Yeah, wouldn't it be great if every application I had open could read my entire screen and act as a key logger to collect all my passwords and personal information? Obviously, since I installed the app, that means I have to trust it completely, and not trusting it completely is just silly!
Yes it really would be. It's the reason I use Linux in the first place, to have freedom to do whatever I want. I don't need linux to protect me from Windows Recall. I chose linux because it already doesn't have stuff like that. And the system (used to) treat me like an adult.
it's where the security boundary is. The system should protect me from unwanted software getting on the system. Once a piece of software starts running, I do want to give it full access to the system. If not, I'll run it in a container. All the protections wayland offers are to protect against a piece of software someone had to already have access to install. If you are that paranoid, set up selinux properly. Which nobody does, cos it's a pita. Enforcing permissions for everything on everyone is a similar pain in the ass.
If non-corporeal entities could move within my home invisibly and observe my activities silently or change things in my environment at will, I’d definitely consider it.
If it was practical to have some way to a priori prevent the appliances in my home from seeing me or listening to what I do, while still being able to use them for their intended purpose, then I would certainly use it. Since there is a practical way to do that on a computer, then I'm going to use that if I can. In the same way that I use live narrowing fuzzy search for almost all of my interfaces with the computer and would certainly use that if it were physically possible for physical objects as well, but it just isn't. There are many things that we can do on the computer that we can't do in real life and thus we request that the computer do them.
Furthermore, in fact, to the extent that it is possible, I do in fact do this: I flat out refuse to install appliances in my house that would have the capability of passively listening to every word I say or watching every move I make with microphones or cameras — no Alexas or Google Homes or Nest security cameras or smart toasters or anything of the sort. Whereas installing applications under Xorg is essentially the equivalent of having every appliance in your entire house come with microphone and camera that is always on, and just having to trust that they don't actually do anything with that data. Every application installed under XROG essentially has the capability to surveil you and simply choose as not to, whereas I would prefer the digital equivalent of only having appliances in my house that do not have microphones or cameras, or must explicitly ask my permission to use them — Wayland.
This is exactly why SpectrumOS (not in a useable state yet) is intriguing to me, as well as qubes OS’s very recent efforts on practical gpu acceleration.
The thing is that Qubes OS uses child Xorg servers per application to make it so that applications can't read the screen or the keyboard from other applications, whereas Wayland simply builds that into the protocol level so that you don't need that horrible hack. Likewise, it needs VMs to isolate each application or environment from each other and the host, and to make the host immutable and reset on reboot. And we can do all of that now with containers and sandboxes and immutable image-based distros. Not as securely, but at great benefit to performance and interoperability. So personally, I think while Qubes is still the gold standard if all you care about is security, if you want a good balance of security and everyday usability, Fedora Silverblue with distrobox and Flatpaks and a Wayland DE/WM is acceptable enough, as long as you harden the polkit permissions and a few other things like that. And yes, yes, I know the FUD about Flatpak *not being a sandbox" lol
That only determines who/what can connect to the X server at all, it's either a host/user/client with a cookie can connect to the X server or it can't at all; that has no bearing on me wanting to be able to use graphical applications that are able to connect to the display server without having each one of the graphical applications so connected to be able to read all my keystrokes and the output of my entire screen.
