Urbit is an OS, apps have access to whatever you give them access to. If you want one app (say, a dating profile) to not have access to data stored by another app (say, your bitcoin wallet), you run them under separate sub-identities as described above.

That has nothing to do with the thing you quoted ("network identity and keys are already baked into all your interactions with the network"), which describes how urbit nodes talk to each other. Whatever identity you run an app under, all traffic from that app will be cryptographically signed by that identity.

> If you want one app (say, a dating profile) to not have access to data stored by another app (say, your bitcoin wallet), you run them under separate sub-identities as described above

You're dancing around the issue.

So:

1. By default all apps have access to everything.

2. In order for apps to not have access to everything, you have to set up a different identity which is magically different from having to set up different identities now because it has cute names like "spin a moon away from your ship"?

3. The burden is still placed on the user: to set up and manage all these different identities and subidentities to just make sure that a chat app doesn't have the ability to steal all my money

3.1 And when in the current systems the burden is to keep track of logins and passwords, in Urbit it's the burden of understanding all the technical mumbo jumbo and going the trouble of spinning new servers (which I assume are not free) just to run a banking app.

How do you keep apps from accessing other apps' data on linux? By creating separate user accounts with limited permissions for the apps to run under, right? Same deal here. Except that in urbit, "different user account" implies that it's running in a separate VM.

I'm not arguing with you, just trying to answer your questions. If you want to make really damning accusations about how awful urbit is, it will help to learn more about how it works :)