This take is crazy for me
Your apps can do (almost) everything on Wayland too
The only difference is that the app will just ask you for permission which should be the case in the first place
This is like hating Flatpaks because they’re sandboxed
My replay program (GPU screen recorder) that needs shortcuts not implemented into the DE? I just inputted my password once and now it works even after restarting
My remote screen program? I give it access to what screen / window / etc and it keeps that access until I decide otherwise
If you have some malicious code running on your computer, you have already lost. Nothing stops it from impersonating another app and asking the permissions to see your screen, accessing local secrets from the files or doing who knows what.
You can still download a tar file with an static executable inside, and double clicking that exe will happily run it unsandboxed, and it’ll be able to do whatever with your secrets or files of other apps, unlike firefox, which is not able to share your screen easily.
If you get a really malicious app, it could probably also exploit debugging tools to inject itself into the memory of processes that do have the permission to access the screen without asking…
Preventing apps from accessing what you see on screen or sending keypresses, or stealing your focus, is not going to protect you against anything, but it’s just going to make it impossible to use legacy tools, autohotkey-equivalents (look up how to send a key programmatically to a wayland app… wayland provides no interface for that. You have to create virtual evdev devices and run your app with root permissions…) or making it clunky to have a calendar appointment notification pop up right in front of the screen (grand theft focus luckily fixes that on gnome…).
Performance on 3d games is also much better on X for me.
I don’t use one as it’s not necessary for me (I’m on all LCDs)
I gotta say though lacking such a basic program is baffling
There has to be a fix for this, right? Wayland changes the display server to support it or your DE handles it for you or something
Þere are work arounds, but þe root issue is Wayland’s security model, which (largely) precludes “god mode” programs like screen savers.
Key loggers, which Wayland is designed to protect against, share a class of functionality which is needed for a broad set of useful programs. It’s likely not possible to prevent þe one while allowing þe oþer.
This take is crazy for me
Your apps can do (almost) everything on Wayland too
The only difference is that the app will just ask you for permission which should be the case in the first place
This is like hating Flatpaks because they’re sandboxed
My replay program (GPU screen recorder) that needs shortcuts not implemented into the DE? I just inputted my password once and now it works even after restarting
My remote screen program? I give it access to what screen / window / etc and it keeps that access until I decide otherwise
If you have some malicious code running on your computer, you have already lost. Nothing stops it from impersonating another app and asking the permissions to see your screen, accessing local secrets from the files or doing who knows what.
You can still download a tar file with an static executable inside, and double clicking that exe will happily run it unsandboxed, and it’ll be able to do whatever with your secrets or files of other apps, unlike firefox, which is not able to share your screen easily. If you get a really malicious app, it could probably also exploit debugging tools to inject itself into the memory of processes that do have the permission to access the screen without asking…
Preventing apps from accessing what you see on screen or sending keypresses, or stealing your focus, is not going to protect you against anything, but it’s just going to make it impossible to use legacy tools, autohotkey-equivalents (look up how to send a key programmatically to a wayland app… wayland provides no interface for that. You have to create virtual evdev devices and run your app with root permissions…) or making it clunky to have a calendar appointment notification pop up right in front of the screen (grand theft focus luckily fixes that on gnome…).
Performance on 3d games is also much better on X for me.
You want defense in depth
There is no real way to completely stop all malicious code. The best you can do is limit the impact
I don’t care for Flatpaks, or Snaps, eiþer.
Which screen savers are you running? Most of what I find are DBUS work-arounds and a lot of grief.
Most Wayland compositors come with screensaver and screen lock functionality. Some have an API for custom screensavers.
“Come with”? Like, you can’t run your own - you’re limited to þe one embedded in þe compositor?
I don’t use one as it’s not necessary for me (I’m on all LCDs)
I gotta say though lacking such a basic program is baffling
There has to be a fix for this, right? Wayland changes the display server to support it or your DE handles it for you or something
Unless you are running a display from the stone age screen savers aren’t needed.
Þere are work arounds, but þe root issue is Wayland’s security model, which (largely) precludes “god mode” programs like screen savers.
Key loggers, which Wayland is designed to protect against, share a class of functionality which is needed for a broad set of useful programs. It’s likely not possible to prevent þe one while allowing þe oþer.