Comment by amarant
14 hours ago
One thing that I think would be a huge boon that I didn't see mentioned in the article is permissions.
Basically a plugin would need to request and receive permission to use APIs from the user. Wanna write to disk? Ask the user for disk permissions(preferably limited to certain paths). Wanna phone home? User has to approve that permission upon install(or first usage or whatever)
Kinda like how Android manages permissions (maybe iOS too?I dunno I don't use it)
That's probably a bit of work, but it would make me feel a lot safer about plugins if you could make it happen!
Edit: wait I just realised that the "disclosure" part might actually be this, and I just got confused by the terminology used? I don't think it's entirely clear from the text if a plugin could technically use capabilities without disclosing them? Hopefully they can't, and then that's good enough, I think.
Yes they are mentioned in the blog post in the bullet point about disclosures. You can think of disclosures as the first step towards permissions. See my previous answer here:
https://news.ycombinator.com/item?id=48110592
Google has been very careful not to add an internet permission on Android, even though things like flashlight apps shouldn't have needed internet. Google is an internet ad company.
I'm fairly sure Android used to have an internet permission back in the early days. But then basically every single app requested it so the utility was diluted. Then they switched away from a static list of permissions and more to a ask for permission at the time of use model.
The old permissions model was always a bit of an illusion of choice. The app presented a massive list of permissions and you could take it or leave it. But when every app asks for every permission you don't really get a choice and just had to accept it. The new model where you can install an app and then reject it's permissions is much better.
Almost a decade ago, I wrote and published a small companion app for a game and set a hard rule for myself that it didn't need the internet permission (and thus stuff like a privacy policy). It still managed to be useful despite that, which made me pretty proud at the time.
Stock Android has always classified internet as a "normal" permission that can't be toggled by the user. I think it still might have to be requested by the app, and you could see it in the app details, but it has always been auto-granted with no way to turn off.
1 reply →
Ah, "The Network is the Computer" [1]
[1] https://en.wikipedia.org/wiki/The_Network_is_the_Computer
FWIW, GrapheneOS supports disabling internet access for apps.
It's a rite of passage of every Android app to crash on the first launch because you forgot to declare the INTERNET permission in the manifest. It's been there since day one.
It's auto approved and non declineable in the settings, but technically it's a permission you can revoke, just needs to be surfaced.