So I’ve been using Rustdesk with a self hosted server for business and personal use now for some time. However, it is definitely the sketchiest foss software I’ve used. It seems to be based in China but the developers keep lying and saying its in Singapore.

Here is a list if everything I’ve found:

https://www.reddit.com/r/selfhosted/comments/14kjvkg/community_consensus_on_rustdesk_with_all_the/

https://github.com/rustdesk/rustdesk/discussions/1159

https://www.reddit.com/r/rustdesk/comments/y230hf/my_rustdesk_client_try_to_communication_with/

https://www.reddit.com/r/selfhosted/comments/10ppntj/reminder_about_the_shadyness_of_rustdesk/

https://www.reddit.com/r/selfhosted/comments/109tn1i/rustdesk_server_117_supports_ipv6_now_selfhosted/j42pf4m/

https://www.reddit.com/r/selfhosted/comments/uurta8/_/

https://www.reddit.com/r/selfhosted/comments/y80sw1/as_someone_that_knows_nothing_about_virtualremote/isxvib2/

https://youtu.be/JIAdEGX_sIU

It seems that now the clients and OSS server are completely foss which is good. They also no longer have public servers in China according to them. In the client itself it also now has better defaults so you are less at risk of getting attacked.

It still is sketch but it now is slightly less sketch I guess? Either way its not ideal.

  • MaliciousKebab@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    10 months ago

    I mean the same thing can be said about the USA, also if there are that many problems why don’t you just check the code, it’s one of the main strengths of open source software.

    • Possibly linuxOP
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      3
      ·
      10 months ago

      The USA isn’t nearly as bad as China. I can access or create any news source for example. You also don’t see people posting about GNU being compromised by the NSA.

      Its always good to verify though.

      • MaliciousKebab@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        10 months ago

        Yeah you are right on that but there still are many backdoors on plenty of applications that are made by American companies. We also know that some agencies wanted to put backdoors on linux kernel etc. In that case why would you not trust an open source app, and trust a closed source one just because of the nationality of developers

        • Possibly linuxOP
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          2
          ·
          10 months ago

          The problem is that China is very bad about backdoors. Free software and transparency is really the only answer to not having backdoors.

          As an example China put backdoors in some Chips though Huawei https://www.wired.com/story/huawei-backdoors-us-crypto-ag/

          My concern is that the people behind Rustdesk are kind of a mystery. Many projects with have a publicly known dev where you can track the origin and current developments behind a project. Rustdesk just has a user called “rustdesk” for the most part. The people behind that are not known. What complicates the matter is reports of them removing issues that question the integrity of the code authors. It would make me much happier if they ran a security audit on Rustdesk. Hopefully as it gets more popular someone will either find that it is mostly fine or that it is a security nightmare.

          I use it because there aren’t a lot of options. Maybe someone else will create something more transparent.