Would you trust an open source software maintained by a developer who you disagree with politically (or otherwise don't like the developer)?
-
Depends heavily on application (access required, sensitivity of data handled, etc) and nature of disagreement as it pertains to trustworthiness.
Example A: I use Lemmy even though I disagree politically with the original devs because the design appears sound and it doesn’t require access to sensitive data.
Example B: I won’t use anything from the Proton Foundation because the founders’ personal comportment and political leanings have led me to suspect that they intend to sell user data.
Honest question. How?
Proton Mail is built in a way that makes that near impossible.
-
jdupes: it's great software. The author left GitHub not because of Microsoft, but because he refused to implement 2fa on his account, which GitHub made mandatory.
wrote last edited by [email protected]Oh I would not trust software from a developer who does not understand the importance of MFA.
I mean, there's probably nothing wrong with it, but that's such a basic security issue that I would have zero faith they built the rest right.
-
Not really directed at Lemmy.
I was thinking about the time Louis Rossman (who used to advocate for using Graphene OS) said he stopped using GrapheneOS because he didn't trust the former lead dev.
Also: https://en.wikipedia.org/wiki/XZ_Utils_backdoor comes to mind.
He lied about stopping use of GrapheneOS. He can be seen in videos long after still using GrapheneOS on his Pixel. Also, the reasons he stated for not using/trusting it were nonsense. There was not, and is not, a technical way to target a user with malicious OTA updates.
He was also one of 3 owners of a for-profit telecom that included Nick Merrill (Founder of Calyx). https://sec.gov/Archives/edgar/data/2009536/000200953624000001/xslFormDX01/primary_doc.xml is the SEC filing for shares issued in February 2024 .
-
I choose not to do business with anyone who's too vocal about their political disagreements. I'm paying you for your services not your opinion so shut up!
I had a contractor in my house who saw that I had 40k models. Just as he was packing up, he started ranting about how the game had gotten too woke.
Please spare me and just leave.
-
Does it make much difference when your still federalised?
If you had not mentioned it i would be unable to tell that you are not on lemmy, i also believe your comments and interactions are still getting indexed by lemmy instances and help their growth.
That said, your instance is alluring to me.
I didn’t know about piefed till now, how big of a switch/change would it be?
it's the same principal of using one lemmy/piefed mobile client over another. my comments are still going to the fediverse, but if you're using one software, you aren't supporting the growth of another. even if other instances can see the things I post, that's not their growth, since at any time I can cut them off if I do not like the behavior of their users.
as for features, piefed has a few significant things that lemmy does not have. for example, problematic users have a big red or yellow warning sign next to their name everywhere they go, showing that that person has low or very low reputation. at a certain threshold that I set, I can also automatically hide downvoted posts and comments. there's also built-in user notes, so I can tag users and have that tag display next to their name as well.
and finally, piefed has actual user/instance blocking. for example, we found out the hard way that by having .ML as an instance blocked in my personal settings, no .ML users were able to comment on my posts or reply to my comments at all, even though my instance is federated with them.
there's also a lot more settings when it comes to communities. while it was still on lemmy, we used to have a lot of .world users downvoting every post in [email protected], simply because they found the content offensive and did not interact in any other way. downvotes affect discoverability in /all, so those liberals were in effect trying to censor us because they don't like being criticized. we've even had to deal with people using alts as zombies for downvoting. now that we've moved the comm to piefed, we can restrict the people who are allowed to downvote as much as we want, so that sort of abuse is impossible now.
-
The developer is kind of just a sack of shit. I'm 90% sure Lemmy development is funded by either Russia or China, and I suspect Russia.
I kinda doubt it. Let's not forget this is a global community, and Marxism-Leninism has different levels of support in different parts of the world.
If this was a state-funded project, I think the development would have gone a lot more swiftly, and the leads would be even more puritanical in pushing their beliefs. As it is, I've argued pretty extensively from a liberal perspective on .ml before, even personally with dessalines, and while they don't exactly love me over there, I'm careful to respect their rules and they haven't banned me.
I think they really are just idealistic supporters of communism, mostly from places where that's a little more common.
-
The developer is kind of just a sack of shit. I'm 90% sure Lemmy development is funded by either Russia or China, and I suspect Russia.
Well, you may be surprised then to find it's being funded by NLnet, which apparently gets its money from the EU.
-
Well, you may be surprised then to find it's being funded by NLnet, which apparently gets its money from the EU.
That doesn't mean it's not also funded by China or Russia. They've been able to work on Lemmy for a while without much public funding.
-
I kinda doubt it. Let's not forget this is a global community, and Marxism-Leninism has different levels of support in different parts of the world.
If this was a state-funded project, I think the development would have gone a lot more swiftly, and the leads would be even more puritanical in pushing their beliefs. As it is, I've argued pretty extensively from a liberal perspective on .ml before, even personally with dessalines, and while they don't exactly love me over there, I'm careful to respect their rules and they haven't banned me.
I think they really are just idealistic supporters of communism, mostly from places where that's a little more common.
wrote last edited by [email protected]If it was state funded by a functioning state I would agree with you, but I wouldn't be surprised if Russia was kicking these guys a modest living to undermine American social media companies.
