While looking for an app I stumbled upon this one. I followed much of the “messenger wars”, but I never heard of this one before. I know it’s Chinese but on paper it is pretty good:

  • E2EE
  • no phone number signup
  • FOSS
  • serverless

I tried it and it works well. Seems to have all the things people like but I never heard it mentioned before, any thoughts?

  • toastal@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    That’s not entirely true. “Source available” could still be read, audited, etc. but does not allow redistribution and/or modification (or restrictions to those such as can only be compiled for personal use or for nonprofits/collectives). Such a project couldn’t be labeled “open source” under the strict definition, but should still meet the important criteria for verifying any claims made about its source.

    • RovingFox@infosec.pub
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Source available if only requeated is not enough, the big benefit is when any one can at any point check the code on a whim. Not ask for a permit and wait until the company decides(if they decide or just leave you hanging) to give you a copy of the code.

      Besides the fact that even in this scenario, malicious code can be hidden.

      • toastal@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        6 months ago

        Who is suggesting the source is only available on request? You can be GPL-licensed & both hide the source from public and compile something into the source later. You can even request money to get the source and still be GPL & “open source”.

        “Source available” is just the fallback term for software whose source is, surprise, available (publicly or not), but isn’t redistributable or allowed to be modified (or has restrictions about who can redistribute or modify). This is why I get leery about the usage of “open source” & having a positive connotation while “source available” does not even if it can offer similar guarantees (& one could argue it could offer more user freedoms by prohibiting the capitalist/exploitative elements–ala Commons Clause or similar–but then the software can’t fit the narrow “open source” definition). This sucks since in practice something like Peer Production License or Prosperity/Parity licenses have the spirit of open source that most users colloquially think of for the term while not being recognized by the OSI (who get to define the narrow usage of “open source”).

        Digression aside: in terms of being able to read the source for auditing, “open source” does not necessarily guarantee any more availability than “source available” for the purpose assessing privacy.

        (You can take your downvote back now)