These are all good points and I have nothing to argue about with this comment. I really just wanted someone to answer the issue raised instead of changing the subject, and you’ve done that.
As for the linked comment, there are ways to verify that backend code is the same as open source. Not on a software level of course, but if you trust audits for logging practices presumably you can trust them for checking that the code base is the same.
Also you can verify that a web client is running the same code as open sourced, especially if it’s a scripted client, since it would deliver code uncompiled. You can also check the signatures of binaries. Most people won’t do this, but it only takes one security expert to check and discover that there’s a discrepancy. If they then decompile it and find malware, that’s the ballgame. Trust gone. There’s a strong incentive for a premium service whose main selling point is privacy and transparency to never even flirt with that.
I agree that Proton has made themselves about as trustworthy as any private company can be, and maybe with the shift to foundation they can alter their model to not rely on being the singular operator. However, when you say “good for us, bad for business”, that’s the issue. The reason the fediverse works is that nobody can develop a monopoly on it. I mean, you’ve already said that ideally it should all be open source, so we agree on that too.
I understand that a closed backend isn’t a deal breaker for a lot of people and that makes sense given the client side encryption. It’s just that it is a potential problem in the longer term. It’s an artefact of them having to exist in a capitalist context. Maybe they’ll find a way through without succumbing to capitalist logic. I certainly hope they can.
In general, I agree with you. I would very much prefer if they did more open sourcing too. Just want to address some additional stuff.
especially if it’s a scripted client, since it would deliver code uncompiled.
Unfortunately, this isn’t really true anymore because of the necessity of minification. It introduces obscurity but is necessary for performance. But yes, the rest is correct, which is why I specified “web clients”. You can verify the native clients, which is why native clients are so important imo. The concern of a hacked server serving a keylogging web client is unfortunately very real. Kind of makes it impossible to fully trust any SaaS at all.
if you trust audits for logging practices presumably you can trust them for checking that the code base is the same
The thing is, they already do public third party audits already. You can view their audit reports on their site. This is unlike companies like Google and Microsoft who conduct audits and keep the reports private. If you end up having to trust third party audits anyway, it doesn’t help their model of trust since they do already do that in a transparent manner.
But yeah… stuff like the monopoly is kind of intentional. The exports are a mitigation, a huge one at that. Proton Mail exports are supported by services like FastMail, Proton Pass exports are supported by Bitwarden, etc. But in the end, the best case scenario would be some level of open sourcing. It’s just that this “monopoly” is by design. For better or for worse, the fact that there is only one Proton is also good for Proton’s model of trust tbh since the user doesn’t have to wonder if the “instance” they’re using is a good one for example. The fediverse model will not work for something that is so heavily based on trust. Proton wants to appeal to the general user, more than us folks… for better or for worse…
I hope they succeed too. I don’t trust many companies. Proton has been one of the exceptions and I hope it stays that way…
These are all good points and I have nothing to argue about with this comment. I really just wanted someone to answer the issue raised instead of changing the subject, and you’ve done that.
As for the linked comment, there are ways to verify that backend code is the same as open source. Not on a software level of course, but if you trust audits for logging practices presumably you can trust them for checking that the code base is the same.
Also you can verify that a web client is running the same code as open sourced, especially if it’s a scripted client, since it would deliver code uncompiled. You can also check the signatures of binaries. Most people won’t do this, but it only takes one security expert to check and discover that there’s a discrepancy. If they then decompile it and find malware, that’s the ballgame. Trust gone. There’s a strong incentive for a premium service whose main selling point is privacy and transparency to never even flirt with that.
I agree that Proton has made themselves about as trustworthy as any private company can be, and maybe with the shift to foundation they can alter their model to not rely on being the singular operator. However, when you say “good for us, bad for business”, that’s the issue. The reason the fediverse works is that nobody can develop a monopoly on it. I mean, you’ve already said that ideally it should all be open source, so we agree on that too.
I understand that a closed backend isn’t a deal breaker for a lot of people and that makes sense given the client side encryption. It’s just that it is a potential problem in the longer term. It’s an artefact of them having to exist in a capitalist context. Maybe they’ll find a way through without succumbing to capitalist logic. I certainly hope they can.
In general, I agree with you. I would very much prefer if they did more open sourcing too. Just want to address some additional stuff.
Unfortunately, this isn’t really true anymore because of the necessity of minification. It introduces obscurity but is necessary for performance. But yes, the rest is correct, which is why I specified “web clients”. You can verify the native clients, which is why native clients are so important imo. The concern of a hacked server serving a keylogging web client is unfortunately very real. Kind of makes it impossible to fully trust any SaaS at all.
The thing is, they already do public third party audits already. You can view their audit reports on their site. This is unlike companies like Google and Microsoft who conduct audits and keep the reports private. If you end up having to trust third party audits anyway, it doesn’t help their model of trust since they do already do that in a transparent manner.
But yeah… stuff like the monopoly is kind of intentional. The exports are a mitigation, a huge one at that. Proton Mail exports are supported by services like FastMail, Proton Pass exports are supported by Bitwarden, etc. But in the end, the best case scenario would be some level of open sourcing. It’s just that this “monopoly” is by design. For better or for worse, the fact that there is only one Proton is also good for Proton’s model of trust tbh since the user doesn’t have to wonder if the “instance” they’re using is a good one for example. The fediverse model will not work for something that is so heavily based on trust. Proton wants to appeal to the general user, more than us folks… for better or for worse…
I hope they succeed too. I don’t trust many companies. Proton has been one of the exceptions and I hope it stays that way…