[mikewarot]

When you run a program under almost any operating system, the operating system assumes you trust it. The code can open any file you've got permission to access, open network ports, etc. The code is you as far the operating system is concerned, and carries with it all of your authority. The assumption that code can just do whatever it wants is baked into everything.

There are permission flags on your Smartphone and other places that curtail this a bit, but those are rather course grained all or nothing decisions. Those are like either handing over your wallet, or not, to the clerk at a store to make your payment.

There are better alternatives possible, I'm hoping they get here soon. Genode[1] is one such system, that offers capability based security, where you chose what resources to hand off to code, instead of giving it everything. This model of computing is called Capability Based Security[2].

[1] https://genode.org/

[2] https://en.wikipedia.org/wiki/Capability-based_security

[mike_hearn]

This is only really true of Windows and Linux. As you admit, mobile operating systems don't work that way, web browsers (practically an OS) don't work that way, even macOS doesn't work that way (all apps are lightly sandboxed on macOS even if they don't opt in to it).

Sandboxing doesn't change the nature of the web, though. People use hosted services because they don't want to run things themselves, people build hosted services because they want to meet that market demand and also avoid the piracy and support costs that come with allowing self-hosting. You can imagine alternative worlds where that isn't true but people would just have different complaints.

[mikewarot]

MacOS seems to be going down the horrible road of permission flags, just as bad as Smartphones.

[hollerith]

An app on iOS or Android cannot access the storage of any other app, which fact does not fit into the description you give (i.e., your second paragraph).