this post was submitted on 12 Feb 2024
-23 points (12.9% liked)

privatelife - privacy, security, freedom advocacy

1559 readers
1 users here now

This community is meant to advocate privacy, security and freedom in an concise manner, free of prejudice bias, free of politics, free of cultist thoughts.

Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say. - Edward Snowden

Reddit: https://old.reddit.com/r/privatelife

Matrix: https://matrix.to/#/#privatelife:matrix.org

Telegram: https://t.me/r_privatelife

READ THE RULES

  1. Opinions are welcome, facts more so. Attack arguments, not people. Hating, baiting, trolling, flaming will be dealt with strictly.

  2. Discuss closed source software with caution. Advocating for it strongly (cult brigading) can be treated as violation of this rule.

  3. Editing titles of article links is strictly prohibited, unless and until the summarisation remains accurate to the context of the article or paper. Such link post will be removed without questioning.

  4. Targeting of any country, person or nation is strictly prohibited without valid reasoning. Evidence if not presented against the specific company/corporation/individual will be treated as personal attack and/or hate speech. This will result in a warning, then ban system.

  5. NO PERMA BANS! Ban system will work as follows:

1 day --> 3 day --> 1 week --> 2 weeks --> 3 weeks --> 1 month --> 3 months --> 6 months

Severity of the ban system will be dealt with based on degree of violation and circumstances.

  1. NO FACT-LESS EVIDENCES, NO FALSE RHETORIC Evidence has to be credible. The onus of this lies on the claimant. The same applies on the user who questions proven evidence. Violation of this rule will be dealt with strictly.

  2. Copycat posts serve to litter the community, increasing quantity and decreasing quality of posts. As such, posts will be removed. Repeated attempts will receive warning.


Related communities:

founded 4 years ago
-23
submitted 9 months ago* (last edited 9 months ago) by [email protected] to c/[email protected]
 

People here's take about why free software ("open source") should be preferred, in my opinion (basically the OpenBSD's opinion) is flawed.

You said "open source" is "good" because it permits having eyes on ("auditing") and make sure there isn't malware.

This is NOT the most important benefit. But it is flawed because, you guys don't even have the knowledge to do coding. You guys are activist/"journalists" working for CIA. So you cannot audit the software yourselves.

Or "open source" but with a bad code style, how can you make sure the code doesn't have backdoors? But I think hilarious journalists that is only smart enough to post fake news about how down is the Russia and China economy can't even write bad code.

"open source" is good, firstly, because it permits auditing the source code and find the bugs, replace flawed/bad code with safer alternative (for example, the advantage of an open-source C software when porting to OpenBSD is they can replace every occurrence of strcat/strcpy with safer strlcat/strlcpy), sandbox it (on OpenBSD, with pledge and unveil), do privileges separation and revocation, etc.

And I think "you can make sure there isn't malware/backdoors" is the second benefit, NEVER THE FIRST.

Conclusion: Do not blindly trust what is "open source" when you can't even do code auditing.

all 42 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 9 months ago (2 children)

You should not write when you're drunk. You're mixing lot of things and making wrong assumptions. Come back when you're sober so we can have a constructive discussion.

[–] [email protected] 3 points 9 months ago* (last edited 9 months ago) (2 children)

+1, although for me this is somewhat an insult. The English is bad. Nevertheless, the comment will have constructive discussion.

But I haven't found much constructive comment. I want to know if you guys or me is the ignorant. But the most important is getting better.

[–] [email protected] 2 points 9 months ago

If it's langage issue : apologies! Give me some time, i will write you an constructive answer regarding your points.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

The biggest problem is self-contradiction. These two statements are incompatible:

  • “This [auditing] is NOT the most important benefit.”
  • “‘open source’ is good, firstly, because it permits auditing the source code”
[–] [email protected] 0 points 9 months ago

But:

You’re mixing lot of things and making wrong assumptions.

What I'm mixing? What assumptions is wrong??

[–] [email protected] 6 points 9 months ago (1 children)
[–] [email protected] 4 points 9 months ago* (last edited 9 months ago) (1 children)
[–] [email protected] 3 points 9 months ago

Hi there! Looks like you linked to a Lemmy community using a URL instead of its name, which doesn't work well for people on different instances. Try fixing it like this: [email protected]

[–] [email protected] 4 points 9 months ago* (last edited 9 months ago) (1 children)

Years ago Microsoft was going Linux bashing mode.

  • Linux is a cancer

  • Linux is unamerican

  • Linux is communism

And why ? Because of the GPL license.

Many years ago Microsoft already copy pasted BSD licensed code into their Windows 3.x TCP stack and they got away with that because the BSD license is not like the GPL license. Microsoft hated the GPL license and maybe they still do.

  • Is it important to talk about free software or open source software and be a purist about it ? Maybe.

  • Is it more important to get things done, and focus on coding, package maintenance, sharing knowledge ? Maybe.

[–] [email protected] 2 points 9 months ago

I'm talking about what is the first, most important benefit of free software (or open source). The community claims the first and most important benefit is "to make sure there isn't malware in the software". In the post I told them why this is not the most important benefit and the most important benefit is to audit, fix bugs, harden it.

[–] [email protected] 3 points 9 months ago (1 children)
[–] [email protected] -1 points 9 months ago (2 children)

Fine.

I'm talking about people who only debate on matrix/reddit about why this privacy service is more trustworthy. Then when I told them to self-host they reacted aggressively.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago) (2 children)

@[email protected] or @[email protected] can audit for you.

