Quoting Trent W. Buck (trentbuck@gmail.com):
Do you have a canned rant for this one? https://en.wikipedia.org/wiki/Matrix_(communication_protocol)
I wish I did. I _could_ ask the aformentioned bitter and cynical friend, Miles Nordin. Personally, I'm a little out of touch, what with having (custom, de-junkified) Android only on a wifi-only Nook Tablet, not a smartphone. And I can't be bothered with the trendy stuff in general, e.g., when one volunteer effort I associate with were lobbying for the group to adapt Slack, I said 'I'm sorry, isn't that like IRC or XMPP, except with obligatory proprietary secret-sauce and control by some bunch of businessmen you don't know and have no reason to trust?' THey just looked at me, like, hey, the caveman spoke. ;->
There was an IEEE Spectrum article a while ago (can't find it now) called something like "the web will be insecure until we break it", advocating that each website looking like a desktop app (with strong separation between them), but still using the kept-up-to-date browser engine.
The closest thing I've seen to this is this group policy in chromium (introduced in the wake of SPECTRE):
http://dev.chromium.org/administrators/policy-list-3#IsolateOrigins
If I actually logged into web pages and didn't e.g. locally NXDOMAIN facebook &c, I'd be turning this on for a bunch of name-brand domains.
I've heard a great deal about this over the years from $SPOUSE, Deirdre, who for a long time was an engineer at Apple, Inc. working on the Safari Web browser -- which is surprisingly not bad for a proprietary binary-only thing, FWIW. Yes, what the article said. Deirdre regaled me with quite a few tales of where Apple introduced greater isolation between various things within Safari, and tradeoffs always being involved.
100% agree.
IME the best way to solve this is to have no friends, so you don't need a phone to organize when to hang out with them.
I find the potential privacy loss from $CROOKS potentially hax0ring my flip phone via the creaky, antique Freescale Semiconductor MC13777 quad-band RF transceiver and ARM-based DSP56631 GSM/GPRS/EDGE-enabled baseband IC to be of almost no concern -- because I don't have anything very meaningful on it (except the address book) and don't trust its operation with anything sensitive. In other words, one coping mechanism for mobiles not being trustworthy is to avoid trusting them. Similarly, people visiting my house are often surprised to find me advertising an unencrypted wifi ESSID. They ask, 'How can you trust the network?' I reply, 'I don't trust the network.'