I’d say a keylogger could take care of that problem…but I agree, it would probably make it harder for an average bad guy.
I did not say it was unique to Daedalus and I agree that if you downloaded some sketchy software, you are probably screwed in more than one way. The reason I mentioned dApps was to illustrate how someone could target ADA holders.
Sure, the dApp would require some effort to put together. It would reduce the hacker’s attack surface, but increase the payoffs as he would increase his chances of landing a computer with actual money. Compared to some deadbeat who watches free porn (which is how you normally catch these nasty stuff on your pc), an average ADA holder is much more likely to have a sizeable amount in his pocket.
Community reviews could be useful, but we run a risk of fake people taking over the process and pumping up the ratings. Amazon suffers from this… There would have to be a better process.
I don’t believe this is an ‘either/or’ issue. We could have both. To be clear, I am not advocating for some central vetting for dApps, but a way to guarantee quality on a platform level.
And yes we could and should strive to create something better, meaning the crappy Google Play store is too low of a standard for Cardano.
I am sure Cardano/IOHK will come up with some solution to meet these simple security requirements. Security features are crucial to get right the first time as it impacts Cardano’s reputation in the space and might determine its widespread adoption rate (i.e. its fate).
Unlike a small subset of general population, who actually understands Cardano/crypto, the mainstream doesn’t want to get into the details of how things work. They want safe, reliable and useful tools that solve their everyday problems. The steps you outlined require people to have an above-average understanding of computers.
Judging by how people struggle with everyday use of PCs (examples are abundant in this forum too), these commandments would probably go right above their heads… which is why we need something simple and intuitive to safeguard the users against bad actors.
I agree this is a community-wide responsibility and must be carefully studied and addressed before we move on to the mass adoption stage.