Yes, you are in a fortress surrounded by a moat with alligators and a army of 10,000 on an island, while google is in your bedroom picking out your gimp outfit for the day.

Containerization improves this a bit although it's still uncommon on the desktop. The use case is a bit different on the desktop to begin though. You wrote about it yourself the other day. Users are more careful about which apps they install on the destop. Mobile apps are more like web apps on the desktop which are properly sandboxed in the browser.

sounds like ultimate sandboxing.

Looks like Apple does enforce signing and sandboxing for app store apps and should be able to do the same for side loaded apps: https://developer.apple.com/documentation/security/app-sa…

I hear you, but it’s not like installing “an entire OS per app.” Qubes runs on a single Xen hypervisor and uses shared templates—AppVMs borrow their root filesystem from them—so you’re not installing 20 separate full OSs. You can use minimal templates and dedicate a lightweight AppVM to a single app if you want. It’s about isolated trust domains, not full installs everywhere. :)

Flatpak looks like something similar for linux: https://flatpak.org/

💯

Isn’t this just another way of saying (in general) “been doing mobile OS development for so that desktop OSs seem extremely insecure by comparison.”

Android sucks, you're just trying to scare me into going back to using windows

Love android. When Valve gets Proton/Vex layer fleshed out, we might get all the benefits of other OSes in a full Android desktop OS

Apple probably does. But I deal with them in a different way that I deal with a random dev out there.

what surprised me is that they revealed that even the most secure VPNs have defects in Linux. 📝 4e5d487d…

Linux is made by and for autists and enterprise. It's genuinely unusable for normal people.

I need to come back to android soon

I need to come back to android soon

Even if people are more careful, it is still crazy that the default behavior is to access the entire filesystem and access and modify everything in the user's folder.

Yes but can I run crisis on it?

There are different ways to create your QubesOS stack. If you run standalone templates you have really fully separated systems. The normal way is to build an templates which have your apps installed and you can share those apps to different AppVMs. The goal here is to separate user profile and data from other ApoVMs for security and privacy reasons. Each AppVM can have another network or is offline.