NomenNescio
Member
Lately I've been trying to learn a bit more about privacy in digital communications. One thing that I constantly detect is the general repulsion to "closed" software and a hard bj to everything that is open source. The impression I get is that it somehow has to do with how "trustworthy" a particular program can be. If it's closed, then the community can't verify if the program actually works the way the developer promises, or if it has some kind of back door that compromises security or privacy. If it's open, then "anyone can see the code, find vulnerabilities and report them".
I'm sorry if I'm being ignorant, but to me that sounds super retarded, and considering how cynical the privacy community is, I can't actually believe this people can have such a naive way of thinking about this subject. The argument in favour of open source software is based in the assumption that the people who find the gaps in the code will act in good faith, and report the vulnerabilities in order to correct them. That's one big, motherfucking assumption. What if they just shut up and exploit the vulnerabilities instead? Isn't that the most likely scenario?
This "open source" fad is like publishing your house security system on Facebook or Twitter, and expecting "the community to report the vulnerabilities". Never go full retard.
Secondly: who the F is actually going to take its time to review a code? Obviously not your average Joe user, it will most likely be someone who is trying to exploit the software.
And last, but not least: being open source isn't a verification or guarantee of anything. You can't trust shit even if it's "open source". How do you know the code that they published is the one actually implemented in the program they make available for download? You know, the one that's actually running in your computer?
In the same line of thinking, I would argue that closed software that has been audited by reputable third parties is actually more secure. I mean, if I'm in charge of the opsec of a program, the last shit I want is my shit completely exposed to everyone.
I understand some companies just want to come off as transparent as possible but I just can't stand this "open source or nothing" line of thinking when it comes to debating the trustworthiness of a software. You can't trust shit. Not open, not closed. You never know what's running on your machine.
Please enlighten me if I'm wrong.
I'm sorry if I'm being ignorant, but to me that sounds super retarded, and considering how cynical the privacy community is, I can't actually believe this people can have such a naive way of thinking about this subject. The argument in favour of open source software is based in the assumption that the people who find the gaps in the code will act in good faith, and report the vulnerabilities in order to correct them. That's one big, motherfucking assumption. What if they just shut up and exploit the vulnerabilities instead? Isn't that the most likely scenario?
This "open source" fad is like publishing your house security system on Facebook or Twitter, and expecting "the community to report the vulnerabilities". Never go full retard.
Secondly: who the F is actually going to take its time to review a code? Obviously not your average Joe user, it will most likely be someone who is trying to exploit the software.
And last, but not least: being open source isn't a verification or guarantee of anything. You can't trust shit even if it's "open source". How do you know the code that they published is the one actually implemented in the program they make available for download? You know, the one that's actually running in your computer?
In the same line of thinking, I would argue that closed software that has been audited by reputable third parties is actually more secure. I mean, if I'm in charge of the opsec of a program, the last shit I want is my shit completely exposed to everyone.
I understand some companies just want to come off as transparent as possible but I just can't stand this "open source or nothing" line of thinking when it comes to debating the trustworthiness of a software. You can't trust shit. Not open, not closed. You never know what's running on your machine.
Please enlighten me if I'm wrong.