> As a complete nerd, you'd think maybe I'd like that I can prove my skills like this, but it comes off as deeply disrespectful to me as the user that I can't disable this.

You seem to have understood the problem. But then you didn't follow. If there was a way to disable this, first thing that the grandma would do is watch a video how to disable that and lose security from then on.

Of course it is not perfect, but their approach here is really decent. And also, if you find yourself needing to go through that often I think that's not a good sign security-wise.

That’s likely not quite the reason. It is to make you have to pause to think if this is the action you want to take.

On the flip side, many websites ask if I want to allow notifications. I almost never do. I was looking at settings recently and surprised how often I’d clicked yes by accident (maybe about 5% false click rate?)

Making the prompts understandable helps a lot when it comes to preventing your grandma from installing a keylogger. I don't mind the setting not being obvious exactly because people who don't know computers shouldn't be tricked into toggling them.

But it is funny to see the daily barrage of permission prompts fly through when macOS made an entire ad ridiculing Vista for half the popups and permissions macOS requires these days.

This particular permission is pernicious, ponder for a picosecond the possibilities:

It’s used for writing keyloggers.

That’s it. It’s the permission that lets you write a keylogger. It SHOULD NOT be just a click away. It should require some extra song and dance, because this is an especially dangerous permission, and the extra friction is justified.

The scary thing to me is how Apple makes you jump through hoops to install or use any sort of app, but when it comes to adding items to your login items, they don't even require you to grant permission.

Tried some little throwaway app and realized you don't need it? Sucks for you. It added itself to your login items and it'll start up in the background every single time you turn on your computer. And it won't even tell you. Thought you deleted the app from your Applications folder? If you didn't check your login items, there's probably some little script that deeply installed itself and it'll reinstall it in the background during your next startup.

Adobe is the fucking worst with this. Their Creative Cloud spyware keeps enabling itself and reinstalling itself so long as you use photoshop. And it'll constantly find ways to turn itself back on. Steam also adds itself to login items, which is fucking annoying because you'll reboot and be hit in the face with game ads. At least it respects your decision when you turn it off, but login items should be opt in, never opt out.

It got restrictive enough that I jumped to Linux with Hyprland and just configured everything the way I actually want

For a long time, I’ve believed that the actual solution is to make the system transparent enough that a compromised system is obvious. Imagine playing hide and go seek in the salt flats

> but they should offer a way for those of us who aren't clueless to turn whatever it is off.

I'm not sure if it's what you're asking for, but you can disable SIP:

https://developer.apple.com/documentation/security/disabling...

And then one that grinds my gears, perhaps more than it should: there's no way to change the default browser without explicit user action or consent.

But do that and the very next thing that happens when you try to open a browser or a link in an email?

"Your browser has been changed from Safari to Chrome. Would you like to use Safari or keep using Chrome?" and for a little salt, the default is "Use Safari".