- cross-posted to:
- linux@lemmy.ml
- technology@beehaw.org
- cross-posted to:
- linux@lemmy.ml
- technology@beehaw.org
I am not a member of the Anti-Snap crowd (although of course the server sources should be open source), but there is obviously a lot to improve. Flathub/Flatpak should also take note!
You must log in or # to comment.
Real tldr: someone downloaded a fake app and was scamed and here are the author’s recommendations:
- Mandate & verify that all published applications using financial and/or cryptocurrency branding are officially published directly by the upstream developers
- Change the store so all initial Snapcraft store name registrations are gated behind human review
- Gate the first month of a new snap uploads behind human review
- Block all interface connection requests behind a human review, including automatically connected ones like network and home
- Fully staff the team doing the above to respond to registration, interface connection and upload requests in a timely fashion
- Send out a clean snap update (as we did in 2018) to all clients that have the scam snaps still installed
- Publishers should have their ’newness’ on the platform highlighted with a ‘New Publisher’ badge
- Snaps that are less than $M (2?) months old should have a ‘New Application’ badge
- Snaps that have fewer than $N (50?) installs should not appear in search results
- The store should make prominent notes to users that newly published snaps and snaps from new publishers should be viewed with extreme caution
- Provide better education to users on the risks of installing finance and cryptocurrency software from the Snap store
- Review and update all wording in graphical and web software store-fronts to ensure users aren’t given a false impression that malware is ‘safe’
Me: What are your recommendations, dear lemmy users? I bet you can come up with much better recommendations