“Trust” as in: trust it enough to run it on your machine.
(And assuming that you can’t understand code yourself)
Depends heavily on application (access required, sensitivity of data handled, etc) and nature of disagreement as it pertains to trustworthiness.
Example A: I use Lemmy even though I disagree politically with the original devs because the design appears sound and it doesn’t require access to sensitive data.
Example B: I won’t use anything from the Proton Foundation because the founders’ personal comportment and political leanings have led me to suspect that they intend to sell user data.
While I am… suspicious of what the CEO (?) has spouted recently, I am unaware of how that connects to user data. Can you ELI5/summarize/point me in a direction?
That was largely gut-level analysis for my personal decision-making but here are a few of the things I considered:
- Value proposition in the context of acquisition, featuring a heavily-marketed privacy brand and a base of privacy-conscious users (harder to profile, more expensive data)
- Obfuscation of funding sources via ‘venture philanthropy’ non-profit (a la OpenAI) housing closed-doors for-profit operations
- Rapid expansion to full-coverage consumer productivity cloud platform alternatives (vpn, mail, drive, calendar, wallet, passwords, etc)
- Weird pattern of being blocked then let through without future contest by numerous data-hungry entities including thiel, and generally just allowed in a few too many privacy-unfriendly places for my taste
- And the usual reservations re: privatized privacy and commercial OSS
Again sorry that’s all hand-wavy. Probably shouldn’t have thrown shade without something more concrete.
Not OP, but I left for similar reasons. The CEO publically supported the Republican admin (mildly, but even at the time, stupidly). The statement sent out about it after the fact was also sus, but not really super bad.
I left anyway. I’d rather not pay a CEO to publically support the administration that is specifically targeting my family for political points.
I also heard a lot of fear mongering on the fediverse about how their new AI conversations can’t be private because it gets to their servers directly, but I couldn’t find anyone reasonable online who actually looked into it and confirmed that.
So like, they’ve got all the ingredients for more stupidity, and as we’ve seen time and again, everything pressuring them to fuck up/enshitify is also there in the background too.
That’s basically my understanding, I thought there was another layer to it that I wasn’t aware of. I wouldn’t say ‘avoid’ but I would say ‘caution’ to others, currently.
I am planning to try mulvad at the end of my proton vpn subscription, which is the only proton service I use (+ a dead mailbox too, just in case I forgot a site when transferring out a few years ago). I run my own vpn through a vps, but for stuff that I need full disassociation I’ll still fire up proton, for now. 3y subs and all that.
Honest question. How?
Proton Mail is built in a way that makes that near impossible.
What makes you say that? Any e-mail provider can intercept and read any e-mail they want to. This explanation by cock.li is pretty good on this issue:
How can I trust you? You can’t. Cock.li doesn’t read or scan your e-mail content in any way, but it’s possible for any e-mail provider to read your e-mail, so you’ll just have to take our word for it. No “encrypted e-mail” provider is preventing this: even if they encrypt incoming mail before storing it, the provider still receives the e-mail in plaintext first, meaning you’re only protected if you assume no one was reading or copying the e-mail as it came in. When possible, you should use X.509 or GPG with your mail correspondents to encrypt your message content and prevent it from ever being handled in plaintext on our servers. You should also download and delete your mail from our servers regularly, which alone is almost as good as encrypting your mail.
Yes and most vulnerabilities related to the mail service are, I imagine, related to interop requirements of legacy protocol/clients. I haven’t audited their e2ee but I expect it’s on par with other e2ee cloud providers, and IIRC they passed SOC ii.
My distrust pertains mostly to their operations during a future exit scenario/acquisition when users are, presumably, more heavily invested in the various offerings of their extended productivity suite.
Who’s out here trying to figure out the political or other beliefs of developers? I’ve got around 50 docker containers running on my server, there’s no way I’m going through people’s profiles to see if they’re morally aligned with me.
I know you do.
Well, you’re here, aren’t you?
Tbf, accessing a a software running on some server (which is not my machine) over Tor isn’t exactly the same as, say, installing a software with admin privileges on my computer.
True that…
Then lemme try to give the answer you were asking for.
Let’s start with Linux. The kernel itself has hundreds, if not thousands, of contributors. Next there’s the pieces of software that run on it, each with its own set of contributors.
There’s no way you can do anything meaningful by going thru this huge list just to see what their political backgrounds are. I’m sure there are controversial people contributing to the very pieces you are running right now.
Even if you did find some problematic backgrounds, what are you gonna do anyway? Stop using it? Do you think it would affect them? It’s not like you’re paying them. On the contrary, you’re probably just gonna make your life harder.
Depends on the software. I’d not trust a vpn that was made in an authoritarian state. I’ll play a game made in one.
As for the developer if they are more famous for their political views than the software I’d probably not install it.
