franzap's avatar
franzap fran@zapstore.dev 1 year ago
Fedi, Keet and Fountain are closed source, proprietary apps popular in the wider bitcoin ecosystem. I personally feel uncomfortable installing them. Can closed source apps be considered freedom tech?

Replies (43)

PlasmaGuardian's avatar
PlasmaGuardian 1 year ago
Keet is going open source when they come out of beta, supposedly.
ponymontana💜⚡'s avatar
ponymontana💜⚡ ponymontana@nostriches.club 1 year ago
absolutely not, it's not enough to permit a sovrein individual to understand if nothing sketchy is happening; a good proprietary app is like a good goverment: just an incidental temporary condition
Derek Ross's avatar
Derek Ross derekross@grownostr.org 1 year ago
I'd say that Fedi and Keet should go open source, but Fountain is just a podcast app and open sourcing their app to make sure they're not...uh...sending me subliminal messages?? isn't really a priority for me. It would be welcomed, but I don't consider Fountain "freedom technology".
Default avatar
npub18z6q...n6df 1 year ago
As long as such app is nostr based and supports nsecbunker and nip-07 - Yes
franzap's avatar
franzap fran@zapstore.dev 1 year ago
Yeah agree. My main issue is internet connectivity. It's currently very difficult to know if two proprietary Android apps are sending messages to each other and leaking private information. There is no app isolation at this level even in GrapheneOS.
EZ's avatar
EZ ez@primal.net 1 year ago
The fact that you'd need to ask for permission to view the source code to evaluate it tells you all you need to know
Niel Liesmons's avatar
Niel Liesmons 1 year ago
It makes them less interoperable. It's bad UX not to have verifiers. It's bad marketing. I don't mind anyone considering them anything. It's a losing strategy on an open protocol.
UNLICENSED MONEY TRANSMITTER's avatar
UNLICENSED MONEY TRANSMITTER david@foreverlaura.net 1 year ago
since fedi is practically just keeping pieces of strings for you (no cryptography as an ecash end user), i guess it’s tolerable. fountain is also an LN custodian with no client side cryptography afaik. as for keet i never used it so don’t know open source is mostly critical for applications that implement cryptographic protocols, to be able to verify they are not backdoored
UNLICENSED MONEY TRANSMITTER's avatar
UNLICENSED MONEY TRANSMITTER david@foreverlaura.net 1 year ago
that's a different issue, but for this you'll have to have visibility into the code that your counterparty runs, and that's impractical you can use tor or vpn, and provide as little information as possible to the process that runs on your machine, but you can never validate what information your counterparty keeps and how it uses it
Default avatar
npub1c7rl...8vcp 1 year ago
it is mostly open source already, the open bit is called pear pears.com
Default avatar
npub1c7rl...8vcp 1 year ago
the fedi is open source and keet is mostly open already with the remaining coming
ponymontana💜⚡'s avatar
ponymontana💜⚡ ponymontana@nostriches.club 1 year ago
client side scanning. Whatsapp is closed source, and could implement a switch that can be remotely enabled by them that makes your client to start scanning your messages + upload plain text messages to their server in case it reveal some particular words. Just a possible example of a backdoor well obfuscated in binary release that doesnt deal with crypto. This backdoor with open source and reproducible builds would be pretty impossible, but with closed source complex apps it is realistic and possible at least...