this post was submitted on 06 Jan 2024
19 points (88.0% liked)

Privacy

31975 readers
677 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Does an open source keyboard exist for iOS that respect your privacy?

Does apple get what you type on the keyboard in their servers?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 10 months ago* (last edited 10 months ago) (1 children)

Even if the keyboard is open source, you cannot guarantee that the app that is installed by the app store is the open source version.

[–] [email protected] 8 points 10 months ago (1 children)

The same can be said about any binary as well.

[–] [email protected] 2 points 10 months ago (3 children)

Not true, you get the open source code and you compile it yourself then compare the checksum of what you compiled with app installer. If they match that means they didn't add extra code besides whats in the open source.

[–] [email protected] 12 points 10 months ago (1 children)

Yes, the binary downloaded from an open source project might be different from the binary compiled on your own computer, even if they are from the same source code. Here are a few reasons why this can happen:

  1. Compiler Differences: Different compilers or different versions of the same compiler can produce binaries with variations in performance and size.

  2. Build Environment: The environment in which the binary is compiled, including the operating system and its version, libraries, and other dependencies, can affect the outcome.

  3. Configuration Options: Most open source projects have various configuration options which can be enabled or disabled during the build process. The pre-compiled binaries might have a different set of configurations compared to what you choose when compiling it yourself.

  4. Optimization Levels: Compilers have different optimization levels and settings. The binary provided by the project may be optimized for general compatibility, while you might compile with optimizations specific to your hardware.

  5. Patches or Modifications: The official binary might include patches or modifications that are not present in the source code you downloaded, especially if it's from a different branch or a snapshot of the repository at a different time.

  6. Reproducible Builds: Some projects aim for reproducible builds, where the same source code should generate an identical binary, but this is a challenging goal and not all projects achieve it.

Always ensure that you trust the source of any pre-compiled binaries, as they could potentially include malicious code not present in the source.

❤️

[–] [email protected] 2 points 10 months ago (1 children)

You're right of course. But just to add - 'reproducible builds' is an ongoing attempt to make hash comparisons practical.

[–] [email protected] 1 points 10 months ago

It’s also a lot easier to do this on a desktop/server environment. Doing this on a popular mobile device would be difficult, and would require the OS developer be involved (and I doubt Google or Apple would be that open)

[–] [email protected] 4 points 10 months ago (1 children)

There are valid reasons the checksum might differ, just depends on

[–] [email protected] 2 points 10 months ago
[–] [email protected] 1 points 10 months ago

Is it even possible to run a checksum on iOS though?