Really depends on the level of disagreement. If its total idiocy like maga or monarchist or something I would likely stay away. If they don’t think ubi is a good idea I can get passed that.
past, not passed
no um I mean like I can’t get the political philosophy passed to me so like I would drop it and not run to the goal line and… ok I did it wrong.
No. If I disagree with someone politically it’s likely because they want me and anyone like me dead. Those people are dead to me.
I’m pretty sure we’ll disagree politically on many issues but I don’t want you or anyone like you dead. I hope people in the US will stop viewing politics as cults and start to communicate with people disagreeing with them.
For the first 40+ years of my life, sure. For the past 10…we are suffering from a cult.
Do you support trans rights? Do you support immigration? Do you support the demilitarization of police and complete restructuring of the current US “justice” system? Do you know why credit scores exist? Do you support using taxes to provide for our most vulnerable? Do you know what diversity, equity, and inclusion are?
If you said no to any of those, then I doubt we share common ground
I doubt many people outside the US have any clue about whether the US justice system needs to be restructured, so there goes ~95% of the global population.
Excluding people from discussions because they don’t agree with ‘one’ point is setting yourself up for failure.
You aren’t winning anyone over with an all-or-nothing attitude, you’re cutting off many potential allies.
I presumably already do. Am I expected to know every single maintainer of every single piece of software I boot up? That is a LOT of homework to run an application.
Genuinely can’t tell if this a real question or some weird reductio ad absurdum thing on the not separating art from the artist trend in modern society.
Yes, since not liking or disagreeing with someone isn’t the same thing as likelihood they are pushing malicious code. If something is open source that’s a really good sign, because they could also push closed source code and be more likely to get away with it that way. More points if it clearly has other eyes on it; even if I am not checking over the code myself, someone probably is for a lot of projects.
It’s like “separate art from artist” except even more so because software tends to be even more quantifiable as its own independent thing than art is.
it depends on what the software is doing i guess
You use so much open source software–often indirectly–that it’s almost impossible to avoid every asshole with an opinion.
That said, there is one dev where I disagreed with his actions so much that I actively avoid his stuff. It’s not really political, but he’s one of those devs who can do incredible work on his own, but has the social skills of a moldy sandwich. You may have used his work in the past indirectly, as his event library (libev) used to be the basis for Node.js. (The Node.js devs moved elsewhere many years ago due to technical issues such as Windows compatibility).
Anyways, he had a Perl event library known as AnyEvent. It has a bit of a weird, inside-out interface compared to most other event libs, but it works really well once you get the hang of it. The problem that came up was that he didn’t like the way a certain extension module used AnyEvent. He threw a tantrum and had AnyEvent detect if that extension was loaded, and
die()with a big error message about his personal opinion on the matter. This broke perfectly functioning systems when they upgraded AnyEvent.That’s when I stopped using his stuff and urged my coworkers to do the same. Can’t risk that time bomb going off. Wasn’t a small matter, either, as he also wrote the most common way to parse JSON on Perl.
Most of the time : Yes
But it depends on a lot of things :
Is there any viable alternatives ? What’s the nature of the disagreement ? Is there a possibility of a fork emerging ? Etc…
I hate google but I can’t replace Android studio at work or ask my employer to stop releasing updates on google play. If the disagreement is about project governance, I would support forking, see CoMaps or Forgejo. I will avoid projects for a variety of reason, two good examples are Manjaro and Hyperland, I avoid the former because of their collaboration politics and the later because they are plain bigots.
Politics can encompass a lot of thing and open source is a very political subject.
it depends entirely on the context, what the software is, alternatives… etc
if it is open source and sources I trust approve of it, sure
One my neighbors is a highly skilled craftsman. I dont use that label loosley. I’m a very competent DIYer but his work is in a class above mine. He built a metal railing around his deck and it is immaculate. Clearly constructed by someone with years of welding experience and a keen eye for detail.
We don’t really talk politics but I know for a fact that there are at least a few things we disagree on.
That said, I would absolutely hire him to fabricate something for me if I needed it. I really doubt he does his day job because of his political beliefs. I assume he takes a lot of pride in his work and would do the same quality job for me as he would for anyone.
It’s a serious error to constantly try to distill people down to their politics. That’s a divisive tactic intended to devalue and dismiss “the other side.” Whoever that happens to be at the moment. Don’t misunderstand what I’m saying. Politics are important and the way our governments and societies operate affects all of us. But, people are complex and multi-faceted beings with a wide variety of experiences that shape who we are. Our lives are highly contextual and consequently, so are our dealings with others.
If it has lots of independent eyes on the code and provides a service I need and can’t find a superior solution to, sure, as I will not be needing any services that disagree with my political opinions and as long as I’m not financially supporting said developer.
