Great example of why operating systems should be stealing more ideas from Qubes, the OS where everything runs in a vm.

Qubes is not practical for mobile laptop use and non expert users.

BUT it would be very practical for other OSes to offer the option of VM-style isolated containers as first class objects that are easy to make and configure boundaries on, and for which first class interop facilities are provided (eg “send this file to this container” “send the clipboard to this container’s clipboard).