I have grown to be annoyed by applications ignoring the XDG base directory specification.

What’s the best way to deny applications any changes to the home directory except in the specified directories .config, .cache and .local?

