Hey @1ko, thanks for bringing this to our attention.
Giving read and write access to different locations in the file system is one of the most delicate topics. For example, if syncthing can read .ssh or .gnupg, then it could do a lot of harm.
We are all here because we trust the project and the developers, of course, and they are not going to steal our private data <3. But that’s clearly a level of trust that we shouldn’t lightly give away. And I will need to run on my machine some applications that I can’t trust at all, like closed-source slack for example. We need a mechanism that gives full control to the user over which files are available to each application.
When we were working in the Ubuntu Phone, that was easier because we controlled the UI toolkits and we could make sure that all the file pickers used our secure mediator. It was called the content hub. But now the problem is harder, we need to support CLI apps, all kinds of GUI toolkits, and things like syncthing, which doesn’t have a file picker on the web UI, just a text field.
We are trying not to hurry on this, because if we implement the wrong solution we will have to support it for a long time, or we could introduce a security vulnerability. We are collecting all the requirements, information about different types of projects that are affected by this, and ideas of how to solve it. So your posts are very helpful, and I invite everybody else to tell us about their experiences and suggestions.
The case of syncthing is actually pretty similar to the one we are discussing here, for editors: