In general, I agree with you. I would very much prefer if they did more open sourcing too. Just want to address some additional stuff.
especially if it's a scripted client, since it would deliver code uncompiled.
Unfortunately, this isn't really true anymore because of the necessity of minification. It introduces obscurity but is necessary for performance. But yes, the rest is correct, which is why I specified "web clients". You can verify the native clients, which is why native clients are so important imo. The concern of a hacked server serving a keylogging web client is unfortunately very real. Kind of makes it impossible to fully trust any SaaS at all.
if you trust audits for logging practices presumably you can trust them for checking that the code base is the same
The thing is, they already do public third party audits already. You can view their audit reports on their site. This is unlike companies like Google and Microsoft who conduct audits and keep the reports private. If you end up having to trust third party audits anyway, it doesn't help their model of trust since they do already do that in a transparent manner.
But yeah... stuff like the monopoly is kind of intentional. The exports are a mitigation, a huge one at that. Proton Mail exports are supported by services like FastMail, Proton Pass exports are supported by Bitwarden, etc. But in the end, the best case scenario would be some level of open sourcing. It's just that this "monopoly" is by design. For better or for worse, the fact that there is only one Proton is also good for Proton's model of trust tbh since the user doesn't have to wonder if the "instance" they're using is a good one for example. The fediverse model will not work for something that is so heavily based on trust. Proton wants to appeal to the general user, more than us folks... for better or for worse...
I hope they succeed too. I don't trust many companies. Proton has been one of the exceptions and I hope it stays that way...
would be good, actually.
Good for us. Bad for business. I explained this in another comment too but Proton's idea of "open source" is simply to build trust in the security and privacy offered by the service. At least, as much as you can trust any SaaS.
but then why not share the server side code?
And to answer this... Well, business and practicality... One more than the other ofc unfortunately... Why would they take on the additional burden of making it self-hostable, make the backend fully open source, etc just to make competition for themselves? And that maintenance burden is huge btw, especially when the backend was probably never intended for self-hosting in the first place.
If Proton, as a company or foundation, didn't keep making the right decisions in terms of privacy and security, we might have had a reason to doubt their backend. But so far, there's been nothing. And steps like turning to a foundation-based model just inspires more trust. By using client-side encryption, even within the browser, they're trying to eliminate the need for trusting the closed source backend. Open sourcing the backend wouldn't improve trust in the service itself anyway since you can't verify that the code running in the backend is the same as the open sourced code. If you're concerned about data, they also offer exports in open formats for every service they offer.
Why wouldn't you trust them just because their backend is closed source? Ideologically, yeah I'd like them to open source absolutely everything. But as a service, whose income source is exclusively the service itself, how can it make sense for them to open source the backend when it cannot tangibly benefit their model of trust?
My other comment regarding proton and trust: https://lemmy.world/comment/11003650
They're not actually good points at all... Proton's open sourcing of the clients is for the purpose of trust in terms of security and privacy. The backend doesn't matter because the point is that the data is encrypted before it ever gets to the backend. The goal with Proton's open sourcing is not the ability to make it self-hostable. Sure, a lot of concerns are valid, but this isn't like Microsoft or Google. Nearly all of Proton is verifiably and provably secure. Well, at least as long as you trust the web clients being served are the ones whose code is publicly available. But again... You can't verify that with any SaaS. Such a risk is even present with self-hosting tbh. But that's another discussion.
Nearly all of Proton's stuff uses publicly verifiable client side encryption, so idk what all this is about
Some people can also just have health issues, but i get your point
CPU usage is famously terrible with Electron, which i also pointed out in the comment you're replying to. But yes, having multiple chromium instances running for each "app" is terrible
Yes, it really is that bad. 350 MBs of RAM for something that could otherwise have taken less than 100? That isn't bad to you? And also, it's not just RAM. It's every resource, including CPU, which is especially bad with Electron.
I don't really mind Electron myself because I have enough resources. But pretending the lack of optimization isn't a real problem is just not right.
They didn't just quadruple. They're orders of magnitude higher these days. So content is a real thing.
