←back to thread

Game launcher installs Root CA certificate on your machine (2024)

(github.com)
61 points vandalism | 3 comments | 07 Sep 25 01:13 UTC | HN request time: 0.502s | source
Show context
sneak ◴[07 Sep 25 01:39 UTC] No.45154582[source]
The entitlement of application authors to do whatever the fuck they want on your machine is astounding to me.

Root CAs, background processes 24/7, uploading of the full process list, clipboard spying, local network scanning, surveillance (aka telemetry) - when did developers decide that our machines aren’t ours anymore?

replies(5): >>45154600 #>>45154605 #>>45154643 #>>45154652 #>>45154741 #
1. diath ◴[07 Sep 25 02:09 UTC] No.45154741[source]
It would be nice if desktop software had to explicitly request access to different APIs on the system (network, filesystem, etc) as well as only request access to specific filesystem paths, then give us prompts that list the permissions that the app wants. Something like pledge (https://man.openbsd.org/pledge.2) from OpenBSD/Serenity but integrated into the desktop systems GUI.
replies(2): >>45154762 #>>45154817 #
2. drodgers ◴[07 Sep 25 02:13 UTC] No.45154762[source]
MacOS has been moving more and more in this direction, and it’s good.
3. to11mtm ◴[07 Sep 25 02:21 UTC] No.45154817[source]
That would indeed be very nice, compared to the current standards out there for desktops...

Ironically, I -think- UWP tried to 'solve' this in some ways but OTOH adds new problems instead...

I also know Microsoft had a different idea when it came to .NET before core, where libraries could be run in 'Partial trust' but with 'Link Demands'... And I've never seen a shop actually do that right vs just YOLOing with 'full trust' and/or abuse of AllowPartiallyTrustedCallersAttribute...

Which I guess is a roundabout way of saying I feel like Microsoft has tried twice but completely lost the plot early on and failed to deliver a usable product (What even is the state of UWP questionmark, and .NET Code Access Security was given up in Core....)