It’s not that all open source software is a panacea for privacy and anonymity issues. It’s that closed source software can’t be verified. There can be no trust without verification. I suppose its possible for a third party to audit, and that’s better than nothing I agree. But it’s sort of looking the other way from obvious existence of corruptuon and assuming that it isn’t possible. A third party audit of closed source software is also better than open source software which is not audited by anyone because barely anyone is using it (no one really talks about that). But it’s not certain privacy.
If you simply say, “I need to use this, so I’m only using it in public contexts and isolating it from environments I want to be private”, that’s fine.
But if you are saying, “I don’t know for sure this is private but I believe it is,” then you are just delusional. You are like health nuts taking vitamins and eating raw foods and following fad diets because you believe in it and it makes you feel good. But that’s all it is.
Now, throw in a threat model. Assign weight (importance) to each outcome result of the above information.
The person that said this has the best defense against this black and white reasoning. But it doesn’t mean the black and white reasoning isn’t useful. And the person who is discarding the binary view of it should be doing so after admitting the flaws in assuming that a closed source solution is exactly what it claims.
It depends. There are many factors into making your own decision. In the end it’s all about trust. Let’s say someone you know developed a close-source project for financial reasons. But you trust that person. Are you delusional? Even if you know that person, they could potentially backstab everyone breaking that trust.
You could extrapolate that example. It could be a person you don’t personally know, but based on interviews, experience, what they did in the past, etc. You could trust them even if it’s a closed source project.
Trust isn’t something you you can securely give out wholesale to any person. Trust has a context.
For example, I trust my mother not to steal money from me, but I know that if we gossip about mutual acquaintances, I can trust that she will not be able to stop
herself from gossiping with other people about what we talked about.
I trust my brother to come back from the store with change and a case of beer if I give him a 100 dollar bill. But I also trust that he will buy a pack of cigarettes and hope that I won’t say anything about it.
The context around trust also mutates over time. For example if you’re doing business with someone and they are giving you good prices, it’s because you have repeated current business, they know that you’re aware of the market, and they know you’ll get a better price if they don’t come to table for you. However, in the future, your business partner may not be able to get those same good prices and might possibly try to lie to you.
The imaginary brother from the previous example: If I have not seen him for a year. In that time he might have picked up a cocaine habit which makes him unable to pay his bills. After thinking about not seeing for over a year, he might decide it’s worth it to just run with the money.
The same is true of companies, which we’ve observed repeated patterns of “enshitification” over time. How many companies that started off intending to be privacy focused have become liars.
The concept of “Zero Trust” exists for a reason, because you have to start there. You cannot trust without verification, and anyone who thinks otherwise is not trustworthy. Maybe they don’t all have bad intentions, but they have a vulnerable view of the world which will result in their exploitation.
You could use most proprietary software privately by simply removing the network permissions
True, but only if its a hardware disconnection of the network.
Although the use case for software that is isolated from networks is drastically diminished. The most likely scenario is the person will start here and the first time they need to conneect to a network briefly they will just shrug and go, “it’ll be fine.”
If you’re going to set up an environment you have to anticipate your own behaviors which will not always be perfect or unprone to error.
There is a fundamental difference from seeking “privacy” as feel good idea for something where leaks aren’t really going to affect you in a tangible way, and privacy where there are adversaries and you all caps CANNOT leak.
I think it’s fine if you admit, “I don’t have any adversaries like that, I don’t care that much.”
But then why are you on a privacy forum discussing privacy, encouraging others to implement your lax approaches?
I agree with everything you said, but it’s still not that simple.
Sometimes, you need ‘Trust’ even in open-source projects. Some people jumped ship from Firefox because of their latest poor communication fiasco. Trust applies here.