I was looking at the firefox flatpak on flathub. Won't this warning make a non tech-savy user anxious? This might make them think they'll get a virus or something like that.
I was looking at the firefox flatpak on flathub. Won't this warning make a non tech-savy user anxious? This might make them think they'll get a virus or something like that.
Imagine your friend that does not know anything about linux, don't you think this would make them not install the firefox flatpak and potentially think that linux is unsafe?
I ask this because I believe we must be careful and make small changes to welcome new users in the future, we have to make them as much comfortable as possible when experimenting with a new O.S
I believe this warning could have a less alarming design, saying something like "This app can use elevated permissions. What does this mean?" with the "What does this mean?" text as a clickable URL that shows the user that this may cause security risks. I mean, is kind of a contradiction to have "verified" on the app and a red warning saying "Potentially unsafe", the user will think "well, should I trust this or not??"
I like flatpaks and flathub, but this is just something they do badly. I think as well they also have "probably safe" which is just as unhelpful... And what does "access certain files and folders" even mean!?
I think they should just follow the example of every other app store; list the permissions in an easily understandable list and let the user decide whether or not they are comfortable with it.
149I think they should just follow the example of every other app store; list the permissions in an easily understandable list and let the user decide whether or not they are comfortable with it.
Totally agree. The "verified" label will give new users enough comfort, and the ones who wish to know more will read the permissions.
51When I look at Firefox in Discover, it only shows the list of permissions the flatpak will be given out of the box, with no warning of it being "potentially unsafe." This certainly does seem like the better way to handle it.
Also, the warning on the Flathub website is clickable - it expands into the full permissions list. Why it defaults to "no information except maybe dangerous" is beyond me.
17That is a clickable menu that explains exactly what the permissions are.
5
Completely agree. Training normies to click OK on warnings like this is a no-good terrible idea.
41Training users to click on this shit is the same reason people wipe their desktop by ignoring "Yes I know what I am doing" warnings.
6someone is not a fan of LTT
3
They shouldn't click on on this tho
2
In my opinion, those warnings are not used to help users but to shame developpers for not trully sandboxing and verifying their apps. Developpers know that having this warning will decrease the number of users downloading it. The goal in the long run is to improve app sandboxing and security.
40By not letting the user import/export addon settings, bookmarks?
Btw, i hate the opinion that the dev must babysit his users. It makes software worse, not better, look at Firefox's profille folder for an example. If you have to, make an intro to train them.
15
Yes but surely you're aware that even the most new-user-friendly distros and their tools aren't necessarily aimed at new users.
That warning is a perfect example of how Linux developers choose which hill to die on. They post a warning for an app that everyone knows can deliver bad times to two camps of users; those that know and don't care and those that don't understand the warning. If we could quantify the helpfulness of that warning, odds are that it saved 0 users from malicious action from that avenue of attack.
Never expect Linux as a whole to be "helpful" to the new crowd.
37Isn't this why we'd expect new users to use a built-in package manager? Because it avoids this exact problem?
17Which is why I said "linux as a whole". Many distros will try to undo the nerdery and neckbeardism that is built into the parent distros but as a whole, linux is going to always be less welcoming to a new user than someone that's used to useless warnings and repeated password entries for elevated privileges. Being safer and being new-user-friendly rarely go hand in hand.
1
In defense of this warning, when I first put my application on Flathub, I had it because of how file i/o worked (didn't support XDG portals, so needed home folder access to save properly). It did actually motivate me to get things working with portals to not request the extra permissions and get the green "safe" marker.
A lot of apps will always be "unsafe" because they do things that requires hardware access, though, so I could see them wanting something more nuanced.
21To be fair, if a naive user is going to get a virus, there's a very high chance a browser will be involved.
17They should be worried. We don't want them comfortable.
So many negative things have entered our culture bc people don't care about dangers. Nearly every app should have a warning
16They should not be worried, they should be educated.
If you worry a new user enough they'll go back to Windows or Apple because there's less scary warnings there.
We need to make the transition as pain free as possible. Learning about the joys of kernel compilation and SELinux can come later.
The first step is "Hey, this is as usable as Windows, without stupid ads in the start menu.6Nearly every app should have a warning
So it would be how in the US half of all products have a warning saying they cause cancer thanks to California proposition 65? No thanks.
5If "nearly every app" that people already use suddenly has a big warning on it, people will quickly decide the warnings are meaningless and start ignoring them, like Prop 65 warnings. Congratulations, we've moved the needle backwards.
You have to meet people where they're at. I finally switched to Linux when MS introduced a feature I wanted no part in (Recall AI), but I would have given up within a day or two if the transition hadn't been basically seamless. I was able to pick up right where I left off, using all the same apps I did on Windows
except MusicBee RIP, but now I'm in a better position than before, on an open-source OS instead of closed-source. Now there's a little less friction between me and better, freer software.1prop 65 warnings are indeed useless
2
those warnings on mint and flathub are so ridiculous, there's no difference between those and official ones, somebody could just as easily put something nefarious in any flatpak
16Firefox on flathub is an official one, that’s not what this warning is.
2
This should have been much more well thought out The wording, image, buttons, specific wording for each page.
They really screwed the pooch.
Another 4-6 months minimum before release. But quarterly numbers must be met.
15If you use Debian-based linux (Ubuntu, Minut, others), Mozilla recommends getting the package directly from their respository rather than flatpak or other repos.
