this post was submitted on 02 Jun 2024
366 points (97.2% liked)
Fediverse
28444 readers
664 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Without it being open source and not providing reproducible builds, the privacy claims are borderline weightless.
Agree, but anyone competent could just sniff the traffic. (Or hopefully, lack thereof)
For sure. What the aforementioned bits of information provide is the ability to be confident in the privacy of software if one were to treat it as a black box, ie an average consumer.
This. For all we know, the app could be doing all kinds of nefarious things and we wouldn't be able to tell.
Hm, I feel that it's inaccurate to say "we wouldn't be able to tell". It's not exactly a black box system — the app would have to run on an operating system, and if you are able to know what the operating system is doing, and what instructions are being executed by the CPU, then you can know exactly what the app is doing.
What the aforementioned bits of information provide is the ability to treat software as a black box and be sure of its safety without having to fundamentally audit it.
even if it's open source, how would you verify that the instance is running that version of the software?
Fair point. I believe I was under the impression that this was an app rather than a served webpage. I suppose one can easily verify this by looking at how the "For You" algorithm works within the browser — all the code for functionality would be sent to the browser; though, it could potentially be obfuscated, which might be a pain.