I know a few popular open source apps that are straight up insecure. When pointed out, people will call you a corporate shill lol. “Someone must’ve read the code” is what they say. Yes, I did and I’m telling you its no good.
[deleted]
Submitted 9 months ago by ForgottenFlux@lemmy.world to privacyguides@lemmy.one
[deleted]
Comments
driveway@lemmy.zip 9 months ago
taladar@sh.itjust.works 9 months ago
Similarly, proprietary software can be secure despite being closed-source.
That depends entirely on your threat model and the kind of relationship you have with the software vendor. Software might be proprietary and closed source but e.g. you might be the only customer and did get to engage an auditor which could see the source code. Or it might be off-the-shelf software made in a country trying to spy on your company or country. In some of those cases it literally can not be secure for your threat model.
LWD@lemm.ee 9 months ago
j4k3@lemmy.world 9 months ago
Plus, not many are willing to compile or even try/have the skill to read in to the code. Even with something like Vanadium on GrapheneOS I’ve encountered eyebrow raising behaviors I do not like.
degen@midwest.social 9 months ago
I’m curious since I’m using graphene. What have you encountered?