IdeaWell

Project ideas from Hacker News discussions.

You can't trust macOS Privacy and Security settings

Original Article

Hacker News Discussion

📝 Discussion Summary (Click to expand)

1. Misleading macOS privacyUI

"I revoked every folder permission and tested: Insent still reads Documents even when the UI shows 'None'. This is a serious trust failure; transparency is supposed to be the whole point of those preference panes." – absolutedev

2. Distrust of closed‑source ecosystems

"In my opinion, you can't really ever fully trust a closed-source system, which is why I advocate for Linux distros, even though I'm a mac user myself (for now)." – MegagramEnjoyer

3. Sandbox/TCC permission fatigue

"The problem with Mac’s sandbox system is that it’s giving me some PTSD of Windows UAC. It’s inventing a solution to a problem that might exist in small doses, but instead gives users permission fatigue." – jasonjei

🚀 Project Ideas

Generating project ideas…

PermissionAuditor

Summary

  • macOS users can’t reliably tell which permissions an app truly holds; implicit folder grants persist despite UI showing “none”.
  • They need a trustworthy, one‑click tool to audit, revoke, and document hidden TCC grants.

Details

Key Value
Target Audience macOS power users, security‑conscious developers, privacy‑focused individuals
Core Feature Scan and list hidden folder/file permissions granted via file picker; allow immediate revocation with tccutil reset; export persistent audit logs
Tech Stack Electron front‑end + Swift CLI wrapper; SQLite for state; uses tccutil and tccd APIs
Difficulty Medium
Monetization Revenue-ready: Subscription

Notes

  • Directly addresses HN comments calling the UI “misleading” and “non‑trustworthy” (e.g., “the permission UI doesn’t reflect implicit consent”).
  • Provides clear utility for revoking hidden access without rebooting, satisfying demand for transparency.
  • Potential for integration with existing security tooling and compliance workflows.

VPNGuard

Summary

  • Many macOS users distrust VPN apps (e.g., Mullvad) because they’re unsure if they actually enforce a tunnel and prevent leaks.
  • They need a transparent, real‑time monitor that confirms a VPN is working as intended.

Details

Key Value
Target Audience macOS VPN users, privacy advocates, journalists, security professionals
Core Feature Live network‑flow visualizer + DNS/leak detector that validates all traffic exits only via configured VPN endpoints; export verifiable report
Tech Stack Go core with libpcap packet capture; Electron dashboard; Cloudflare IP/ASN lookup for endpoint verification
Difficulty High
Monetization Revenue-ready: One‑time purchase

Notes

  • References HN skepticism (“can you trust VPN to run well on a mac?”) and complaints about Apple bypassing VPN settings for its own services.
  • Creates confidence by showing concrete evidence of no leaks, turning a trust issue into a measurable guarantee.
  • Can be packaged as a companion app for popular VPN providers, opening a clear monetization path via direct sales.

MacSandbox Builder

Summary

  • Power users and developers want granular, sandboxed execution of untrusted binaries, but macOS sandboxing is opaque and cumbersome.
  • They need an easy way to create, apply, and manage fine‑grained sandbox profiles.

Details

Key Value
Target Audience macOS developers, security researchers, advanced power users
Core Feature GUI tool to generate sandbox manifests (disk, network, accessibility, process), launch binaries inside a sandboxed wrapper, and adjust scopes on the fly
Tech Stack Rust backend leveraging sandbox-exec and custom entitlements; Cocoa UI; integrates with TCC and App Sandbox APIs
Difficulty High
Monetization Revenue-ready: Freemium with enterprise license

Notes

  • Directly tackles HN frustration (“sandboxing feels like UAC fatigue”; “need granular privilege escalation”).
  • Offers a concrete solution for running downloaded GitHub repos or scripts safely, satisfying a clear market gap.
  • Potential for partnerships with security‑focused communities and enterprise adoption for secure dev pipelines.

Read Later