I mean, I got banned personally by Dessalines from lemmy.ml for mildly suggesting that a meme felt like it was a Chinese op designed to provoke in-fighting in western countries.
Not rudely, not aggressively, literally just questioning whether it could be in the comments below.
-
I kinda doubt it. Let's not forget this is a global community, and Marxism-Leninism has different levels of support in different parts of the world.
If this was a state-funded project, I think the development would have gone a lot more swiftly, and the leads would be even more puritanical in pushing their beliefs. As it is, I've argued pretty extensively from a liberal perspective on .ml before, even personally with dessalines, and while they don't exactly love me over there, I'm careful to respect their rules and they haven't banned me.
I think they really are just idealistic supporters of communism, mostly from places where that's a little more common.
Not to mention wheres all the disinformation campaigns? It only started to get bad recently on Lemmy.
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
If I know someone's political affiliation prior to using their software I'll likely find an alternative if their views are harmful.
-
jdupes: it's great software. The author left GitHub not because of Microsoft, but because he refused to implement 2fa on his account, which GitHub made mandatory.
His website has some wild ranting about codeberg too. I've been tempted to stop using jdupes.
-
If it was state funded by a functioning state I would agree with you, but I wouldn't be surprised if Russia was kicking these guys a modest living to undermine American social media companies.
I mean, I got banned personally by Dessalines from lemmy.ml for mildly suggesting that a meme felt like it was a Chinese op designed to provoke in-fighting in western countries.
Not rudely, not aggressively, literally just questioning whether it could be in the comments below.
Yeah, I won't say it's impossible or anything. I just think there's other reasonable explanations too.
Personally I just avoid mentioning China when I'm over there. lol It's easier to keep everything civil if you avoid naming names, and China is a particularly sore spot for them. You also can't forget that free speech is not a foundational part of their ideology like it is ours. They're more about seizing the means of production than the free contesting of ideas.
It does feel a little like walking on eggshells.
-
He lied about stopping use of GrapheneOS. He can be seen in videos long after still using GrapheneOS on his Pixel. Also, the reasons he stated for not using/trusting it were nonsense. There was not, and is not, a technical way to target a user with malicious OTA updates.
He was also one of 3 owners of a for-profit telecom that included Nick Merrill (Founder of Calyx). https://sec.gov/Archives/edgar/data/2009536/000200953624000001/xslFormDX01/primary_doc.xml is the SEC filing for shares issued in February 2024 .
Ok first of all: GrapheneOS is great, probably the best alternative Android OS, but their PR skills are rock bottom. Still, many ignore that due to how good it is.
With that said, I don't believe their claim that it's impossible for them to target a user with a malicious OTA: their reason is basically that the update server never even knows who is downloading, and so it can't send a different file to just one user. That's true, but thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.
I trust them not to do it, for many reasons, but technically they could. I also don't think they'd do it to Louis, despite the beef they have with him.
-
While I am... suspicious of what the CEO (?) has spouted recently, I am unaware of how that connects to user data. Can you ELI5/summarize/point me in a direction?
Not OP, but I left for similar reasons. The CEO publically supported the Republican admin (mildly, but even at the time, stupidly). The statement sent out about it after the fact was also sus, but not really super bad.
I left anyway. I'd rather not pay a CEO to publically support the administration that is specifically targeting my family for political points.
I also heard a lot of fear mongering on the fediverse about how their new AI conversations can't be private because it gets to their servers directly, but I couldn't find anyone reasonable online who actually looked into it and confirmed that.
So like, they've got all the ingredients for more stupidity, and as we've seen time and again, everything pressuring them to fuck up/enshitify is also there in the background too.
-
The developer is kind of just a sack of shit. I'm 90% sure Lemmy development is funded by either Russia or China, and I suspect Russia.
It's funded mostly by the Netherlands lol
-
"Trust" as in: trust it enough to run it on your machine.
(And assuming that you can't understand code yourself)
I know you do.
Well, you're here, aren't you?
-
The developer is kind of just a sack of shit. I'm 90% sure Lemmy development is funded by either Russia or China, and I suspect Russia.
I'm 90% sure Lemmy development is funded by either Russia or China
Why do you think so?
-
Ok first of all: GrapheneOS is great, probably the best alternative Android OS, but their PR skills are rock bottom. Still, many ignore that due to how good it is.
With that said, I don't believe their claim that it's impossible for them to target a user with a malicious OTA: their reason is basically that the update server never even knows who is downloading, and so it can't send a different file to just one user. That's true, but thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.
I trust them not to do it, for many reasons, but technically they could. I also don't think they'd do it to Louis, despite the beef they have with him.
Well, the fact is it is impossible to target someone with a modified update. The update client sends no IDs to the server, it just fetches static files and determines whether it needs to update or not. The server only has static files.
thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.
That would be very obvious in the code. And how would devices be targeted if GrapheneOS project members don't know the unique IDs because they're not sent in the first place? There are also community members who build GrapheneOS on their own and check if the builds match because GrapheneOS builds are reproducible. It just isn't possible. But even if people don't believe all of that, they can still disable the updater app and sideload updates manually. Instructions are on the website.
-
That doesn't mean it's not also funded by China or Russia. They've been able to work on Lemmy for a while without much public funding.
They get donations, and people can just do stuff on the side
