• Stuka@lemmy.ml
    link
    fedilink
    arrow-up
    9
    arrow-down
    2
    ·
    1 year ago

    Whens the last time you personally checked the source code of an app?

    • tired_n_bored@lemmy.world
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      The good thing about open source is that I don’t have to necessarily do that as there’s a big community behind it. The thing that itches me is that even if I would, I couldn’t be able to in the case of Sync.

      To answer your question, not too long ago, and it did not require too much time. I could see what libraries were imported thanks to a tool and decided it was likely not sketchy.

      • Catweazle@social.vivaldi.net
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        @tired_n_bored @Stuka, the bad thing of FOSS is when it don’t have a great community and an active developement, then it’s also open for hackers. A normal user can’t check if a somewhat bigger app has a dangerous script or an security hole, even if he has the source code. Nobody check it, not even devs, except if they want to fork it, less users which are convinced that it’s synonym of security and privacy, it isn’t, it’s not the sense and proposit of FOSS.
        Expl of a FOSS
        https://www.virustotal.com/gui/file/60a309e91ba1039c3527053867e0e210ff2e18628a01acc264d82430e6436889/detection

        • tired_n_bored@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          True, but we’re talking about clients here. If hackers want to hack Lemmy they wouldn’t be able to do that by looking at the source code of, let’s say, Jerboa.

          In general your observation is right tho, but still, I like to have control over my software. We all have different point of views and it’s totally okay to live according to them, especially when it comes to something as shallow as which apps and programs to use.

          I’d like to add that if a piece of software is vulnerable, it is vulnerable regardless of its openness. Surely hackers would have a more difficult time when it’s closed, but it’s a matter of time before it’ll be exploited.

          • Catweazle@social.vivaldi.net
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            @tired_n_bored, most secure if a FOSS is selfhosted, but only if you have and use an own server, for a lot of user because of this, it isn’t an option when they don’t have the needed trust to a third party server.
            Anyway, it’s very important, something nobody does, except me, to read the PP and TOS of a product, there are often bad surprises, independent if it’s FOSS or not.

          • Catweazle@social.vivaldi.net
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            @tired_n_bored, I also prefer FOSS, but as I say, it’s very important to control which, it’s risky to use FOSS if it’s outdated, unatended and lacks an active community. In this case I prefer an alternative of a small startup, even if it isn’t FOSS. F.Exampl one of my favorite is this one, a hobby project of 2 electricians
            https://www.ssuitesoft.com/categories/webapps.htm

            Avoiding only proprietary soft of big corporations which create incomming with surveillance advertising, profiling the user to sell this data.

      • Stuka@lemmy.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        2
        ·
        1 year ago

        Sounds like what you checked for is the 6 minute youtube tutorial. If someone’s trying sneak shit into an open source project they aren’t gonna import Keylogger. You gave yourself warm and fuzzies without checking anything.

        • tired_n_bored@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          I personally feel that open source gives me technological freedom. I’m free to change something if I don’t like it, freedom to analyze the code, freedom to fix something etc, which closed source software takes away from me even if I don’t exercise that right.

          For example I’d rather live in a country with freedom of speech even if I had nothing to say, because if I wanted, I could do it.

          As I said in another comment, it must exist a balance. If an app is closed source but way much better than an open source alternative, then it’s probably wiser to use that. The thing I do not agree with you is saying “FOSS is useless because I don’t check the code”, but you do you and have your opinions, that’s alright.

          Don’t assume people who disagree with you to be stupid, because that’s the vibe I got from your comment. I think I am intelligent enough not to give myself warm and fuzzies over something so shallow, knowing from the beginning that my “analysis” was never supposed to be an audit.

          P.S. I’m not blaming you, nor anyone else, for using what suits you the best.

          • Stuka@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            I never presented the opinion that FOSS is useless. I’m saying FOSS isn’t inherently more secure or private than a commercial or closed source app.

            Sometimes FOSS apps are great, often times they are janky…which has been my experience with every FOSS lemmy app I’ve tried. Sometimes too their overall value compensates for the jank, but not here imo.

            I’ve just noticed that a lot of the privacy focused or obsessed often just roll with what they know or what they read, while still taking big leaps of trust with total strangers and thinking they’re perfectly secure and seemingly ignoring that threats even exist in that environment.

    • starman2112@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      I’m pretty sure I heard a story about an open source Minecraft hack client that was openly stealing discord authentication tokens, and nobody noticed for weeks because the only people who check the source code are people who plan on modifying it

      • tired_n_bored@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        But it was discovered. What if it was not open source?

        But in general open source means freedom. Freedom of not being subject to the developer’s choices, freedom to analyze the code etc