Hacker News new | past | comments | ask | show | jobs | submit login

Kind of meaningless if you can't trust the software running on your device though, since it could be scanning locally or relaying to remote services.



This is an instance of the trope "if you can't solve everything, you shouldn't solve anything".

It is fallacious because you'll never get there if you're not allowed to make incremental advances.


Exactly. Demand an open source for every encryption app - or at least those offered to the public en masse.

It's not enough that a FOSS alternative _exists_; it needs to be the case that closed-source encryption is not considered as an actual encryption "end".


So run free software?


Every free software will have dozens or even hundreds of transitive dependencies.

It literally isn't possible for an ordinary person to audit all code.

At some point you have to blindly trust.


There us a huge difference between you alone trusting a piece of software and the whole community verifying it at random.


Are you confident enough to audit the free software yourself - or pushing the trust back to someone else?


Our modern society couldn't exist without some trust, but there are huge differences in types of trust and the trustee's underlying motivations.

Trusting the community to audit is like trusting the scientific method. Anyone can find and point out a flaw, which can then be verified by everyone. That's an idyllic description, and the process is quite imperfect, but it's the best we've got.

Meanwhile, trusting a surveillance company to self police is like trusting a quack medicine healer.


It isn't enough to run free software, all your contacts need to do that as well. It is the old gmail problem highlighted by Mako Hill:

https://mako.cc/copyrighteous/google-has-most-of-my-email-be...


You are right: You also need to promote free software among your friends and help it to improve.


Like signal that still refuses to put their client on fdroid?


Like Element which does publish its client on F-Droid: https://f-droid.org/en/packages/im.vector.app/

(Yes, F-Droid availability is a very good cutoff, I agree.)


I do not consider Signal trustworthy for such reasons.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: