Privacy

34247 readers

1197 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

When a service advertise as 100% open source, do you expect the website to be open-source too? (lemmy.world)

submitted 1 year ago by LunchEnjoyer@lemmy.world to c/privacy@lemmy.ml

13 comments fedilink hide all child comments

Long title, wopsi.

Recently been checking out PIA VPN service(for research purposes), and they advertise their services to be 100% open source. However when checking their Github they don't seem to have their code base for website there.

So this have had me wondering, when you hear the term 100% open source. Do you expect ALL of what they do, including website part, to be open source? Or just the application / service that they offer?

Lemmyknow your thoughts!

you are viewing a single comment's thread
view the rest of the comments

[–] PeachMan@lemmy.world 24 points 1 year ago (4 children)

It's pretty common for companies like that to advertise that their app is 100% open source, but then stop short of guaranteeing anything beyond that. In PIA's case, I would point out that their infrastructure (the servers that they use to route your traffic) are closed, so they could be doing literally anything in there. Their desktop client being open source doesn't actually do much to guarantee your privacy.

If you want real transparency, Mullvad is the only real option: https://mullvad.net/en/help/open-source

Having said that, I personally use PIA because it's cheaper and I don't care enough.

[–] stepanzak@iusearchlinux.fyi 4 points 1 year ago (1 children)

I think that the client is what really matters, because AFAIK you have no way to verify what's actually running on their servers.

[–] PeachMan@lemmy.world 10 points 1 year ago

Right, you can't be 100% sure, but there are measures that they can take to make you trust them a bit more. For example, I believe Mullvad runs systems in RAM and keeps no records of who uses what. You don't even have to give them your email address; they don't want it. And they submit to regular audits (provided you trust the auditors).

Also, if the client matters, then don't use their client. Use the OpenVPN client instead.

[–] LunchEnjoyer@lemmy.world 2 points 1 year ago

Thanks for the insight! Yeah aware that Mullvad is pretty much the closest to "state-of-the-art" as it gets, compared to the rest of these services in the market.

[–] inson1@lemm.ee 1 points 1 year ago (1 children)

just pay 3 eurs more for better service tbh

[–] PeachMan@lemmy.world 1 points 1 year ago

I mostly use a VPN for torrents, and not much else honestly. And Mullvad isn't very friendly to torrenters (for good reasons), they don't allow port forwarding.

[–] inson1@lemm.ee 1 points 1 year ago* (last edited 1 year ago)

Mullvad website isnt open source (https://github.com/mullvad/mullvadvpn-app/issues/5392)