AntiProDenialist wrote (edited )
Reply to comment by Zerush in by !deleted30
Ok, as I say before, it,s not directly related to the article, but generally surveillance is a problem. That moderators read reported posts is clear, but that this is also done by the Facebook company it is also a fact.
Okay, perhaps I was misunderstanding you, you won't find any disagreement on this issue here.
APIs of Google, Facebook and others are foss and you can find them in GitHub (Microsoft). Also true that Mozilla use trackers from Google, see Blacklight analyse of Mozilla.
Okay, I plugged in mozilla.org to this site, and it says it uses Google Analytics and Google Tag Manager (which appears to be a part of Google Analytics). I don't think these are even services that Mozilla could use for profit, but I'm not very familiar with these so please let me know if I'm mistaken. Looking at the source code of mozilla.org for myself I found a comment containing a link to this issue which states:
Yes, www.mozilla.org... [uses] Google Analytics premium to understand how our websites are working... Our Google Analytics premium account is set to opt-out on all of 3rd party uses of the data and the only people who have access to the anonymous aggregated data is Mozilla Employees. This is not the normal Google Analytics setup that most people use on other websites.
I don't see much issue with this outside of Google handling the data (I would prefer Mozilla to handle it themselves, but it's not much of a concern to me).
OpenSource is private as the author pretend it, same as in closed source, specified in the PP of the product, which nobody read.
This doesn't make any sense.
Secure is only a product which has a regulary maintenance, FOSS discontinued (a lot) or poorly atended is un magnet for any kind of malware (I know).
Yes. Don't trust unmaintained software. This isn't specific to open source.
Yes, the public has access to the source code, but how many users are able to read and check hundreds of thousands of lines of code and also check related external resources? If the vast majority do not even read the TOS and the PP.
The point is not that everyone should read all of the source code of all of the software that they use. The point is people can read the source code, so a user can expect a sufficiently popular open source project to have many eyes on it, including independent parties, and maybe even security researchers. You can see all of the different contributors and the discussion between contributors. This is far better than trusting software that was developed behind closed doors.
What privacy is there, without going any further, in Chromium if it is used as is? Chromium is from Google and FOSS.
Like I said, we can bring up any number of FOSS programs that violate user privacy. It's besides the point. We know that chromium is not privacy-respecting by default, and that is why there are forks that serve to "de-Google" chromium, like the fork used by QtWebEngine, which is the base of multiple alternative browsers. If chromium were closed source then we would only know that it violates user privacy at the discretion of Google, via a privacy policy, and I'm sure you would agree a company might mislead/lie in their privacy policy. I'm also not certain how legally binding privacy policies are, or if they are even required at all.
One last question, if in WhatsApp the messages are supposedly encrypted, inaccessible for WhatsApp itself, as stated in the PP, how then can the mods access it? It doesn't add up to me if this is true.
This was the point of my "threatening letter" analogy earlier. By using WhatsApp's "report" mechanism, the user (who has the unencrypted messages) instructs the WhatsApp client to send the reported messages to WhatsApp's servers for their human moderators to review.
Zerush wrote (edited )
I adree with this points and he certainly didn't have any bad intentions against your views. I only intend to clarify and make a few points on an important topic. About Mozilla, if you look at the analysis below, apart from Google analytics, you will also find Alphabet Inc, a Google company, dedicated to disseminating content for advertising companies and which is the tracker that Mozilla uses. I always prefer OpenSource applications, but I know that, what many say, 'what is not FOSS = Crap' or 'FOSS is synonymous with privacy and security', which in my opinion is false, this is not the purpose of OpenSource by default and also dangerous to believe, I know from my own experience.
The many eyes that monitor a FOSS cannot be generalized, since if it is complex applications, they can have millions of lines of code.
In the field of browsers, we are talking about mainly 3 engines, Gecko, WebKit and Blink, the basis for around 100 browsers and another 70 that were discontinued.
In the vast majority, they are forks that make each other with small changes and putting their own logo, because major changes are impossible to make by any developer alone and is reserved for more numerous and active teams or communities, given the complexity of the product, not even talking about maintenance, which is mainly limited to patching holes and bugs that are found later.
Many fall by the wayside for this reason, in a fairly saturated market dominated by the Big 4 (well, Mozilla not so much anymore, currently in freefall, which is sad).
PD, Maybe usefull for you, Blacklight is very usefull to check webs, despite it discover only the most used Tracking tecnics and naturally can't check sites, which need an account to enter (Facebok, f.Ex.). You can ad it also to your search engines list you use
For Android apps is recomended to use Exodus Privacy, which permits to check the apps you use.
AntiProDenialist wrote
About Mozilla, if you look at the analysis below, apart from Google analytics, you will also find Alphabet Inc, a Google company, dedicated to disseminating content for advertising companies and which is the tracker that Mozilla uses.
Blacklight reports 1 tracker, that is Google Analytics. We know Google Analytics is owned by Google, and Google is owned by Alphabet. This doesn't contradict anything I said in my previous reply.
The many eyes that monitor a FOSS cannot be generalized, since if it is complex applications, they can have millions of lines of code.
Yes, complex programs are more difficult to vet. Ideally we should prefer simpler programs whenever possible (for more reasons than just security, but that's a separate topic), but that is becoming more and more difficult as the software landscape evolves. Regardless, I can trust a complex FOSS program (Firefox, the Linux kernel, X11, LibreOffice, to name a few) much more than I can trust any proprietary program.
In the field of browsers, we are talking about mainly 3 engines, Gecko, WebKit and Blink, the basis for around 100 browsers and another 70 that were discontinued.
Yeah, browsers are fucked. Any browser that can handle the modern web is a bloated turd with many vulnerabilities waiting to be discovered.
In the vast majority, they are forks that make each other with small changes and putting their own logo, because major changes are impossible to make by any developer alone and is reserved for more numerous and active teams or communities, given the complexity of the product, not even talking about maintenance, which is mainly limited to patching holes and bugs that are found later.
Yes, this is sadly true. QtWebEngine (based on Blink) is an exception to this, actively maintained by the Qt Project, with 14 contributors in the last month excluding a bot. But yes, what you're saying is correct, and it has the (very intended and very anti-competitive) effect of solidifying Google's dominance over the web.
PD, Maybe usefull for you, Blacklight is very usefull to check webs, despite it discover only the most used Tracking tecnics and naturally can't check sites, which need an account to enter (Facebok, f.Ex.). You can ad it also to your search engines list you use
https://themarkup.org/blacklight?url=%s
For Android apps is recomended to use Exodus Privacy, which permits to check the apps you use.
I browse the web mostly with JavaScript disabled and I use very strict security settings in Firefox (blocks all known trackers, tries to resist fingerprinting, doesn't keep any data on shutdown) with almost no extensions. Trackers aren't much concern to me (although they do suck).
On Android I only use one proprietary app (WhatsApp, and I don't have any choice about it), and a few open source apps. I'm more worried about the operating system itself and the apps that come preinstalled with it, instead of the apps that I've installed (hopefully open source phones can become usable soon).
Zerush wrote (edited )
I use Vivaldi and sometimes UR and FF. As extensions I mainly use Trace and Site Bleacher. Also uBlock Origin in FF, in Vivaldi I don't need with its own blockers where are also the filterlists from uBO and others. In Android also Vivaldi and naturally OpenSource apps from F-Droid as much as possible, proprietary only an app for medical appointments, that I need as an old retiree that I am.
Because of this I use Windows10 (tuned, without telemetries and other spy-crap it has by default). Well, at least it has the biggest catalogue of FOSS of all OS.
Viewing a single comment thread. View all comments