I’m pretty sure I heard a story about an open source Minecraft hack client that was openly stealing discord authentication tokens, and nobody noticed for weeks because the only people who check the source code are people who plan on modifying it
The good thing about open source is that I don’t have to necessarily do that as there’s a big community behind it. The thing that itches me is that even if I would, I couldn’t be able to in the case of Sync.
To answer your question, not too long ago, and it did not require too much time. I could see what libraries were imported thanks to a tool and decided it was likely not sketchy.
Sounds like what you checked for is the 6 minute youtube tutorial. If someone’s trying sneak shit into an open source project they aren’t gonna import Keylogger. You gave yourself warm and fuzzies without checking anything.
I personally feel that open source gives me technological freedom. I’m free to change something if I don’t like it, freedom to analyze the code, freedom to fix something etc, which closed source software takes away from me even if I don’t exercise that right.
For example I’d rather live in a country with freedom of speech even if I had nothing to say, because if I wanted, I could do it.
As I said in another comment, it must exist a balance. If an app is closed source but way much better than an open source alternative, then it’s probably wiser to use that. The thing I do not agree with you is saying “FOSS is useless because I don’t check the code”, but you do you and have your opinions, that’s alright.
Don’t assume people who disagree with you to be stupid, because that’s the vibe I got from your comment. I think I am intelligent enough not to give myself warm and fuzzies over something so shallow, knowing from the beginning that my “analysis” was never supposed to be an audit.
P.S. I’m not blaming you, nor anyone else, for using what suits you the best.
I never presented the opinion that FOSS is useless. I’m saying FOSS isn’t inherently more secure or private than a commercial or closed source app.
Sometimes FOSS apps are great, often times they are janky…which has been my experience with every FOSS lemmy app I’ve tried. Sometimes too their overall value compensates for the jank, but not here imo.
I’ve just noticed that a lot of the privacy focused or obsessed often just roll with what they know or what they read, while still taking big leaps of trust with total strangers and thinking they’re perfectly secure and seemingly ignoring that threats even exist in that environment.
Whens the last time you personally checked the source code of an app?
I’m pretty sure I heard a story about an open source Minecraft hack client that was openly stealing discord authentication tokens, and nobody noticed for weeks because the only people who check the source code are people who plan on modifying it
But it was discovered. What if it was not open source?
But in general open source means freedom. Freedom of not being subject to the developer’s choices, freedom to analyze the code etc
The good thing about open source is that I don’t have to necessarily do that as there’s a big community behind it. The thing that itches me is that even if I would, I couldn’t be able to in the case of Sync.
To answer your question, not too long ago, and it did not require too much time. I could see what libraries were imported thanks to a tool and decided it was likely not sketchy.
Sounds like what you checked for is the 6 minute youtube tutorial. If someone’s trying sneak shit into an open source project they aren’t gonna import Keylogger. You gave yourself warm and fuzzies without checking anything.
I personally feel that open source gives me technological freedom. I’m free to change something if I don’t like it, freedom to analyze the code, freedom to fix something etc, which closed source software takes away from me even if I don’t exercise that right.
For example I’d rather live in a country with freedom of speech even if I had nothing to say, because if I wanted, I could do it.
As I said in another comment, it must exist a balance. If an app is closed source but way much better than an open source alternative, then it’s probably wiser to use that. The thing I do not agree with you is saying “FOSS is useless because I don’t check the code”, but you do you and have your opinions, that’s alright.
Don’t assume people who disagree with you to be stupid, because that’s the vibe I got from your comment. I think I am intelligent enough not to give myself warm and fuzzies over something so shallow, knowing from the beginning that my “analysis” was never supposed to be an audit.
P.S. I’m not blaming you, nor anyone else, for using what suits you the best.
I never presented the opinion that FOSS is useless. I’m saying FOSS isn’t inherently more secure or private than a commercial or closed source app.
Sometimes FOSS apps are great, often times they are janky…which has been my experience with every FOSS lemmy app I’ve tried. Sometimes too their overall value compensates for the jank, but not here imo.
I’ve just noticed that a lot of the privacy focused or obsessed often just roll with what they know or what they read, while still taking big leaps of trust with total strangers and thinking they’re perfectly secure and seemingly ignoring that threats even exist in that environment.
I misunderstood your previous comment then. Apologies for that
deleted by creator