So, given my titular question - should any product be evaluated for only what it is, promises, and can deliver, or should the humans and entities behind them also be accounted for in such an evaluation for the quality of the product for all that it does, can do, and promises?
Which camp do you stand in and why? Or do you think we should be asking another question instead to get to the bottom of my titular question?
Well, the first question would be understanding what categories should we be looking at.
For example, NovaCustom’s laptops are great if you need a reliable Qubes laptop reseller with enhanced protections against physical attacks. You may reconsider their smartphones though because they lack the same type of protections that downloading GrapheneOS on a Pixel may offer.
Since these categories change per individual threat model, there isn’t much here we can evaluate on besides hard facts and word-of-mouth. Who knows, maybe there is someone who only cares about Big Tech surveillance and would prefer iodeOS because it is based in Europe. Nevermind the facts which state that Europe can be quite tyrannical in this regards…
Heavy emphasis on community trust There are quite a lot of grifters in this space. Believing the wrong person or a random company could be dangerous.
This. Products are not independent of the people who make them. It takes massive mental gymnastics to convince yourself that a product can be good even if the dev / leader (whatever word you want to use) is terrible. Having the people who make these products held accountable for their actions is a good thing.
Its up to the individual consumer to choose what about these people changes their perception of a product that person(s) creates but, every consumer deserves the knowledge to make that choice.
With regards to the titular question I think track record is the biggest thing. For new products its about giving that product enough time to create a track record to evaluate and for established products its about looking at their records, seeing the claims they made and, what turned out to be true and verifiable.
In our latest livestream I shared some thoughts on this topic which essentially boiled down to this being a question of your personal morals. Since Privacy Guides is not the morals police the answer to this question does not actually really change anything for us, because we will continue to share and discuss all relevant information, and people from each camp can decide what’s important to them once they have all the facts.
Disregarding Privacy Guides though, I think for a lot of people this comes down to the complexity of the product/tech, and I think for most people, trustworthiness will indeed always be a factor.
However, it doesn’t necessarily have to be trust in the original developer(s). It’s probably more of a “web of trust” situation where people can evaluate something based on how many other people they reasonably trust will vouch for that thing.
I think generally, products need to be assessed by their own merits. It depends a little on the nature of the product though. How easily would you be able to know if the product is turned aginst what you care about? How easily would you be able to avoid those consequences? How much does your usage or acquisition of the product benefit their creator?
Also, it’s near impossible to really know the people behind the product. Some things can be blown out of proportion and/or taken out of context. One problem with the internet is that there’s a permanent recort of everything, so if you ever make an unfortunate comment that you regret and made in a moment of weakness, it stays online forever, and you might be judged by it at any point in the future, forever. So I don’t think it’s easy to evaluate a person for a few actions or comments I see online.