this post was submitted on 07 Aug 2023
255 points (92.6% liked)

Privacy

31868 readers
254 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 21 points 1 year ago* (last edited 1 year ago) (1 children)

Your comment got me curious so I had a look.

From their FAQ:

Will Magic Earth be Open Source?

No; since it is also used commercially (we have a paid Magic Earth SDK for business partners), we cannot make the code public.

[–] [email protected] 16 points 1 year ago* (last edited 1 year ago) (2 children)

Oh ok so there is no way to independently verify its privacy or security. Garbage.

[–] [email protected] 7 points 1 year ago (1 children)

I think you have a wrong understanding of software auditing. Software can be closed source and 3rd party auditors can assess if it has good privacy and security implementations.

Being closed source doesn't necesarily mean it's bad (for privacy/security).

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (1 children)

But then you have to trust, 1, the auditors (I assume by your comment you mean the people given closed door access to the code, reviews it, then publishes a statement saying their claims are valid, that kind of third party auditing?); 2, the code they disclosed to the auditors is the actual complete codebase; 3, that between the current version and the next they did not add anything fishy; and last but not least, 4, the binaries they give you is actually built from that codebase and nothing else, since you can't build it yourself if you're really that worried.

I don't fully disagree that you can have a private and secure third party app, sure you can, but I argue that there are some really big hurdles and you can never have 100% trust in it. Whether these things is a dealbreaker depends on your own values, opinions, and threat model, of course.

I suppose you can also decompile it and analyze it that way, but that's very difficult and compared to reviewing an open source app, pretty much no one is going to do it. You also don't have the same level of community attention and contribution as an open source project where people are forking it, sending pull requests, and going through the codebase to learn how it's implemented in order to develop their own projects, all of which gives many opportunities for other developers, usually ones very concerned about privacy and security themselves, to notice and sound the alarm on unethical or insecure code in the app.

[–] [email protected] 4 points 1 year ago

How many people are actually auditing an open source app themselves though? And if they don't, they again need to trust others' opinion.

[–] [email protected] 3 points 1 year ago

Atleast its based in the EU, but yeah hard to tell what the black box does