Feature list, organized like a public wiki.
This page keeps the explanations broad enough for normal readers while separating each feature family clearly.
Desktop features.
Daily computing
Fast desktop startup, responsive file operations, clean UI behavior, browser, media, documents, messaging, and normal user workflows.
Gaming
Modern games, older games, launchers, anti-cheat-sensitive titles, controllers, overlays, VR, emulators, and long-session stability.
Creator workflows
OBS, Twitch streaming, capture cards, audio tools, image tools, 3D tools, video editing, screen capture, and media playback.
Development
VSCode, IDE workflows, local services, game engines, containers, virtual machines, file-heavy projects, and reproducible app environments.
Media
Commercial streaming, browser DRM, hardware decode, physical media workflows, audio/video playback, and app-specific media permissions.
Accessibility and polish
Dock-based UI, guided settings, practical defaults, clear permission prompts, and human-readable system surfaces.
Core architecture features.
| Feature family | How it works | User benefit |
|---|---|---|
| Per-app micro-systems | Each app receives its own bounded operating environment with local dependencies, files, runtime behavior, and expected platform presentation. | Apps behave normally without sharing the entire machine. |
| App state containers | App configs, assets, cache, and local data live in protected per-app containers. | One app cannot silently tamper with another app's files or settings. |
| Compressed inactive apps | App environments can collapse into smaller sealed states when inactive, then expand enough to run when launched. | Strong isolation without excessive long-term storage waste. |
| Atomic updates | Updates stage, validate, and commit cleanly. | Less risk of broken half-installed states. |
| Policy engine | Users, devices, apps, services, networks, and roles can be governed by policy. | Security and administration become predictable. |
Security and privacy features.
No ambient app trust
Installed apps do not automatically gain broad visibility into processes, files, devices, browser data, or other app states.
User data mediation
Apps request access through SBOS controls instead of silently reading arbitrary folders.
Network isolation
Apps can be separated from each other at the local network and localhost layers.
Browser containment
Firefox is rebuilt as a native SBOS app with hardened settings, separated state, uBlock Origin, Dark Reader, and tuned CanvasBlocker.
Privacy diagnostics
Diagnostics focus on crashes, faults, performance, stack traces, invalid states, and compatibility signals rather than user behavior.
Age category policy
Adult, Teen, and Kid categories guide User Policies without requiring real birth date disclosure for local account creation.
DOB disclosure protection
Apps that require date-of-birth compatibility data can receive a stable randomized profile date unless the user chooses otherwise.
Provisioning trust
Activation, installation, finalization, and license validation are treated as part of platform integrity.
Server Suite features.
Web and app hosting
Modern web workloads, Node.js, PHP, RTMP, reverse proxy, WebDAV, and general service hosting.
Mail services
IMAP, SMTP, POP, relays, and managed mail server roles.
File services
SMB, CIFS, NFS, SBN, granular permissions, sharing, storage, and managed access.
Cloud-style services
Custom file sync, share, distribution, and collaboration-style workflows.
Virtualization and containers
Docker, SBOS native containers, full VMs, native hypervisor, and cluster-oriented deployment patterns.
Remote access
VPN, jump host patterns, thin-client support, secure access, and identity-aware policy.
Marketplace, SBGS, and FST ID.
Application Marketplace
Curated SBOS-native and supported non-native apps with packaging, signing, profiles, dependencies, and app-environment configuration.
App Collections
Structured groups of required and optional components deployed as one service capability, such as Gateway Services.
SBGS
Firewall, routing, identity-aware policy, web proxy, app proxy, TLS inspection, DNS controls, content filtering, sandboxing, and dashboards.
FST ID
Users, groups, devices, services, application objects, delegated administration, certificates, SSO, federation, and policy inheritance.
Diagnostics console
Local-first diagnostics, E2EE transport, triage, crash grouping, compatibility faults, and performance investigation.
Enterprise dashboards
Deployment status, system posture, service state, policy health, device state, and operational visibility.