Personally, I saw a major performance increase on my low-powered laptop when I switched from flatpak to the Mozilla package.
14That’s nice, I think I’ll switch from Firefox ESR on Debian!
2I've tried both on my low powered HTPC and came to the same conclusion - especially noticeable where video acceleration is concerned
2
Yes, but also... It's true. Browsers are the number one way folks get viruses.
12Just reminding folks that just because it's flatpak'd, doesn't mean it's sandboxed. But they probably should add some general click here for more info.
12Yesss! It's too aggressive
12Good.
People need to view out of channel software with a hairy eyeball.
Hell, I run Debian all over and it’s absurd that the main repositories don’t do checksums on downloaded packages!
11I think it's absurd that most distros have no tools whatsoever for doing regular checksums of their own files. Windows certainly got that part right IMO.
2
isn't flatpak by definition relying on a second software source, hence 2x as much risk as relying on a single source (your OS repo)?
8How much sandboxing is your distro generally doing?
10beyond root processes, none that I am aware of. Hence I configured all my internet applications and steam to run in a jail :) firejail & bubblewrap come as native packages, unlike the flatpak contents
1
I'm a firm believer that regardless of operating system that a warning message saying that installing something could cause harm to your device definitely makes people think twice about installation if they're not tech savvy (AKA know more than the bare minimum anymore). It's definitely intentional that the large companies responsible scare you away from doing the things you want because they want you locked into doing things the way they want.
7What does 'user device access' mean?
6Clicking the potentially unsafe item lists the exact permissions.
It can access hardware devices, like your webcam or game controller. Likely --device=all in flatpak speak but I haven’t looked.
11Maybe access to connected devices (e.g. your computer components or the phone you have plugged in to your computer)
1
To be fair, the fact that browsers are allowed to do so much that this warning has to be shown is more an indictment on the current state of browsers (which at this point are almost like installing VMWare and a virtual machine on your computer!) than on something something Firefox or something something Flatpak.
5I mean yes, how exactly would you want the web to work? In order for it to be secure we need website code to run in an isolated environment. Modern web browsers have gotten pretty good at this.
Though we say it's a JavaScript Virtual Machine it's not the kind of virtual machine you are thinking of. It just means it's being interpreted in a certain environment rather than compiles code running natively. It's not like a whole OS. Running a web browser in a Virtual Machine is unironically a method to improve security; checkout Qubes OS for an example.
Also the permissions it's asking for aren't that serious. Basically GPU access and download folder access.
1I mean yes, how exactly would you want the web to work?
Text and images and hyperlinks; maybe audio and video if you're lucky and you can prove you can be trusted. No such thing as scripting, or if it's allowed, only in a limited manner with no such thing as "eval" and obfuscation and no ability to add or delete nodes from the DOM (or if it's allowed, those nodes must reflect under View Source / CTRL+U). No such things as loading a javascript audioplayer that tries to mix 123456 weird sources, just link me the .m3u direct to the audio stream's .mp3 file, or even better an .opus.
Definitively no DRM.
If any such thing as GPU access is provided it should be to deposit data, not to run code.
0
pretty standard compared to OSs like Android and iOS. i think the mobile OSs, at least recently, have done better at this; they don’t ask for permission until they need it. want to import bookmarks? i need file system access for that. want to open your webcam? i need device access. doing it all upfront leads to all the problems mentioned in this thread: unclear as to why, easy to forget what access you’ve given, no ability to deny a subset of options, etc.
3does Linux have APIs for that? I know macOS does, not sure about either windows or Linux allowing capability security like that
2not likely. i think it requires a lot of systems working together
2
I just typed "xdg-download:𝗰𝗿𝗲𝗮𝘁𝗲" into flatseal, my browser is safe af now.
3In short, no
-1Considetng flatpak doesn't verify the authenticity of what it downloads, all flatpak users should just expect that what they download is a virus
-5Users should be afraid of the malware that is default firefox. Why do you think so many people use forks?
-14as opposed to chrome?
6Chrome being worse than Firefox doesn't make Firefox's default telemetry, adware, and DoH to cloudflare good. When the bar is Chrome, essentially any browser passes.
4
Would you mind explaining?
2Telemetry you can't easily disable (requires modifying about:config, can change on update), Glean (nastier than anything in chrome), DoH to cloudflare, pocket (adware), Anonym.
https://www.jwz.org/blog/2024/06/mozillas-original-sin/ mozilla "saving the web". If you want to save the web, use something like qutebrowser, luakit, or falkon with drm compiled out.
https://www.jwz.org/blog/2024/06/mozilla-is-an-advertising-company-now/
2
Pushing someone new to Linux to use Flatpak? Shame on you.
-14Huh? Flatpaks are great and there's no real reason why they'd be unsuitable for a new user.
3Many flatpaks are not aware of their sandbox and thus have a bad ux.
E.g. flatpak Steam can't access SteamLibraries at a non-default location, unless the user manually allows the path through flatseal. The same is true for other similar apps which don't use the file portal.
Issues like this are unexpected for new users and thus it can be argued that flatpak aren't a good recommendation for new users. I personally disagree because most flatpak work flawlessly and work everywhere independent of a users distro.
7
Flatpak is one extra step. If apt or rpm already has what you want, which is true for many new users, why would we push them towards scary click thru action?
1