That’s an interesting take. But you think its safer to use web versions? Sending your data out somewhere else? To keep tabs isolated in firefox I do use containers, so they dont interact, but I have never been a fan of making WPA’s, when I could just click on the tab its in or open it in the browser anyways.
Well, the isolation allows you select what’s appropriate for each bit of data.
For example, my financial data have to live elsewhere - namely the financial institutions I use. I’ve been paying Todoist $36/year for the past 12 years and they have zero pressure to enshittify, so I’m okay keeping that data elsewhere. I also outsource my email to Fastmail because it’s generally inadvisable to self-host email.
However, for most things that I’ve started using recently (karakeep, miniflux, baby-buddy, homebox, ghostfolio, and so many others), I’ve chosen open source apps and run their servers on my homelab. Linux on the server (unlike the desktop) is extremely well funded. There are a ton of different types of container and micro-vm configurations you can mix and match to give the exact level of isolation, resource, filesystem, and network access you’re comfortable with.
Also, I don’t think it makes much sense to use proprietary software for much in the future. The cost of software development has been going down at increasing rate for as long as I can remember for a variety of reasons, and LLM-assisted AI Agents is the just the latest iteration. With the latest SOTA models, it doesn’t take much to create an maintain a selfhosted OSS app - someone with the will to put in time and the most basic understanding of the basic fundamentals of software engineering.
Certainly not things I would trust particularly personal or sensitive data with. But remember that breaking out of server-side containers/micro-vms is really hard, and way beyond the capabilities of any AI slop.
So yeah, from what I’ve seen so far the best tools out there for enjoying the largest variety of software (including potentially undisclosed AI slop) safely is server-side Linux containers + client-side browser isolation. The closest thing we have to sandboxes in the desktop is flatpak, and it’s so trivial to break out that I’ve watched people do it unintentionally, just trying to make their app work in it.
That’s an interesting take. But you think its safer to use web versions? Sending your data out somewhere else? To keep tabs isolated in firefox I do use containers, so they dont interact, but I have never been a fan of making WPA’s, when I could just click on the tab its in or open it in the browser anyways.
Well, the isolation allows you select what’s appropriate for each bit of data.
For example, my financial data have to live elsewhere - namely the financial institutions I use. I’ve been paying Todoist $36/year for the past 12 years and they have zero pressure to enshittify, so I’m okay keeping that data elsewhere. I also outsource my email to Fastmail because it’s generally inadvisable to self-host email.
However, for most things that I’ve started using recently (karakeep, miniflux, baby-buddy, homebox, ghostfolio, and so many others), I’ve chosen open source apps and run their servers on my homelab. Linux on the server (unlike the desktop) is extremely well funded. There are a ton of different types of container and micro-vm configurations you can mix and match to give the exact level of isolation, resource, filesystem, and network access you’re comfortable with.
Also, I don’t think it makes much sense to use proprietary software for much in the future. The cost of software development has been going down at increasing rate for as long as I can remember for a variety of reasons, and LLM-assisted AI Agents is the just the latest iteration. With the latest SOTA models, it doesn’t take much to create an maintain a selfhosted OSS app - someone with the will to put in time and the most basic understanding of the basic fundamentals of software engineering.
Certainly not things I would trust particularly personal or sensitive data with. But remember that breaking out of server-side containers/micro-vms is really hard, and way beyond the capabilities of any AI slop.
So yeah, from what I’ve seen so far the best tools out there for enjoying the largest variety of software (including potentially undisclosed AI slop) safely is server-side Linux containers + client-side browser isolation. The closest thing we have to sandboxes in the desktop is flatpak, and it’s so trivial to break out that I’ve watched people do it unintentionally, just trying to make their app work in it.
But if you are self hosting, do you need to worry about that?
Either way, I appreciate the detailed response. And looking at the browser as a strong sandbox does seem smart.