I'm in a process of figuring out what's the proper scheme to organise user profiles and distribute apps. Most of topics I've found here rather suggest particular schemes, mentions specific threats models, so I would like to retract a bit and collect some inputs on profiles specific in GOS that will allow me to figure out desired scheme on my own (while balancing tradeoffs between threats, simplicity and usability).
I would like to avoid recommending specifc setup and scheme here, please!
So can you please contribute by mentioning specific and aspects of following items:
Specifics of Private space:
- exists only in Owner profile
- doesn't have access to phone and sms (fin apps may fail if they depend on it)
- shares clipboard with "outside" (decs are considering to implement a setting for that)
Specifics of non-owner user profiles:
- can't install tools like Termux
- can't configure some of system-wide settings like private DNS (can do it for apps that allow it, like Vanadium etc)
Specific of switching between profiles:
- if to use separate user profile, media will stop if once switch to fin-profile
- only 3 profiles can be active at the same time (apps not frozen)