• 0 Posts
  • 59 Comments
Joined 1 year ago
cake
Cake day: June 29th, 2023

help-circle











  • They’ve been around for 10 already. They will be around longer too, given that they’re profitable, which they’ve continued to be. They also aren’t under any legal pressure because they’ve complied with government requests, just with limited data because that’s all the data they store. Their client software, which is where the encryption happens, is all audited and open sourced. Any reason to distrust them would really be baseless right now. At the very least, they are definitely better than Google when it comes to trust…



  • It just needs to be "owning* in the way physical media without DRM works. That is data too after all. The ability to sell your copy of the data or have your friend borrow.

    Yes, DRM-free is the closest thing, never argued otherwise. I’m also not arguing the services offered by GOG are part of “ownership”. The lack of an ability to download a game at any point is just a part of the fact that GOG too is simply licensing in the end. But yes, GOG is still the closest thing to “owning” games. Which is why it sucks that so many titles on GOG have DRM despite the claims btw…

    I’m really only arguing one thing: piracy is better than GOG right now in every single way. You don’t have to worry about hidden DRM. You don’t have to worry about account creation bullshit. You don’t have to worry about anything else. You just download, hit play and it works every single time. If I send the copy to a friend, it will still work.

    Piracy has always been closer to “owning” than GOG, so GOG should at least have some other tangible benefits over piracy. But right now, they don’t.


  • At that point, why not buy the game on any platform of your choosing and just pirate it when it stops being accessible on the platform you bought it on? I understand wanting to support GOG, I “own” a lot of games on GOG as well. But it’s not really “owning” even on GOG if at some point, I could lose the ability to download the game.

    Any game that isn’t available as a pirated game isn’t going to be on GOG anyway… The problem here is that GOG needs to be better than piracy in any tangible way and right now, that’s not the case. It would be the case for me if GOG Galaxy was available on Linux but it’s not, as one example.



  • And there’s no competition to OneNote and Office in Open Source land.

    I’m curious what is missing between OneNote and something like Obsidian or any of the other notes apps.

    I completely understand office though, i find OnlyOffice good enough that i run it even on my Windows setups but I can imagine there being features, keybindings, etc that are not present in any of the alternatives. I’ve also seen a lot of people switch to using Google Docs exclusively since it helps with collaboration anyway, but I hate how poorly it runs…

    because I need shit to just function.

    Yeah some things are just not there yet too, like VR… So understandable


  • In general, I agree with you. I would very much prefer if they did more open sourcing too. Just want to address some additional stuff.

    especially if it’s a scripted client, since it would deliver code uncompiled.

    Unfortunately, this isn’t really true anymore because of the necessity of minification. It introduces obscurity but is necessary for performance. But yes, the rest is correct, which is why I specified “web clients”. You can verify the native clients, which is why native clients are so important imo. The concern of a hacked server serving a keylogging web client is unfortunately very real. Kind of makes it impossible to fully trust any SaaS at all.

    if you trust audits for logging practices presumably you can trust them for checking that the code base is the same

    The thing is, they already do public third party audits already. You can view their audit reports on their site. This is unlike companies like Google and Microsoft who conduct audits and keep the reports private. If you end up having to trust third party audits anyway, it doesn’t help their model of trust since they do already do that in a transparent manner.

    But yeah… stuff like the monopoly is kind of intentional. The exports are a mitigation, a huge one at that. Proton Mail exports are supported by services like FastMail, Proton Pass exports are supported by Bitwarden, etc. But in the end, the best case scenario would be some level of open sourcing. It’s just that this “monopoly” is by design. For better or for worse, the fact that there is only one Proton is also good for Proton’s model of trust tbh since the user doesn’t have to wonder if the “instance” they’re using is a good one for example. The fediverse model will not work for something that is so heavily based on trust. Proton wants to appeal to the general user, more than us folks… for better or for worse…

    I hope they succeed too. I don’t trust many companies. Proton has been one of the exceptions and I hope it stays that way…


  • would be good, actually.

    Good for us. Bad for business. I explained this in another comment too but Proton’s idea of “open source” is simply to build trust in the security and privacy offered by the service. At least, as much as you can trust any SaaS.

    but then why not share the server side code?

    And to answer this… Well, business and practicality… One more than the other ofc unfortunately… Why would they take on the additional burden of making it self-hostable, make the backend fully open source, etc just to make competition for themselves? And that maintenance burden is huge btw, especially when the backend was probably never intended for self-hosting in the first place.

    If Proton, as a company or foundation, didn’t keep making the right decisions in terms of privacy and security, we might have had a reason to doubt their backend. But so far, there’s been nothing. And steps like turning to a foundation-based model just inspires more trust. By using client-side encryption, even within the browser, they’re trying to eliminate the need for trusting the closed source backend. Open sourcing the backend wouldn’t improve trust in the service itself anyway since you can’t verify that the code running in the backend is the same as the open sourced code. If you’re concerned about data, they also offer exports in open formats for every service they offer.

    Why wouldn’t you trust them just because their backend is closed source? Ideologically, yeah I’d like them to open source absolutely everything. But as a service, whose income source is exclusively the service itself, how can it make sense for them to open source the backend when it cannot tangibly benefit their model of trust?

    My other comment regarding proton and trust: https://lemmy.world/comment/11003650