Some people believe open-source tools to be weaker since all the code is there for malicious actors to exploit.
this post was submitted on 15 Jan 2025
20 points (100.0% liked)
Privacy
795 readers
50 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
I don't understand this mindset.
In open source, both malicious actors and contributors will try to find problems.
In closed source, the development team is paid by hour (and probably don't care about the product quality) and the only motivated people to find real issues are malicious actors.
But people still consider closed source safer.
In my experience the "privacy and security" argument is a smokescreen.
The real reason is that it makes someone else responsible for zero-days occuring, for the security of the tool, and for fixing security problems in the tool's code. With open source tools the responsibility shifts to your cybersecurity team to at least audit the code.
I don't know about your workplace, but there's no one qualified for that at my workplace.
A good analogy: If you build your house yourself, you're responsible for it meeting local building codes. If you pay someone else to build it, you can still have the same problems, but it's the builder's responsibility.
That smokescreen argument makes a lot of sense. Both the company and our clients, tend to opt for ready out-of-the-box proprietary solutions, instead of taking responsibility of the maintenance.
It doesn't matter how bad or limiting that proprietary option is. As long as it somewhat fits our scenario and requires less code, it's fine.
That smokescreen argument makes a lot of sense.
I don't think it does. Remember the Crowdstrike blunder? Remember how many people blamed Windows?
People don't know or care who is managing your security.
instead of taking responsibility
This is why, they prefer to shift the blame in case it hits the fan. That's all, that's it.
They don't care about code quality, maintainability or whatever.
When you get right down to it, it's all risk management.
I recently learned that my company prefers closed-source tools for privacy and security.
I will suggest that same logic to my banker too: a vault whose key they won't own, but I will. Don't worry, all your money will be safe with me, it's a promise 😇
Pinky promise
idk, how secure are you by handing over your privacy to a product whose back-end you can veer into 🥲
Security through obscurity isn't security.
The classic example:
I have a website with no authentication which displays data that really should be locked down. But it's OK because I never told anyone else the URL so no one will find it.
Best reason: nobody see how bad your code is 🤷♂️
Cloased source does for privacy and security what sweeping problems under the rug does: it mitigates them, a bit, but then when they inevitably do hit, they hit hard.