But criterias are supposed to be assessed in an objective manner, and there is really no way to asses whether something doesn’t need to be open-source, that’s just a personal opinion. With the “only if possible”, the interpretation is way narrower.
This is a hypothetical question: If there are enough providers offering a comparable open-source service, we would likely need to remove Ente (or wouldn’t even recommended it in first place). However, if there are not enough alternatives (there would be only Stingle left), we could retain Ente, even if it is proprietary, in that scenario.
1 Like
I dont mind if we keep changing the criteria every time. For me it is fine but it seems to often lead to confusion in the community.
What i care for is that we at least keep recommending the best option regardless of it being open source or not.
2 Likes
I am saying we subjectively design our criteria based on what we feel is a solid mix of community consensus and evidence-backed objectives, and then objectively evaluate tools against that (subjectively chosen) criteria.
This is why I don’t want to define any requirements for our criteria in the first place, because the criteria is dynamic and we need to be able to choose the best criteria for any given situation regardless of past decisions.
3 Likes
Well i agree that is the usual gist. But we have been blocking f.x. Grayjay from inclusion because of these two open source discussions. Which frankly i think is wrong. It right now is the most stable app on Android to watch Youtube with more privacy.
If this is the case, we should have removed Strongbox and added Keepassium to the recommendations.
Well yeah and i am not in favour of that if the other options are not an equal offer yet.
I think Ente is more mainstream friendly with good UX for the average Joe. Which has more potential to be used by non techies
So i guess UX > open source for me. In order to get more people to live in privacy.
Well we have been doing that unnecessarily. There was really no reason to define “open source,” at least when it comes to the Grayjay PR.
The only thing we’ve ever had to do in order to add Grayjay is to simply change the criteria on that page, something which is very much within the realm of possibility regardless of all these discussions.
3 Likes
Definitely not the other way around! And requiring FOSS absolutely aligns with the kind of recommendations as a privacy community we’d want to make.
A good comparison isn’t “flaky open source” vs “super good proprietary software”, but what kind of freedoms are table stakes with software when it comes to privacy and security.
It seems to me that ownership is important for privacy. When I “own” something, I naturally feel free to do what I wish, discreetly if needed. In case of software specifically, ownership of the code[1] grants me the freedom to remove whatever I deem as intrusion of privacy. Granted, not everyone is a developer, but then, not everyone is an architect / civil eng, but they do own homes, even if they can’t modify them. A rented space may also afford privacy, but it can also be nigh on impossible to rid of unauthorized intrusion / observation (or put up more walls and shades).
On this point, you’re right. PG can begrudgingly recommend closed source projects where FOSS alternatives aren’t well-resourced, for example.
imo, whatever is in the hands of the end-user (ex: app / website / client code) is the code that preferably is FOSS. ↩︎
5 Likes
Well i rather recommend something propriatary with e2ee over something not e2ee and open source. I just think other factors are at least way more impprtant for privacy.
I also support all the things you like to see in a product. We just disagree that this is required for privacy. I think it sadly is often the oposite due to open source projects not being on the same playing field either on security or user experience. User experience is underrated by many generally, but it is key to adoption.
It is clear that the community seems to think different on this, so I accept my failure to convince you all. I forsee that we often will have to scratch the requirement for new and better players.
1 Like
The problem with your argument is that you think we’re suggesting that we prefer something not e2ee, as long as it is open source. This is simply not the case. We’re just saying that open-source is better and should definitely be a criteria among many, whenever possible.
For instance, if there is 1 program proprietary with far better security, audited and a good reputation vs 2-3 other programs open-source with questionable security and that hasn’t build their reputation and don’t have audits yet, then I’m pretty sure most people here would agree that the 1 program proprietary would be better to use.
2 Likes
Yeah but you also dont understand me 
I am trying to explain that if this criteria changes based on the availability it isnt a real requirement. The moment a better offering comes around thst isnt open source we will now recommend it anyway. I am happy about that but it doesnt make sense.
2 Likes