But that's not what's actually being discussed here, memory usage these days is much more of a problem caused by bad practices rather than just content.
So we're just going to ignore stuff like Electron, unoptimized assets, etc... Basically every other known problem... Yeah let's just ignore all that
The people you described aren't the ones being harassed
I think it's very hypocritical of you to assume that and then call me out for assuming something similar. And then you call this harassment? I made an assumption based on an assumption you felt free to make. But when I make a similar assumption, that's harassment?
If you are so confident in vegans harrassing almost-vegans who try to live without animal products, please name a single instance.
I've personally experienced it, both in real life and on social platforms, including lemmy. I just make it a point to try and avoid interactions like that these days. I don't go into vegan communities despite being really enthusiastic about stuff like meat substitutes because around 50% of my interactions have been terrible. And 50% is a terrible number btw. The false equivalences, the assumptions and other issues even in this post's comments section is kind of alarming. But yeah... Play a victim if that's what suits you i guess.
I like the concept of veganism, but your community isn't the best to outsiders. One day that too will change hopefully.
What vegan is out there calling non-vegans rapists?
I've been told that before. Not being vegan implies you support terrible breeding practices which makes you a rapist... apparently... Which is especially dumb considering nobody likes the terrible breeding practices to begin with
You could write a script to automatically watch for new files in a folder and strip metadata from every file i guess. I had done something like that for images way before.
Sounds delicious
Use it but don't rely on it. Celeste uses rclone. The rclone support was temporarily disabled from Proton's end a while back and also, the rclone backend still has a bunch of bugs and the developer seems to have gone missing
I installed Windows on a device yesterday. I had to switch to the command prompt and type in "OOBE\BYPASSNRO" in order to just not connect it to the internet and skip the Microsoft sign in prompt. And that seems to work for the most part. Sending diagnostic data is still required and not optional but ah well.
A few days ago on another friend's setup, he didn't know that this option existed (who does really), so he signed up for a Microsoft account, logged in and his Documents and other folders were automatically getting synced to OneDrive. Now, for you and me, we understand that just uninstalling OneDrive should fix that or even just disable that feature itself. But this is opt-out and not opt-in. And he doesn't really understand it's getting synced, he simply sees that there's oddly increased data usage. This is the kind of person who will have recall enabled without ever realising it exists or even using it, but will still have it as a potential security issue waiting to happen on his setup.
It's all the opt-ins that Microsoft does. Everything defaults to "yes, do that worst thing possible". And you and me will probably switch it off, but we're not the average person. The average person doesn't understand or care.
Look man, irrespective of who i originally intended to reply to, you responded to me by saying I was simply blaming the user. Which clearly wasn't the case. If you think his initial anecdote at all is realistic, then you haven't really used any well established distro in a while. Accessing an SMB share especially is very very straightforward right now if nothing else.
Void is a distro that doesn't use systemd. That alone would put it out of the contest, let alone being the top-rated distro... It's fine to not understand why that is, but again, you could have just asked on any community. Again man, stop complicating stuff for yourself... And I never said you're incompetent, you're probably really good at this stuff, I feel like you just haven't taken the time to read through and understand. And again, even that would be fine, just don't blame Linux in its entirety. Linux is too broad to be blamed in its entirety.
If you go by hype alone, NixOS is probably the most popular distro right now, doesn't mean I'm going to recommend it to you.
Use an actually well-established distribution like Fedora, OpenSUSE Tumbleweed, Ubuntu or Linux mint. Use Plasma if you can. Use Flatpaks for packages where possible and use the native repository otherwise. It's pretty much that easy these days. I even use the Steam flatpak for gaming nowadays. Grass is pretty green over here now, and I'm saying that as someone who does still use Windows. I use Windows both at work and for certain games. So it's not like I'm out of touch either.
Sorry if that post felt rage fueled by the way, didn't mean it that way and wasn't in rage either. I'm just bad with conveying stuff, especially with English not being my first language :)
Yeah but that's what the guy you replied to was also saying, so you're agreeing with him right? (Genuinely asking because I'm not sure i understand you, no ill will, i hope you understand)