this post was submitted on 09 Oct 2023
1590 points (91.6% liked)
Privacy
32177 readers
407 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Chromium has tons of eyes on it, because it's codebase for many other projects, such as Electron and any chromium based browser.
Web integrity wasn't discovered through chromium source code, but it was openly proposed by Google on separate Github repo, dedicated solely for that proposal.
There are many shortcuts in your thinking that just the code being open makes it trustworthy. Every PowerShell malware technically has its code open, because it's a script. But you wouldn't open a random script from the internet, without checking what it does, yet you don't apply the same logic to Brave. If you don't check the source code yourself, you either need to trust an author, or third parties that "checked" the code.
In addition to that, you're probably using compiled binary, which means at this point you can throw that source code out from window, because at this point you can't be sure compiled binary == source code.
Due to the enormous amount of code, it's really easy to obfuscate malicious behavior. At the scale of the browser it's more efficient tracking outbound packets that program sends than examine source code.
i really dont think the large amount of code thing is a good argument because of the way github works. any changes made are highlighted and you can look back at the history of changes. even if this theoretical spyware was implimented from the beginning people would know.
yeah I downloaded it from github and doubt its got spyware in it so i trust i dont need to compile it myself.
ppl are just hating coz they dont like some guy that has somthing to do with brave & all this brave is spyware stuff is based off of nothing.
vivaldi has closed source code that is completely trust me bro not spyware 🤣