Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
For certain changes to happen, people in general need to understand the risk with technology and the companies behind it.
PS: Found this article that might interest you: https://bleepingcomputer.com/news/... -
@irene I'd be great if you could provide some arguments.
-
@irene While its true that open source doesn't mean secure, it at least gives the ability to being audited independently.
This is extremely important as countries like the UK (i know, that's not a country but you get the point) have laws in place which require companies to check with security agencies whether they want in backdoors before releasing a new product.
Also Australia is introducing a decryption law which is very much worrisome as this makes that commercial 'secure' services like WhatsApp will have to give access to encrypted content through whatever means, in this case this would probably require a backdoor.
One might argue that telegram is the perfect example for the 'open source does not mean more secure' statement and this is kinda true since their crypto has been deemed insecure by crypto experts but then, they only release source code now and then, I wouldn't really call that open source.
Open source definitely does not mean more secure but without it, we definitely would be less secure in general. -
@irene Also as for closed source not being insecure by default, that's true.
But, there have been quite some cases where either backdoors were shipped (*cough* the backdoored closed secure prime number generator from the nsa *cough*) or obvious security flaws were discovered way too late (the Juniper firewall backdoor discovery for example or the few-characters windows UAC bypass or the fact that CCleaner was hacked and shipped backdoored versions for months (yes, Linux mint had this as well but it was discovered after a day or so)).
That wasn't the fault of 'closed source' but could've been discovered way earlier if the code would've been available for auditing.
Related Rants
Programmers are the wizards of tommorow. Period
I think we're going two sides:
For one, more and more technology is being developed/engineered which is even more and more and more intrusive as for personal privacy, I'm genuinely worried how this'll go as privacy isn't just a about not exposing certain things like passwords/bank account details and so on, it's also about being an individual who has their own thoughts, opinions and so on. If we keep taking that away more and more often, society will change and go towards the Orwell scenario (we're on our way there right now). We can change this as software/design/server engineers but that's up to us and I sadly don't see that happening quickly, also due to the 'nothing to hide' bullshit.
Second one is that were going more and more towards open source.
This is a good thing as this:
- gives freedom to devs around the world to improve software and/or modify it to suit their needs.
- gives people the opportunity to look through the source code of softwares in order to verify it as for backdoors and find security vulnerabilities which otherwise can remain hidden for the general public while spying agencies have way more resources to go vulnerability hunting.
For the people who think this isn't a good idea (even more open source), without it we'd be completely fucked as for moving forward/security/privacy. (I can give examples if wanted).
rant
wk127