Seriously, that’s what you’re missing. Bob the non-coder can trust Microsoft not to plant spyware in MS products, or Bob can trust some portion of the public (limited to ~8 billion people) to audit the code. It’s easier to trust the public than it is to trust a corporation. It’s not just about quantity of eyes, but having eyes that are more aligned with your interests.

[–] [email protected] 3 points 9 months ago (1 children)

I'm sorry if I made the guy question his life so hard, he deleted his comments.

You summoned me for auditing code? Call me crazy but I'm in, I would actually do it and hand out free threat level and security analysis for you specific use-case / system.

I've been in the industry for 20+ years.

[–] [email protected] 1 points 9 months ago (1 children)

Sounds good.. will be interesting to see if @[email protected] takes you up on the offer!

[–] [email protected] 2 points 9 months ago (1 children)
[–] [email protected] 2 points 9 months ago (1 children)

Hopefully he asks you to audit a tool you might enjoy using or contributing to.

[–] [email protected] 2 points 8 months ago

That would be indeed awesome.

[–] [email protected] 2 points 8 months ago

He actually did not delete his post.

hey I have never deleted any comment

perhaps I'm banned.

In my shallow thought privacy communities nowadays can only whine when company do something harm their privacy. Few like you are much better, and should escape that community or do something to actually revise it.

Your data is not private when you put on other's hard drive. I thought europes are much well-educated than Vietnamese here... but they mostly can't doubt on privacy policy. If I doubt, they call that conspiracy theories and I'm banned. I only think they are so naive. This is just a surprise for me.

feel free to public this message

[–] [email protected] 0 points 9 months ago (1 children)

Why are you attacking me then. There are dipshits all over the place in IT spectrum. You won't see a lot of industry professionals chilling in matrix spaces debating noobs. You had one impression and now you are telling all of us to get a grip. I think you yourself should get some fucking grip.

[–] [email protected] 1 points 9 months ago (1 children)

Curious why do you put yourself in the class of privacy racers.

[–] [email protected] 1 points 9 months ago (1 children)

Because I'm a privacy advocate

[–] [email protected] 1 points 9 months ago (1 children)

!!!

Do you think installing and start using privacy-tool-of-week would improve your privacy?! Do you think proton mail is trustworthy?

[–] [email protected] 1 points 9 months ago (1 children)
[–] [email protected] 1 points 9 months ago (1 children)

I saw the clients are open source, but what about the server??

Anyways, if you put your data on others' hard drive, NOTHING will guarantee the data can be erased on demand.

But well, when the clients is open source, PGP-encrypted messages are mostly safe.

[–] [email protected] 1 points 9 months ago

Except if you get the key from their web client.

[–] [email protected] 3 points 9 months ago (2 children)
  1. Check out repository
  2. Autoformat

???

Never have I ever seen intentionally badly formatted open source code with the intention of making contributing difficult

[–] [email protected] 1 points 9 months ago

Sorry, I'm exaggerating on this.

But did you heard about libressl developers on openssl code?

[–] [email protected] 0 points 9 months ago

The main problem is, do you audit the source code YOURSELVES?

Or it is just "open source" and no one have eyes on. But get blindly recommended.

[–] [email protected] 2 points 9 months ago (2 children)

Lemmy clients need a feature to automatically hide poosts by accounts less than X days old...

[–] [email protected] 1 points 9 months ago (1 children)

Why? It'd be better to hide post at -5

Duolingo forum do that.

[–] [email protected] 1 points 9 months ago

Hiding opposing or thought provoking opinions just because the mob don't like it or agree with it is a bad design which prevents any kind of meaningful discussions and tend to create bubbles. Upvoting and downvoting is not used in the way it was intended for. I'd rather flag posts as spam or low effort which makes the intention clear.

[–] [email protected] 1 points 9 months ago

I had no clue this post happened couple days ago. Tried talking through his thick skull, failed miserably. Kicked out.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago) (1 children)

When I install a new software, sure I don't start auditing the souce code but the developement of a software is a process and I trust that all the contributors and distributors have eyes on it and know what changes a release contains. It's very hard to sneak in shenanigans into popular repositories. And an opensource software can quickly lose the trust of the community and get replaced if it makes bad turns. In non-free softwares I don't have this assurance.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

I'm not recommending proprietary.

I'm clarifying about the benefit of free software: The most important is permission to audit, fix bugs, sandbox it with pledge(2) and unveil(2), NOT "to make sure the software doesn't carry malware".

And I'm alarming: You guys are racing on "open source" but don't actually audit the source code. Because you guys can't even code and do not intend to become experts. So the benefit that you guys think the most important become useless. Thankfully there are experts in your community to audit and fork whenever they want.

And an opensource software can quickly lose the trust of the community and get replaced

(Such small open source project shouldn't care if they want to make quick money :) ) I think they wouldn't care if they have malicious intention

[–] [email protected] -1 points 9 months ago* (last edited 9 months ago)

I think what you guys hate the most is the "This is not correct, and true GNUism won’t accept it. But it is flawed because, you guys don’t even have the knowledge to do coding. You guys are activist/“journalists” working for CIA"

Both c/privatelife and privsec.dev+grapheneos community is "sponsored" by Richard Stallman I think? Although privsec and the grapheneos community tend to welcome blobs, both c/privatelife and they are same in racing on "open source" and privacy tools.

Only "journalists" working in CIA would like to do that. People learning programming wouldn't care.

An year in the privsec.dev & madaidan's community and grapheneos community helped me nothing with programming. It should be the same for this community.

[–] [email protected] -2 points 9 months ago