[TheBrokenRail]

> So.. it's run everything sandboxed by default the recommendation for regular users?

Yeah, that is probably the best solution. Most mobile OSes do that by default now anyways. Desktop Linux has Flatpaks and Snaps. Windows has UWP apps. And I think MacOS has its entitlements system IIRC.

If you don't absolutely trust somethibg, you shouldn't allow it to run unrestricted.

[the_af]

If the OS does this by default and it becomes the standard way of working, then sure. You would need to change how to share files you do want to share and solve some other hurdles, of course.

If this isn't the default node -- transparent, where end users must do nothing in particular -- I don't see it succeeding though.