Skip Navigation

Posts
11
Comments
1,440
Joined
2 yr. ago

  • There's a certain point where it just comes down to trust. And if you distrust a company enough that you think they aren't posting the same code to the git repository that they say they are, then maybe that's when you shouldn't be doing business with them.

    This is the case with all organizations, corporate or otherwise.

  • My apologies. Your comment came off (to me anyway) as the former.

  • So, I just looked it up and apparently their official stance is that auditing is questionably effective and thus unnecessary:

    Our software is free and open source, while we repute at the moment [it's] not acceptable to provide external companies with root access to our servers to perform audits which can not anyway guarantee future avoidance of traffic logging or transmission to third parties. On the contrary, we deem very useful anything related to penetration tests. Such tests are frequently performed by independent researchers and bounty hunters and we also have a bounty program.

    In other words, their reasoning seems to be:

    1. Their software is free and open source, so if it does logs anything, the community would find out, so in this sense the community is the independent auditors;
    2. There's no stopping an audited party from ceasing to log right before the audit and start up again after the audit ends, so an audit is kind of toothless anyway;
    3. Regarding penetration tests, they already have independent testing done as well as a bounty program.

    Personally, I don't entirely agree with points #2 and #3 (though I can see their points), but point #1 is fair I suppose. In my opinion, though, it should not be up to the users to hold the company accountable; and there is a difference between penetration tests and log auditing, as the former I believe are merely to check the resilience against outside hacking.

    My end impression is that judging from their other documentation and forum posts, the fact that their software is fully open-source, and their past behavior in accordance with their stated values, I think I'm inclined to believe them. However, it is somewhat worrying nevertheless that there isn't log auditing involved regardless of their actions.

     


    Edit: Clarification

  • What do you mean? Are they not good for privacy or security? They seem definitely more zealous about that on their FAQs and forum pages than, say, ProtonVPN, for sure.

  • Fair enough. We all have our preferences. :)

  • ProtonVPN also has port-forwarding.

    That being said, last time I tried it, their Linux GUI was abysmal, though I hear they recently did a revamp. I haven't used it yet though so I can't speak on it beyond that.

    Just something to keep mind.

     


    Edit: Syntax.

  • I didn't know that. Thanks!

    Which distros, out of curiosity?

  • Maybe. I'm busy right now.

    I might do it later. Maybe I'll do it on

    🎵 FRIDAY FRIDAY GOTTA GET DOWN ON FRIDAY 🎵

  • THANK you for the advice. I will keep that in mind. I might start writing today while I'm at work. :)

  • Lol, that's why I said yet. Give it another couple years; we might have started plasma cannons out of toothpicks and bra straps. Haha.

  • Wow, thanks for all the information! Very fascinating, I think. I enjoyed reading it! :)

  • That is a good example. Thanks.

  • Yeah, not all games work on Linux in all situations though. It depends for example on

    • which distro you have,
    • whether you have an Nvidia or AMD GPU (for example, SWTOR evidently runs fine through Lutris, but didn't last time I tried with an Nvidia GPU, so that might better with AMD—same thing happened with Dragon Age: Origins)
    • what driver for either you have installed (Nvidia is getting better, but good gods the flickering could be better with some of their driver versions—games may play without being playable, after all),
    • whether your computer's firmware is even Linux-compatible, let alone Linux-friendly (I know Lenovo laptops used to suck in this regard—they might still, though I don't).

    So, no, although it's gotten a LOT better in the last 5 years, the notion that it "just works" is only situationally correct, and is by no means correct to the extent that justifies ridiculing those who say that it is not so plug-and-play as what is claimed.

    Furthermore, doing so only sets up new Linux users without the optimal hardware or firmware for disappointment due to unrealistic expectations.

  • I'll be married for 5 years next month. We haven't killed each other (yet)!

    That's good news!