Privacy

32875 readers

1083 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Closed source for privacy (discuss.online)

submitted 6 days ago by [email protected] to c/[email protected]

28 comments fedilink hide all child comments

I recently learned that my company prefers closed-source tools for privacy and security.

I don't know whether the person who said that was just confused, but I am trying to come up with reasons to opt to closed-source for privacy.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 27 points 6 days ago* (last edited 6 days ago) (6 children)

In my experience the "privacy and security" argument is a smokescreen.

The real reason is that it makes someone else responsible for zero-days occuring, for the security of the tool, and for fixing security problems in the tool's code. With open source tools the responsibility shifts to your cybersecurity team to at least audit the code.

I don't know about your workplace, but there's no one qualified for that at my workplace.

A good analogy: If you build your house yourself, you're responsible for it meeting local building codes. If you pay someone else to build it, you can still have the same problems, but it's the builder's responsibility.

[–] [email protected] 7 points 6 days ago (4 children)

That smokescreen argument makes a lot of sense. Both the company and our clients, tend to opt for ready out-of-the-box proprietary solutions, instead of taking responsibility of the maintenance.

It doesn't matter how bad or limiting that proprietary option is. As long as it somewhat fits our scenario and requires less code, it's fine.

[–] 0x0 8 points 6 days ago (1 children)

instead of taking responsibility

This is why, they prefer to shift the blame in case it hits the fan. That's all, that's it.
They don't care about code quality, maintainability or whatever.

[–] [email protected] 4 points 6 days ago

When you get right down to it, it's all risk management.

load more comments (2 replies)

load more comments (3 replies)