Sandstorm's design is a little bit menacing! And it does require a fair bit of work sometimes to fit web apps not built for Sandstorm into Sandstorm's model. (The holy grail here is apps built for Sandstorm, but the platform needs to be bigger before more developers do that.) Usually packaging for Sandstorm largely entails locking an app into a single-document model, and stripping out authentication (since Sandstorm handles it).
But the end goal is pretty well worth it: Any grain is incredibly secure by default, and for the most part, app vulnerabilities are irrelevant. A grain where only you have access doesn't need any sort of authentication or security in the app at all. And since each document is it's own sandbox, sharing a document with someone doesn't give them a way in to exploit access to your other documents as might happen with a vulnerability in a more traditional design.
The business model story for selling Sandstorm apps isn't super great right now, you probably could have a licensing model that requested network access through the Powerbox to check the license or something, but in many cases, there's already a wide variety of great open source apps that are free and just frustrating to host and manage without a platform like Sandstorm (or Cloudron). (EDIT: Now that I think about it, Sandstorm used to have a paid license key/feature key system that made no callbacks, I think the licensing info was encrypted asymmetrically.)
As for your support of SaaS data collection, I just can't really agree with you: People who want to give data to a developer can choose to do so, but I think it's ethically wrong to collect data without permission. (Sandstorm servers do have the ability to opt in to provide basic app usage data back to Sandstorm's development team.)
I love FastMail, and have been an enthusiastic customer since 2016. :)
But the end goal is pretty well worth it: Any grain is incredibly secure by default, and for the most part, app vulnerabilities are irrelevant. A grain where only you have access doesn't need any sort of authentication or security in the app at all. And since each document is it's own sandbox, sharing a document with someone doesn't give them a way in to exploit access to your other documents as might happen with a vulnerability in a more traditional design.
The business model story for selling Sandstorm apps isn't super great right now, you probably could have a licensing model that requested network access through the Powerbox to check the license or something, but in many cases, there's already a wide variety of great open source apps that are free and just frustrating to host and manage without a platform like Sandstorm (or Cloudron). (EDIT: Now that I think about it, Sandstorm used to have a paid license key/feature key system that made no callbacks, I think the licensing info was encrypted asymmetrically.)
As for your support of SaaS data collection, I just can't really agree with you: People who want to give data to a developer can choose to do so, but I think it's ethically wrong to collect data without permission. (Sandstorm servers do have the ability to opt in to provide basic app usage data back to Sandstorm's development team.)
I love FastMail, and have been an enthusiastic customer since 2016. :)