My 'dumb reductionist take' is me trying to tease out (with a little bit of humor) how you imagine this absolute security nightmare to be implemented in a way that wouldn't result in abuse of apocalyptic proportions. I mean maybe you had something ingenious in mind here, but then I'd like to hear it in detail instead of handweaving and arguing "there are other bad things so let's make it worse by 10 magnitudes".

So now without the humor: How would you design the system to prevent abuse, remote code execution and such? Because if that part isn't clear that idea should probably be shelved.

I would probably do it the same way any other dangerous operations are protected: make people type confirmation in (e.g. how you delete repos on GitHub), require you to manually add websites to a whitelist (e.g. how screen sharing for apps already works on Mac, or how some permissions work on Android). You can use heuristics to provide a more onerous confirmation for suspicious sites, exactly how running executables works on Windows.

Other security measures you could do:

1. Throttle events to the speed that a human could do them, so you can't instantly open a terminal and paste code in.

2. Require additional confirmation to sent events to specific applications, like the terminal, or explorer or whatever.

3. Only allow control of apps that are already open. That would be better than nothing.

There are probably other things I haven't thought of.

Anyway the point is the danger is only two clicks away already. This isn't a risk that isn't already there, it just makes the tech less annoying.