The right answer to "download our app!" is "no, stay in your browser tab".
> try looking at existing sandbox solutions.
I have, quite extensively; virtualization and sandboxing are things I have a great deal of expertise in. The best available application sandboxing solution that provides useful comprehensive APIs is the web. The next best solutions are mobile platforms, but that doesn't help laptops/desktops (no, iOS apps on macOS don't count), and aren't designed to let the user do things like block ads.
If an application is open, then sure, there are plenty of other options. If an application isn't open, I want it contained in a sandbox not of its own making, that it can't escape, that provides sufficiently comprehensive APIs such that interesting applications get built for it, and that keeps the user in control.
Yes.
> and should jump through hoops to find a way to get what I want from apps that aren't designed for it
What do you want which isn't designed for a native app?
> I want web apps, because they already do what I want, and keep getting better.
Perhaps. But where a web app might do what you want and get better, a native app can do what you want and get even more better.
> The best available application sandboxing solution that provides useful comprehensive APIs is the web.
You missed the next part: Or, hey, use an open source operating system and extend the existing sandbox solutions for whatever you think is missing.
> If an application is open, then sure, there are plenty of other options. If an application isn't open, I want it contained in a sandbox not of its own making, that it can't escape, that provides sufficiently comprehensive APIs such that interesting applications get built for it, and that keeps the user in control.
So you're either wanting to use and develop for Linux, or you're wanting to build apps that fit in walled gardens.
Guess which one lets you build and/or run native apps in a sandbox not of its own making, and provides comprehensive APIs, and keeps the user in control? It's not macOS or Windows, it's not iOS or Android, and it's definitely not web apps (which are the least common denominator of the list).
Running in a user-agent which is explicitly adversarial to the app's interests and capable of e.g. filtering out and rejecting its HTTPS requests and changing its displayed content based on user preferences, such as preventing the loading or display of advertisements/tracking/etc.
Please by all means suggest an established sandboxing technology that applications use that already does that. If your answer is "you could extend existing native-application sandboxes to be capable of that", my response is "why should I bother when I already have one that does what I want and that applications actually use?".
I would love to instead have a world in which everything is Open Source, in which case it'd be less necessary. Given that we're not in that world, the web is the platform I want proprietary applications to live in.
> So you're either wanting to use and develop for Linux, or you're wanting to build apps that fit in walled gardens.
I already use and develop for Linux, for a variety of Open Source applications. When I run other people's applications, I want them to either be Open Source or I want them to stay confined to a browser tab. Browsers aren't a "walled garden", they're a containment mechanism that works for the user.
> Guess which one lets you build and/or run native apps in a sandbox not of its own making, and provides comprehensive APIs, and keeps the user in control?
Delete the word "native" and the answer is "the web". And you've made zero compelling cases for adding the constraint "native".
To be clear, I could easily describe cases where native applications are better. For instance, I don't particularly want to run a code editor on the web, though many people do. 100% of those are cases where I seek out Open Source applications, so that I can trust them to not be doing things counter to my interests. And such applications don't need the same kind of sandboxing; they need to guard against security issues, but they don't generally need to guard against the application itself intentionally doing things against the user's interests. (That said, things like the xz backdoor do happen, which is an argument for being able to sandbox individual libraries and not just whole applications. But again, that's addressed by coarse-grained sandboxes like "this code shouldn't be doing this whole class of things at all".)
