Let's make Privacy Mode safer and more private

[ghost]

If a program is not portable and uses a profile from AppData user space directory, then OpenFilePath for/to AppData user space must be added in Privacy Sandboxes or else programs can't read user profile. That makes sense given how Privacy Sandboxes operate, but Privacy Sandboxes write changes to those profiles in AppData directories, not in Sandboxed directories. Without Privacy Mode, Sandboxie copies user profile files into respective sandboxes and writes changes to those profiles in those sandboxes. Using ReadFilePath in Privacy Mode instead of OpenFilePath prevents Sandboxie from making any changes to profiles in any directories and many programs require making (at least temporary) changes to user profiles to function correctly.

Sandboxie should have an option for Privacy Boxes to copy user-specified ReadFilePath or OpenFilePath AppData profiles into sandboxes and allow changes to those profiles inside those sandboxes. That is the safest mix of both worlds.

This does not affect programs that are portable and contain and read configuration files in directories of executable files.

[offhub]

See https://sandboxie-plus.github.io/sandboxie-docs/Content/NormalFilePath.html