@JessTheUnstill @bohwaz @punkfairie @ajsadauskas @tomiahonen @fuchsiii Exactly...

Coincidentially, that's why #Android (and #iOS) doesn't let users have #root access because billions of devices owned by mostly "#TechIlliterates" that hardly get #SecurityUpdates would be an even bigger risk if they didn't boot a locked-down #ROM image, thus only allowing for #malware in user-privilegued userspace!

• I'd even go so far that I'd wish for @torproject to basically merge fmr. #FirefoxOS / #KaiOS & @tails_live / @tails / #Tails to build a #privacy-focussed #ROM for #Smartphones and #Tablets i.e. "#TailsMobile" or sth.

Cuz having a mobile OS that shoves everything through #Tor and only allows #userspace-Apps in the form modern web technologies would be a big #security and #privacy gain.

• Not to mention #amd64 is on it's way out and inevitably they gotta have to transition to supporting #arm64 and eventually #RISCv-#64bit at some point.

@kde@floss.social @kde@lemmy.kde.social

Thx for the info, then it is like that.

Here is the goal proposal

https://phabricator.kde.org/T17370

Tbh, #bubblewrap would need to be fixed drastically to be as secure as the #Android #sandbox. And (I am not sure yet) I think even #Snaps are more secure (on #Ubuntu with #Apparmor patches) than #Flatpak with the current system.

As far as I understood, sandboxing needs to happen in #userspace, with tools like #fuse doing the work while being restricted by #MAC like #SELinux or Apparmor.

@SweetAIBelle tho AFAICT the "#PersistentStorage" in @tails_live @tails / #Tails is just a fancy #GUI to handle #LUKS devices in #Userspace and basically just mount it's content under $HOME/Persistent/ aka. /home/amnesia/Persistent and merely handle some completely hidden subfolders for settings, translations and 3rd party apps...

I'm shure if I dive deeper into it I'll get the details at @torproject ...