Follow

“Can I trust app X?”

Can you trust the company/organisation/people who make it? (What have they done in the past/are doing now?)

Can you trust their business model? (How/when do they make money?)

Is it open source?

Is it decentralised?

If yes to all, yes. Otherwise no.

@aral
Can we add another question for the list?

Is it not RSA?

@aral don’t forget: can you trust all potential future owners of the company, its databases and its business partners.

@zensaiyuki
This is basically to say "just give up", it's impossible to answer yes to this question. Already @aral had put the bar so up that mastodon is basically the only app I know that I can trust, and only in some instances .-.

@honiden @aral grim, disappointing, and basically impossible to accept, i will admit. but it is hard for me to see the internet and the commercially motivated mass surveilance it brought as anything other than a curse, a mistake. a pandora’s box that shouldn’t have been opened, even if it wasn’t just monsters that came out, it’s becoming harder and harder to see the costs as worth it.

@zensaiyuki
perfect description at the beginning ^_^" Now that I know your position on the internet I get why you said that
@aral

@zensaiyuki @aral that's why open source/free software is not enough, it should be copyleft. then it can't be made proprietary later!

GPL / CC-BY-SA

but that only applies to software you run on your own devices. when you give your data to a company, you have to trust them not use it for malicious purposes. with GDPR they have to tell that they do it. open tumblr for example, you get a list of hundreds of partners with whom they share your data and the partners also have partners and so on...

@davidak @aral open source AND copyleft mean nothing without ethical guidelines as well. An oppressive government or evil corporation can leverage copyleft software just as easily as anyone else.

@zensaiyuki @aral yes. my only point is that you can trust copyleft software not to become closed source what can happen with permissive open source licenses. it happen sometimes when a project is sold

@davidak @aral I wouldn’t bet on it. in order for copyleft software to not become closed source, the author must be prepared to sue, and have the money to do so. it’s a license not a magic spell.

@davidak @aral now the EFF does a great job at backing software authors up on such issues but their resources are not unlimited.

@davidak @aral and, also, it’s a legal agreement in a country. entities in foreign countries and foreign governments aren’t particularly bound to honour it.

@zensaiyuki @aral sure some companies ignore copyright, but it's one thing where we can use the law for common good. and i think we should.

or would you say in practice copyleft is not that important. it's good enough when it's open source? the community can still fork the last os version.

@davidak @aral I am not enough of a lawyer to argue the finer points of copyleft vs. e.g MIT,BSD. only that I don’t trust law to serve justice, and it is stacked against the disadvantaged. if it can sometimes be used for justice I won’t complain. Just that i won’t put my faith in high ideals from software people anymore.

@zensaiyuki @aral software people are just that. some might have high ideals, most probably not. people with high ideals are more like activists. i try to be both

the idea behind free software licenses is to use the copyright law for common good, as it gives users rights instead of limiting them

i thought again about GPL vs. MIT. the main difference is that MIT supports closed source. so i could say: if you care about free software, use GPL

even this GitHub site say it choosealicense.com/

@aral

Many users forget there are real people behind apps.

And real interests that need not meet ours.

@kravietz @aral Does the output of "python exodus_analyze.py $APK_file" expose any spyware? Is the app even available outside of the #walledgarden of #Google #Playstore?

@aral @kravietz Is the app's bug tracker exclusively on MS #Github or #Gitlab? If so, bug reports are suppressed by hostility toward #Tor users trying to file bug reports. Apps that hinder bug reporting are not trustworthy.

@aral It's interesting how some developers invest time in personal narratives to shore up their answer to "can you trust the people who make it?" For example, when you read the many stories that Moxie Marlinspike has posted on his website, are you more likely to feel that you can trust him?
moxie.org/about.html

I also think about someone like Ladar Levinson, or the Calyx guy (whose name I forget). They've been tested, and went to the mat, which should count for something.

@aral hm, I’d argue that if it’s open source and decentralized (every single part of it), you don’t even have to trust the company behind it because you (or other independent people) can verify whether it’s trustworthy. Ofc marketing (and therefor money) will play a role in how you will perceive the app and it might skew your sense of trust one way or the other...

@jokke Exactly. The only things you should trust are the ones that you don’t have to trust because the people who built them decentred themselves and designed them so you don’t need to trust them to begin with.

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!