• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Why are "open source" apps so revered in the privacy community?

angrod14

Member
Lately I've been trying to learn a bit more about privacy in digital communications. One thing that I constantly detect is the general repulsion to "closed" software and a hard bj to everything that is open source. The impression I get is that it somehow has to do with how "trustworthy" a particular program can be. If it's closed, then the community can't verify if the program actually works the way the developer promises, or if it has some kind of back door that compromises security or privacy. If it's open, then "anyone can see the code, find vulnerabilities and report them".

I'm sorry if I'm being ignorant, but to me that sounds super retarded, and considering how cynical the privacy community is, I can't actually believe this people can have such a naive way of thinking about this subject. The argument in favour of open source software is based in the assumption that the people who find the gaps in the code will act in good faith, and report the vulnerabilities in order to correct them. That's one big, motherfucking assumption. What if they just shut up and exploit the vulnerabilities instead? Isn't that the most likely scenario?

This "open source" fad is like publishing your house security system on Facebook or Twitter, and expecting "the community to report the vulnerabilities". Never go full retard.

Secondly: who the F is actually going to take its time to review a code? Obviously not your average Joe user, it will most likely be someone who is trying to exploit the software.

And last, but not least: being open source isn't a verification or guarantee of anything. You can't trust shit even if it's "open source". How do you know the code that they published is the one actually implemented in the program they make available for download? You know, the one that's actually running in your computer?

In the same line of thinking, I would argue that closed software that has been audited by reputable third parties is actually more secure. I mean, if I'm in charge of the opsec of a program, the last shit I want is my shit completely exposed to everyone.

I understand some companies just want to come off as transparent as possible but I just can't stand this "open source or nothing" line of thinking when it comes to debating the trustworthiness of a software. You can't trust shit. Not open, not closed. You never know what's running on your machine.

Please enlighten me if I'm wrong.
 

Sakura

Member
You can check the code yourself if you don't want to assume the community will do it for you.

The average joe doesn't give a shit about whether something is open source or not, so not sure why that would be relevant.

If it's open source you could just compile the code yourself if you don't trust whatever provided installer.

All that being said I don't really care personally.
 

Mistake

Gold Member
Open source software sometimes has sponsored "bug hunts," where people will get something for finding vulnerabilities. Also, you're really misjudging people who follow this stuff and how much they get off from exposing bad code. It's a way to show skill and 1up whoever did the programming.
 
Last edited:

Ragnarok

Member
Hey there mate, not sure if you know this but the computer science community is one of the biggest groups of autists collectively out there. Any group more autistic than them would be non functioning members of society. If it’s even semi popular and open source, the code’s been looked at pretty extensively.

You ever met a Linux user?
 

Pegasus Actual

Gold Member
In the same line of thinking, I would argue that closed software that has been audited by reputable third parties is actually more secure. I mean, if I'm in charge of the opsec of a program, the last shit I want is my shit completely exposed to everyone.
Yeah man every day when I'm writing code, my employers are telling me "keep an eye on the opsec" and to prepare for the "reputable third party audit".
 
Top Bottom