this post was submitted on 02 Aug 2023
1722 points (76.5% liked)

Memes

45755 readers
1013 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 15 points 1 year ago (1 children)

Sync is popular because its closed source makes it harder to break the security aspect if you don't have all the access to source code.

Do I understand correctly that you mean, that closed source makes something more secure?

I believe that open source can be more secure because:

  • More people looked at the source code thus more bugs have been discovered.
  • Bad actors will get a hold of your code anyways. Especially mobile apps should be easy to reverse engineer.
  • Intentional backdoors are easier to hide in closed source applications.

There might be more arguments, but I think you get the point.

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago) (1 children)

Sorry for the lengthy TL;DR you are not secure by default or more secure by default either way. Both methods have their advantages and disadvantages. There is an article below. I don't like to really argue but have educational discussions. Arguments don't really help anything. Hopefully, this is helpful as the wall of text comes off like a rant but it isn't. However, interpret it as you will. Have a nice evening.

The real point is that security is tricky being open doesn't always mean you are more secure or for that matter any more private.

"bad actors will get a hold of your code anyway."

This is the equivalent argument of, "we should just make guns free and available to everyone because if a criminal wants a gun they will just buy one."

There is some truth in your argument that is undeniable and anyone who attempts to deny that is a fool. That isn't my point however. The point is that closing something doesn't also mean it is less secure because prying eyes have seen it. Close sourcing content can also mean less prying eyes while it is true more people see open source it means your code is also more vulnerable to an attack.

Android and iOS are proof that close sourced and open source content both have their benefits and cons. I am an Android guy all the way but it is true that there tends to be less malware on iOS than Android. At least that is how it seems.

It is true that bad actors are going to act badly but what is even more true is there are proper ways both open and close source platforms can exist securely. While I love Android and Apple may not be the best analogy because they have tons of devs and lots of money and we are comparing them to 1 dev and small amounts of money.

Just because something is closed source doesn't mean it's a problem or less secure if anything close sourced and discovering a problem can make it more secure because that product actively gets better or more secure when the problem does become apparent. The issue is how the problem appears.

Open source appears more secure because more eyes can see it and that means a vulnerability can be spotted before it occurs but that also means more prying eyes could also take advantage of that vulnerability before it is caught and that does and has happened.

The theme I see on Lemmy is that anything not open source is something to be afraid of but that is not always the case.

Because I like to educate and not argue here is an article worth reading. The issue is that open source can begin to get too hard to follow if not everyone knows what they are looking at.

Open Source Security

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

Thank you for your answer. I will read the article you linked.

I initially was just very irritated by your comment because it sounded like closed source is more secure in general.

Have a nice evening too.