Comment by AlienRobot

Comment by AlienRobot a day ago

6 replies

View on Hacker News

In my phone "phone's app" I have the option to message on whatsapp next to each number, but when I click on it, whatsapp doesn't let me just message the number, it asks for permission to view all my contacts.

I feel like we have solved this a billion years ago with the tel: protocol. You don't need full access just to get passed 10 digits by another program?

It feels like permission models are stuck in engineering for low-level programs and nobody thinks about how actual people will use it, or perhaps their developers assume normal people are too stupid to manage fine-grained permissions for all the random apps they put in their PC's?

Maybe the real conspiracy is that the OS developers make the end-user security management terrible to make users afraid of running programs that weren't vetted either by their own proprietary app store where they get paid fees (or in Linux' case, by their distro). Forcing normal users to run a VM to be able to run untrusted apps is prohibitive and restricts the freedom of computer users, in my humble opinion.

As a programmer I dread writing any line of code that deletes files. I feel like there should be a low-level API that required me to say the file extension that my application is allowed to delete or something like that. It's still crazy to me that any single program can just delete all user files even though no user would ever grant it that ability. Until that is fixed the whole user permission model just feels like a big joke to me.

nolist_policy 3 hours ago

> In my phone "phone's app" I have the option to message on whatsapp next to each number, but when I click on it, whatsapp doesn't let me just message the number, it asks for permission to view all my contacts.

This works fine with Open contacts from F-Droid.

Reply View 0 replies
jeroenhd a day ago

WhatsApp can be more specific but chooses not to. They want to access your entire address book and cross-match your number with all of your friends', especially if they're not on WhatsApp yet.

This isn't a technological problem with a technological solution. It's a policy problem on WhatsApp's side.

> As a programmer I dread writing any line of code that deletes files. I feel like there should be a low-level API that required me to say the file extension that my application is allowed to delete or something like that. It's still crazy to me that any single program can just delete all user files even though no user would ever grant it that ability. Until that is fixed the whole user permission model just feels like a big joke to me.

Yes, but I wouldn't want my file manager to double prompt me every time I try to delete a file (one from the FM, one from the OS). However, on Android at least, your application can request access to a specific (set of) file(s) or folder(s), so that the damage of a file deletion bug remains very limited. Your app can even request read-only access.

I don't think mobile platform have a good "recycling bin" API, though. There's one for media files, but I don't think that works for general files. Still, the Google Photos/Camera apps seems to use a system prompt to verify deleting files, so I think there's something at least.

And in my experience, users are too stupid to handle fine-grained permissions. Every time I see my parents, I need to go over all of the websites they've somehow managed to permit notifications for (despite my disabling that shit by default), and I'm not the only one. Research shows people will click "allow" without thinking and leave apps running and updating in the background for months before cleaning house. And notifications are only a minor annoyance (at least on Android, other platforms allow them to be pretty annoying), this isn't even about apps trying to track your location by accessing the metadata on your pictures.

For a few decades, we've tried educating people about how to use computers, and wave after wave of viruses proved that most people are incapable of using a computer securely, even with antivirus. In the modern dumbed-down phone landscape, downloading a virus is actually quite hard, and the viruses can do far less damage than what they could in the XP desktop computer era, but that dumbing down comes at a cost. Every unfortunate new sandboxing rule Google imposes on Android (usually) has a very good reason behind it for the vast majority of users, even if it ruins the day or week or month of tens of thousands of power users who rely on the freedom to do what they want with their phones.

Reply View 0 replies
zzo38computer a day ago

I think it is a problem with the design of the system (e.g. POSIX), that the permission models do not work very well, so trying to add them to a system that it does not fit, might be the problem. (In some ways, it is possible to do by a VM code, but that has its own issues.)

The other things that you mention might also be significant, although I think the problem I mentioned is also a significant reason why it is difficult to change even if you do want to improve it.

> As a programmer I dread writing any line of code that deletes files

My idea of operating system design does not have any function to delete files. You can erase the contents of a file, and you can remove all references to a file (if you can find them). If you do remove all references to the file, then the file will be deleted. However, any of these things requires a capability which can be used to modify the appropriate files; you do not automatically have the permission to do any of this. (The capability might also be a proxy capability that does copy on write so that the program's view of them can no longer see the contents and references to the file even if they are not actually modified or deleted.)

Reply View 2 replies
  • theamk 4 hours ago

    No, it's not a problem with POSIX, and not even problem with Android (it can pass the number just fine).

    It's a design decision of Whatsapp, because they want your full address book so that they can build a social graph and sell you more ads.

    You don't need a new OS for that.

    (A secondary problem is design of Android system, which allows app to know difference between "permission not granted" vs "permission granted, user has empty address book". But a change like that is fully backward compatible, Google can retrofit this at any moment)

    Reply View 1 reply
    • zzo38computer 3 hours ago

      Like you mentioned, it is a design decision of Whatsapp which is a problem, but it is a problem that might be avoided if the system is designed better. Furthermore, some things might be detectable regardless of modifying the system, including timing, and also things which have to do with the instruction set itself. A design which requires the permissions even for timing and all other I/O too (I consider timing to also be I/O), would help, I think.

      Using proxy capabilities would allow you to make a "permission granted, user has empty address book" (or some subset of the data, or even made up random data) even if you do not have a empty address book, so that is what I think will be better. (Another way to do it might be to use a separate app for the address book, which does not use the address book in the system. This might work if the app cannot detect the presence of other apps.)

      Reply View 0 replies
Defletter a day ago

> It feels like permission models are stuck in engineering for low-level programs and nobody thinks about how actual people will use it

Not to be a perpetual curmudgeon, but I feel like a portion of the blame for this could the developers XY'ing each other into the broadest use-case possible. Allowing users to select photos to embed into their messages gets "but what are you really trying to do?"-d into just putting access to the filesystem behind a flag.

Reply View 0 replies