Comment by zzo38computer

> I'd like to have a system where I can choose to give any bitmap, movie, or blank screen when an application asks me for permission to use my camera. When it asks for my microphone, I should be able to choose to make it think I allowed it microphone access with dummy audio stream with no audio or audio of my choice.

It is what I had thought too (you could also provide a filter, or the video and/or audio output of another program, or other stuff), and I have also seen others with similar ideas than that as well. (It also does not know whether or not you even have a camera or microphone; this way, you can use a program that expects a camera even if you do not have it.)

Although it could be made with Linux and existing systems, my idea was to redesign the entire operating system and computer to support this in order to work better. There is some issues which are not handled by the existing systems, including some fingerprinting, and date/time, and some others.

> When it asks me to open a file, or a directory, it should invoke a system dialog that cannot be faked, and when I pick a file/directory for it, that directory or file should be bind-mounted into its mount namespace without giving it extra information about other files beside it, or indeed what's the full path of the file.

This would be insufficient for many uses, e.g. if a file name is specified by command-line arguments or by configuration files, or if the program does care about other files with a similar name (which SQLite does, so many programs that use SQLite also will). (I had thought of how a sandbox library could be made to support some of these things could be made on Linux, although I had never actually designed or implemented it.)

> When recording a screen, I should be able to pick which regions and which applications it should be able to see, and the system should make it think it's all there is.

Yes, I agree, it is also a good idea. But, screen recording will also be video input, which the camera also is, so it might work in a similar way.

> I think the pieces to do this are mostly there already (portals, Pipewire, namespaces)

I also think there is problems with the ways some of these things are working. One is that the system will use ambient authority (which is one reason why I had suggested to make up a new operating system instead), and some of the protocols expect use of Unicode and do not support other character sets so well, and the existing sandboxing also does not work very well for user-specified commands to use with popen (many of my own programs do use user-specified commands with popen).