this post was submitted on 03 Jul 2024
1032 points (98.2% liked)

Technology

57455 readers
4640 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
1032
Proton launches privacy-focused Google Docs alternative: Docs in Proton Drive is an open-source, end-to-end encrypted collaborative document editor (proton.me)
submitted 1 month ago by [email protected] to c/[email protected]
187 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 11 points 1 month ago (14 children)

I imagine it probably is inspected, just not by the public. They probably do it themselves.

And they may have contracts with certain companies specializing in this sort of security that also inspect it.

And there's also the cybersecurity companies that test it whether they're contracted or not. At some companies, their entire job revolves around finding bugs (especially security bugs) in other companies' software.

Just because it's not on GitHub doesn't mean it's not a good product that hasn't been thoroughly tested.

[–] [email protected] -2 points 1 month ago (2 children)

You realize that Microsoft code is inspected as well, even more heavily and regulated... and yet they still end up with major breaches. Security evolves through open source collaboration and inspection by experts that aren't being paid to say you're doing a good job.

[–] [email protected] 1 points 1 month ago (1 children)

You are making a lot good points... But is there any other practical solution?

Seems this is the best a normie on budget can get

[–] [email protected] 3 points 1 month ago

They're not actually good points at all... Proton's open sourcing of the clients is for the purpose of trust in terms of security and privacy. The backend doesn't matter because the point is that the data is encrypted before it ever gets to the backend. The goal with Proton's open sourcing is not the ability to make it self-hostable. Sure, a lot of concerns are valid, but this isn't like Microsoft or Google. Nearly all of Proton is verifiably and provably secure. Well, at least as long as you trust the web clients being served are the ones whose code is publicly available. But again... You can't verify that with any SaaS. Such a risk is even present with self-hosting tbh. But that's another discussion.

load more comments (11 replies)