this post was submitted on 14 Nov 2023
417 points (91.6% liked)

Technology

59148 readers
2773 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 28 points 11 months ago* (last edited 11 months ago) (2 children)

Sunbird is closed source so you just have to take their word for it when they say they don't store messages or credentials. How the fuck could you know if they're lying or not? You can't because it's closed source.

As much as I have issues with the similar Beeper, at least Beeper is open sourcing their bridges.

[–] [email protected] 20 points 11 months ago (3 children)

Just read through their faq

Some of the messaging community believes that software that is open source is more secure. It is our view that it is not.

That's a nope from me.

[–] [email protected] 7 points 11 months ago

Yeah okay at first I thought "closed source isn't necessarily a problem as long as there's a good reason".

But nope. That's the worst reason.

[–] [email protected] 5 points 11 months ago (3 children)

That statement is pretty stupid in general. But for server side software, open source doesn't help much. Even if you can look at the source, you still need to trust them that that's what they are running on their servers.

[–] [email protected] 6 points 11 months ago

I think there is levels of trust.

I am often able to reach of level of trust to believe a company is not straight up lying about the code they are running on their servers.

I am not often able to reach a level of trust to believe a "trust me bro" from a company (especially if that statement is not qualified in a meaningful way).

[–] [email protected] 1 points 11 months ago

Open source is important for services with end-to-end encryption, because you can make sure the client actually encrypts the outgoing data, is not sending your private key somewhere, and won't break that security at some point in the future.

Of course this particular service cannot even have end to end encryption in the first place.

[–] [email protected] 1 points 11 months ago

Doesn't help much in terms of privacy. But still is very important. https://www.gnu.org/philosophy/who-does-that-server-really-serve.html

For a bank or any system you would not have control over anyway, it does not have to be open, only the client software you run on your computer should be. But messaging, document editing (like Google Docs), etc. are personal tasks that could be done via a local program, so a remote program should be give you freedom from it's provider.

[–] [email protected] 1 points 11 months ago

In other words: "Some of the messaging community believes that software that can be controled by the user and is clear how it works is doing what the user wants it to. It is our view that it is not."

They are just like the rest of big companies. Remember when Facebook was a privacy respecting and friendly alternative for MySpace? Or Apple for IBM? Or Google for other search engines?

[–] [email protected] 13 points 11 months ago

They host their iMessage related shit the exact same way, so the amount of trust in the service is basically identical, at 0