People here’s take about why free software (“open source”) should be preferred, in my opinion (basically the OpenBSD’s opinion) is flawed.
You said “open source” is “good” because it permits having eyes on (“auditing”) and make sure there isn’t malware.
This is NOT the most important benefit. But it is flawed because, you guys don’t even have the knowledge to do coding. You guys are activist/“journalists” working for CIA. So you cannot audit the software yourselves.
Or “open source” but with a bad code style, how can you make sure the code doesn’t have backdoors? But I think hilarious journalists that is only smart enough to post fake news about how down is the Russia and China economy can’t even write bad code.
“open source” is good, firstly, because it permits auditing the source code and find the bugs, replace flawed/bad code with safer alternative (for example, the advantage of an open-source C software when porting to OpenBSD is they can replace every occurrence of strcat/strcpy with safer strlcat/strlcpy), sandbox it (on OpenBSD, with pledge and unveil), do privileges separation and revocation, etc.
And I think “you can make sure there isn’t malware/backdoors” is the second benefit, NEVER THE FIRST.
Conclusion: Do not blindly trust what is “open source” when you can’t even do code auditing.
Fine.
I’m talking about people who only debate on matrix/reddit about why this privacy service is more trustworthy. Then when I told them to self-host they reacted aggressively.
@[email protected] or @[email protected] can audit for you.
Seriously, that’s what you’re missing. Bob the non-coder can trust Microsoft not to plant spyware in MS products, or Bob can trust some portion of the public (limited to ~8 billion people) to audit the code. It’s easier to trust the public than it is to trust a corporation. It’s not just about quantity of eyes, but having eyes that are more aligned with your interests.
I’m sorry if I made the guy question his life so hard, he deleted his comments.
You summoned me for auditing code? Call me crazy but I’m in, I would actually do it and hand out free threat level and security analysis for you specific use-case / system.
I’ve been in the industry for 20+ years.
Sounds good… will be interesting to see if @[email protected] takes you up on the offer!
We are actually in touch
Hopefully he asks you to audit a tool you might enjoy using or contributing to.
That would be indeed awesome.
He actually did not delete his post.
Why are you attacking me then. There are dipshits all over the place in IT spectrum. You won’t see a lot of industry professionals chilling in matrix spaces debating noobs. You had one impression and now you are telling all of us to get a grip. I think you yourself should get some fucking grip.
Curious why do you put yourself in the class of privacy racers.
Because I’m a privacy advocate
!!!
Do you think installing and start using privacy-tool-of-week would improve your privacy?! Do you think proton mail is trustworthy?
Protonmail is now FOSS?
I saw the clients are open source, but what about the server??
Anyways, if you put your data on others’ hard drive, NOTHING will guarantee the data can be erased on demand.
But well, when the clients is open source, PGP-encrypted messages are mostly safe.
Except if you get the key from their web client.