There is some logic here, having a business relationship with a party that now has a contractual duty to you, is a stronger guarantee than an open source project.
For instance Windows is source available, to many businesses, so in one sense it’s open source, and the other sense is closed source. From a business perspective that’s a reasonable trade-off sometimes
Strong agree. Session is not security focused it’s marketing focused. Last I checked they still use central servers for file uploads.
In a short 10-15 years we will see a resolution to this case and be able to have closure. A blink of a eye.
It does work really well as a copy paste buffer
Because the architecture is centralized, a law can target signal. Currently signal is hosted in the United States, a law United States writes could take it down
This is just a fancy digital extortion service. Charge a fee to remove inconvenient data
Buying stuff with cash is explicitly illegal now?
Not despite… Because of and accelerated by
dog piling machine too!
Thats a good point, but it looks like they still let you use your own keys if you want to, but they even say 90% of apps let google sign on their behalf. yeah, ok, full trust with google then.
Before 2021 all apps used their own keys it seems
For Google Play: Google has root on play devices which is a separate issue, but the apps are actually signed by their developers and not google.
Yeah exactly. So pointing that out is sufficient, and it’s up to every user to decide if the benefit is worth the risk. And I’m sure for most people fdroid is a net positive.
Now, I want to change gears, and talk about annoying personalities also being really beneficial. Crazy principled people drive change in the world. The open BSD founder, RMS, the graphene founder, these are crazy unreasonable uncompromising people which are difficult to get along, but they drive change. Sometimes we need those uncompromising people. I think putting up with them is the cost of a vibrant ecosystem.
Fdroid is introducing another trusted party to your supply chain, which should be a factor in anyone’s threat molding.
https://f-droid.org/docs/Reproducible_Builds/ However, with reproducible builds now a package is built and signed by both fdroid and the original developer, so you get a net security benefit of having a third party attesting they can independently reproduce the binary from source. Problem solved right? Well, yes but mostly no. Most projects and packages don’t have reproducible builds, so if your using fdroid for most packages your still trusting droid.
I think a lot of the online hate comes from people making assumptions that their use case and threat model applies to everyone. That’s why I prefer discourse where we just talk about the attributes and not “you should”
It’s viewable source, the license does not allow modification and distribution of the modifications. The license also reserves the right to be revoked at any time.
It’s source available, but it is not what most people would consider open source in the common usage.
tempmail.ninja
They have worked well for me, they rotate domains to avoid blockers.