Imagine your friend that does not know anything about linux, don’t you think this would make them not install the firefox flatpak and potentially think that linux is unsafe?
I ask this because I believe we must be careful and make small changes to welcome new users in the future, we have to make them as much comfortable as possible when experimenting with a new O.S
I believe this warning could have a less alarming design, saying something like “This app can use elevated permissions. What does this mean?” with the “What does this mean?” text as a clickable URL that shows the user that this may cause security risks. I mean, is kind of a contradiction to have “verified” on the app and a red warning saying “Potentially unsafe”, the user will think “well, should I trust this or not??”
Users should be afraid of the malware that is default firefox. Why do you think so many people use forks?
Telemetry you can’t easily disable (requires modifying about:config, can change on update), Glean (nastier than anything in chrome), DoH to cloudflare, pocket (adware), Anonym.
https://www.jwz.org/blog/2024/06/mozillas-original-sin/ mozilla “saving the web”. If you want to save the web, use something like qutebrowser, luakit, or falkon with drm compiled out.
https://www.jwz.org/blog/2024/06/mozilla-is-an-advertising-company-now/
To be fair, if a naive user is going to get a virus, there’s a very high chance a browser will be involved.
In defense of this warning, when I first put my application on Flathub, I had it because of how file i/o worked (didn’t support XDG portals, so needed home folder access to save properly). It did actually motivate me to get things working with portals to not request the extra permissions and get the green “safe” marker.
A lot of apps will always be “unsafe” because they do things that requires hardware access, though, so I could see them wanting something more nuanced.
If you use Debian-based linux (Ubuntu, Minut, others), Mozilla recommends getting the package directly from their respository rather than flatpak or other repos.
Personally, I saw a major performance increase on my low-powered laptop when I switched from flatpak to the Mozilla package.
pretty standard compared to OSs like Android and iOS. i think the mobile OSs, at least recently, have done better at this; they don’t ask for permission until they need it. want to import bookmarks? i need file system access for that. want to open your webcam? i need device access. doing it all upfront leads to all the problems mentioned in this thread: unclear as to why, easy to forget what access you’ve given, no ability to deny a subset of options, etc.
does Linux have APIs for that? I know macOS does, not sure about either windows or Linux allowing capability security like that
