Summary:
The article debunks several common misconceptions related to software security and privacy:
“Open-source software is always secure” or “Proprietary software is more secure”
First, it clarifies that whether software is open-source or proprietary does not directly impact its security. Open-source software can be more secure due to transparency and third-party audits, but there is no guaranteed correlation. Similarly, proprietary software can be secure despite being closed-source.
“Shifting trust can increase privacy”
Second, the concept of “shifting trust” is discussed, emphasizing that merely transferring trust from one entity to another does not ensure complete security. Instead, users should combine various tools and strategies to protect their data effectively.
“Privacy-focused solutions are inherently trustworthy”
Third, focusing only on privacy policies and marketing claims of privacy-focused solutions can be misleading. Users should prioritize technical safeguards, such as end-to-end encryption, over trusting providers based on their stated intentions alone.
“Complicated is better”
Lastly, the complexity of privacy solutions is addressed, encouraging users to focus on practical, achievable methods rather than unrealistic, convoluted approaches.
deleted
Plus, not many are willing to compile or even try/have the skill to read in to the code. Even with something like Vanadium on GrapheneOS I’ve encountered eyebrow raising behaviors I do not like.
I’m curious since I’m using graphene. What have you encountered?
Minor stuff. It leaves a tab open in vanadium after charging, there is no option to wipe all cache data automatically after exiting, there is not much granularity in what data is stored in cache or persistent storage, and there is no way to view the web source code easily.
I know a few popular open source apps that are straight up insecure. When pointed out, people will call you a corporate shill lol. “Someone must’ve read the code” is what they say. Yes, I did and I’m telling you its no good.
Similarly, proprietary software can be secure despite being closed-source.
That depends entirely on your threat model and the kind of relationship you have with the software vendor. Software might be proprietary and closed source but e.g. you might be the only customer and did get to engage an auditor which could see the source code. Or it might be off-the-shelf software made in a country trying to spy on your company or country. In some of those cases it literally can not be secure for your threat model.
