I don’t think one can live a meaningful life without taking on some form of risk.
Sure I can’t know with 100% certainty that companies like Yubico aren’t taking advantage of me, but I believe I am much better for owning and using two Yubikeys than not. (I didn’t know about Nitrokey when I bought them and I’m not convinced they are the better option).
I think everyone would be better off if they understood the risks they enter into and then choose to do so. Most people don’t understand the risks of allowing their phone to have WiFi turned on all the time. If they did properly understand it many still would leave it turned on and I don’t think they should be shamed for that choice.
I know two instances of the phenomenon you are describing happening:
With Vim and Neovim, this was when maintainers got impatient with Vim PRs and got it done by forking. Whether that decision is good or bad is debatable.
This is among the worst crimes done in the FOSS landscape, but the solution that could have been chosen back then wouldn’t be Tatenbaum making MINIX closed source, but giving it the GPL license.
When I said Apple was good with user privacy, I meant keeping the user data out of the hands of other companies, but I’m not as certain how much access Apple has to users files…
Thank you for providing GNU’s website as a valuable resource for insights into consumer rights, which includes the right to privacy. I had never heard of them, but the articles are very compelling. It reminds me a lot of Louis Rossmann’s Consumer Protection database, which he launched earlier this year. It also documents many of the issues related to privacy.
GNU is not a valuable resource, they engage in so much FUD it’s depressing. Not to mention being very selective in their definitions (see: their stupid contradictory stance on closed source firmware). I tried to find a specific example on their “malware” page but so many things were just half-truths and exaggerations I couldn’t decide on a single one
Oh, my bad. I didn’t realize. Can you go into a specific example for which they are unreliable? I want to understand better. Because so far, the few articles I read were very compelling to me. I like that it documents examples of companies doing wrong. Often when I have discussion with friends and family about these issues, I have to find the examples I am referring to so they’ll believe me.
link to “deGoogled version” they recommend is to /e/OS which you can search on the forum to see why it’s a dumpsterfire (not to mention the idea of degoogling being a bit misguided in the first place, which again, is discussed elsewhere on this forum)
I have plenty of issues with GNU but I have yet to find similar resources which actively document abuses of proprietary software including invasions of privacy and tyrant “security”. I wouldn’t be surprised if they occasionally exaggerate or misrepresent some things, but I’d rather people be aware that Apple isn’t all that great even if it comes at the cost of them not having a perfectly accurate understanding of why or to what extent. I’d be happy to direct people to another resource once I find one.
Not from the Apple article I shared but I find it interesting that you didn’t take issue with the main point which shows an example of Google’s supposed invasions of privacy and potentially imposed security risks. While I didn’t thoroughly investigate that particular issue myself, I do recall a lot of people sharing that story without any push back so I assume it’s a mostly accurate and legitimate concern GNU is sharing.
Again, not from the Apple article but that’s incredibly embarrassing for GNU.
GNU overstated the certainty that this was a backdoor, but I recall many I.T. and cybersecurity experts agreeing that it was likely. I even remember Steve Gibson all but agreeing that the NSA is the prime suspect, especially when you consider their history of deploying backdoors.
Again, I won’t argue GNU is great, but the point that proprietary hardware/software is used to abuse users in ways which negatively affects their privacy or security still stands, many of those incidents are imperfectly documented by GNU.
I would agree. I think GNU/FSF is actually pretty consistent and a reliable source of information about the issues they fight for.
The problem is mostly that people take their claims and information and draw incorrect conclusions from them about issues other than what the FSF focuses on.
The FSF focuses on user autonomy/freedom over all else. If this is important to you, then they are correct that free and open-source software is a requirement.
It is our general position that this is not necessarily a prerequisite for privacy and security, however, which is an entirely different issue than user autonomy. Our position is that you can achieve privacy as long as you understand and give informed consent to how your data is being handled, even while you give up some powers to the developers of applications instead of retaining them yourself.
The majority of our recommendations are open source, but this is a not a case of open source causing the recommendations to be more private or secure. It’s just the case that caring about user freedoms and caring about privacy/security tend to be pretty correlated.
When we find exceptions to this, we are still happy to recommend those tools, because we understand this fact.
All this being said, it is true that companies that care about maximum security as their top priority would always open source their code, because they would understand that 1) security through obscurity is not a real defense and 2) lowering the barrier to contributions and patches that can be shared and learned from by everyone in the space improves security across their industry as a whole.
However, realistically maximum security is not most companies’ top priority, even when they are making privacy/security products, so we don’t hold this against them too much.
The banking app in the Claude 3 example, being a security app, should in my opinion publish the code and make it possible to inspect it, it could still have a license that made copying/re-selling/re-using the code illegal.
Eh, remember, this is the same org that bent over backwards to justify why closed source firmware is actually okay if it can’t be updated because uhhh…
I think that open source is awesome and pretty important for security and privacy too as has been litigated in this thread, but GNU and FSF are not good representatives of it
why would I take issue with them when they happen to be right? you can start off with something correct and then come to a stupid conclusion, which is what that example is pointing out
Admittedly the lead of the main source that I trust on apple silicon had a bit of a crashout these past couple months, but Asahi Linux were saying this is likely some development debug thing, and I would trust their take when they reverse engineer things so much for that platform.
and ultimately this is what I take issue with
Yep, and GNU/FSF are terrible stewards of that stance in my opinion.
The main concern is, if a lot of people are using an open source and the app code isn’t securely audited, this incentivise hackers to hack into the app and possibly into your OS and then well, privacy isn’t really something you will have
Software licensing does not imply anything about code quality. You can have some architectural masterpieces closed source, and some horrendous code available for the public to see.
FOSS certainly permits the ability of the person getting the code to be able to review it, but that’s it. It can provide a sense of trust that issues could be caught by users and before running the code, but that is not always the case and shouldn’t assumed to be bullet proof.
Don’t forget that the number of developers doesn’t mean they’re all actually looking at the whole program. There could be a class with a vulnerability that no one’s looked in for five years because there was no reason to open it up.
