, and there's no apparent reason for it to need sockets, then maybe you shouldn't be using it. Another good tool that might help you control your digital spaces is Blinkenlights. Right now it only supports static binaries, but if you have one of those and you want to learn more about how it works, then you can watch what it does with memory in real time. https://justine.lol/blinkenlights/

This is the same philosophy behind Chrome's incredible debugger GUI (which is something that sadly local electron-like apps have the power to take away) because transparency is the bedrock of trust for those of us who aren't whole hog on faith in institutions. It's always surprised me that more people haven't been focusing on building tools like this. It also makes me sad when certain open source apps (which shall remain nameless because I don't want to be flamed) go out of their way to make strace output incomprehensible. The libertine use of dependencies is part of the problem. For example, you might not be using sockets, but maybe your programming language or ansi color framework library does, due to some API you didn't even know it had. So if you're a developer, you've really got to monitor this stuff, because if you don't your users will. And if you learn about it the first time from your users, then you're going to lose out on a lot of potential.