> Why in the world would I ever not want the software I install to read files in the Desktop and Documents folders?
Because it may be software which has no business reading local files to do what you want it to do. Arc, a closed-source web browser which requires (required?) an account asked for permissions to my Desktop, Documents, and Downloads folders. I didn’t grant them. Same with Slack.
Dealing with files is secondary to what those apps do. I used them out of external necessity, so I’d never give them access to my files. In fact, because they asked for those permissions when I wasn’t doing anything related to files it made me distrust them even more.
There’s one complaint I agree about, if it is justified:
- when migrating to a new machine, permissions granted should be migrated, too (I haven’t verified and doubt it somewhat, but the article claims that doesn’t happen, saying “Every time I opened an app on my Mac after […] migrating or installing a major OS update, I was barraged with security warnings.”)
There also is one I have mixed feelings about:
- “Why am I asked to approve three or four items in sequence instead of being given some sort of simple window indicating all the permissions that are being requested, allowing me to approve or disapprove individually or all at once?”
AFAIK, Apple’s answer is “because applications should only ask for them when they need it, not at initial run”, but if many applications start requesting them at startup, is it in the best interest of users to ignore that?
I also think it has to be easy to get answers to both “which permissions did I give Foo.app?” and “which applications can have permission to do bar”? Both take way too many mouse clicks currently. I know it would look daunting to show that entire thing as a matrix, but I think it would be a major step forward for power users. In addition to those questions, it would make it easier to compare permissions between similar applications (e.g. comparing permissions given to Chrome vs those given to Firefox)
> Why in the world would I ever not want the software I install to read files in the Desktop and Documents folders? It doesn’t make sense!
Every now and then I'm reminded that different people have vastly different expectations. Of course I DON'T want software I install to read arbitrary files. Not just files in Desktop and Documents directories. Ideally each application would be completely isolated from the rest of the system, being able to only read and write in its little dedicated sandbox. Access to anything outside should require explicit confirmation (sort of like Little Snitch's dialog for network access). Delete the application and it completely disappears, leaving no trash behind anywhere on the file system. Sort of like iOS meets Qubes.
Because it may be software which has no business reading local files to do what you want it to do. Arc, a closed-source web browser which requires (required?) an account asked for permissions to my Desktop, Documents, and Downloads folders. I didn’t grant them. Same with Slack.
Dealing with files is secondary to what those apps do. I used them out of external necessity, so I’d never give them access to my files. In fact, because they asked for those permissions when I wasn’t doing anything related to files it made me distrust them even more.