[chrismartin]

It's not only notifications, it's permissions (that the app won't work until you accept) to track your location, exfiltrate your contact list, and so forth. It's an invasion of privacy. It should not be required to, e.g., order food at a restaurant or configure your headphones.

[zzo38computer]

> It's not only notifications, it's permissions (that the app won't work until you accept) to track your location, exfiltrate your contact list, and so forth.

My idea of an operating system design (it is intended for desktop and laptop computers, but a variant could also be possible for smartphones and stuff if wanted), that all I/O (including determining the current date and time) must use capabilities (and can be proxy capabilities). The built-in programming language allows users to define new proxy capabilities and configure existing ones, and the C programming language can also be used. This can avoid such invasion of privacy but also is useful for other purposes, e.g. for testing, or to allow programs that expect a camera to work even if you do not have a camera, or to filter or redirect notifications, etc. Therefore, permissions can be as fine and as faked as you intend it to be. And, furthermore, the standard package manager would exclude programs that are designed to be invasion of privacy and other antifeatures like that (users can still install them manually, and the security features of the system still ensure that it would protect against many kind of malware and misfeatures).

> It should not be required to, e.g., order food at a restaurant or configure your headphones.

You shouldn't need a app or a web browser to do either of those things anyways.

[xerox13ster]

I'm extremely confused by your first statement. If I take out all the parenthethicals, I get:

"My idea of an operating system design, that all I/O must use capabilities."

Any OS feature is a capability. Time and date are not I/O. What does capability mean to you?

Then you go on to say that the built in language will allow definition of proxy capabilities "and the C programming language can also be used"

How exactly does the inclusion of C avoid invasion of privacy? What such invasions? How does the conclusion follow?

I am sincere, please help me make sense of what you are saying.

[zzo38computer]

I am sorry if I am being unclear. I will try to answer your questions.

> Time and date are not I/O.

In my system, they are. Anything except deterministic operations on the program's own memory is considered I/O.

> What does capability mean to you?

"Capability" refers to capability-based security. For a program to do any I/O, it must be given an object called a "capability" (which is similar than, but different than, a "file descriptor" in UNIX). There is no ambient authority; to open a file you must already be given a capability to open a file, etc. Capabilities can also be used to give someone else an additional capability.

A "proxy capability" is a capability that a program makes up itself, which can be used to pass messages between itself and another program that the proxy capability is given to. Programs cannot distinguish between a proxy capability and any other capability, therefore ensuring that anything that an application program would know from outside of itself can be overridden by the user. So, if a program wants to track your location, a proxy capability can be used to give fake location data (this is useful for testing as well, and also for other purposes e.g. if your computer cannot determine your location but you want to specify it anyways).

> How exactly does the inclusion of C avoid invasion of privacy?

Avoiding invasion of privacy is independent of what programming language is used.

[wlesieutre]

One under the radar change in iOS 18 is that contacts permissions are now more like photos have worked for a few years now. Instead of having to give the app all your contacts and then pick within the app, there’s now a system picker and you can choose specific contacts to grant permission for.

[gabeio]

That’s cool and all but tbh don’t they already have it from the last time I accidentally pressed allow all? And when it’s out there it’s out there… even the FTC agrees: https://news.ycombinator.com/item?id=41688080

[benoau]

They've had 14 years to get it. I remember ages ago there was a startup Path who famously justified uploading your contacts without permission (before dialogs were implemented) as it being an industry-norm!

https://techcrunch.com/2012/02/07/path-uploads-your-iphones-...

[wlesieutre]

Yes, if you didn’t want them to already have all your contacts you’d need to have declined that previously

Well behaved apps may not have uploaded or looked at anything they didn't absolutely need to, but the problematic ones would

[wafflemaker]

At least they can't track changes to your contacts, which is also an important data.

That's really cool with per app contacts lists, like on GrapheneOS. Seeing it's now on iPhone, I hope it will trickle down to Android too.

[scarface_74]

I have never had an iOS app that won’t work if you don’t give it your location, contact list data, etc except for obvious things like Maps.

[gruez]

McDonald's app won't give you offers if you refuse to give precise location permission. That said other functionality works fine.

[ToucanLoucan]

I've honestly never had an app that didn't have a VERY good reason to need contacts access actually request it.

[BobaFloutist]

WhatsApp insisted on important contacts instead of letting me add them manually.

[wafflemaker]

What's up doesn't start if you don't give it full contact list on Android.

[scarface_74]

It works fine on iOS if you say “no”

[BobaFloutist]

That's the impression I got, though I had a haunting suspicion that there was some other way I wasn't able to find.

It's disgusting.

[consteval]

Pretty much all social media apps request contacts and will auto-recommend your profile(s) to your contacts. Kind of a shitty feature if you want a somewhat private social media profile. I mean, not all social media is Facebook, can we please stop treating it as such?

[scarface_74]

And you can say “no” and the app still works

[consteval]

Okay. And? I guess I don't have a right to complain because I can just ignore the app's pestering.

With this kind of mentality, you can justify close to anything. I don't think this is sound reasoning.

[scarface_74]

Do you feel the same way about the GDPR imposed cookie banners?

[ToucanLoucan]

I mean, in order:

- If I install an app, and if it were to request permissions I don't feel it needs, I decline them

- If it asks again later and provides a justification, I may approve it, if I feel the functionality is worth it. But I may not.

- If I don't and it continues to pester me, I delete the thing and move on.

Frankly I could count on a couple of hands the number of apps that have access to my contacts, and all of them need that access in order to function.