It's honest. You can trust Ljdawson with your lemmy data, I do, but that's the nature of closed source.
I don't think the warning needs to be that big though heh.
π
Welcome to the official Sync for Lemmy community.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
1- No advertising or spam.
All types of advertising and spam are restricted in this community.
Artwork and community banner by: @MargotRobbie@lemmy.world
It's honest. You can trust Ljdawson with your lemmy data, I do, but that's the nature of closed source.
I don't think the warning needs to be that big though heh.
Exactly. On one hand, I have LJ whose app I've used for over 10 years and never had a problem with. On the other is an open source app I know nothing about and I'm not going to pour over code to inspect.
LJ Burns me? I'll find a new app. So far it's never happened in the last decade.
I'm playing the extremely long con...
That's what everyone else thinks... so I probably should too...
I find warnings like this rather amusing, because unless you compiled it yourself, even an open source application could secretly have malicious data-harvesting code added to it.
F-Droid has verified and reproducible builds.
On the Play Store or iOS App Store, though, anything goes.
Well this also assumes you trust fdroid but yeah
Eh I think that's fair. You don't have to trust fdroid per se, so much as trust that they're not collaborating with a specific developer. It's a much, much narrower condition. (Or alternatively, trust in their competence to have developed a system that works, but not that they are doing things without being malicious, which is a worthwhile discussion, but not quite the same as the one we're having here.)
Isn't the point of open source that you can check the code for yourself though? Can't do that with closed source
Have you?
Or are you just trusting someone else?
I trust LJ
Have I what? Read all open source code? I was replying to someone else, and not about any particular app. It's just way harder to sneak something malicious into open source code than closed source, trust only gets you so far. It's just common sense.
You can check the code for unintentional vulnerabilities, or intentionally added in by a contributor, but you can't do anything about something intentionally added in later in the process by the person responsible for managing the build and distribution of the application.
Makes sense to be on that site, since a lot of Lemmy users are probably interested at least in part due to the FOSS nature of it. Maybe it doesn't need to be phrased as a "warning" though, more just as an FYI. Seems like it could scare people away thinking it's a data harvesting tool, but such is life.
yea it would be better if they were just marked as either open or closed
The app does have ads(which may collect data) and it's also closed source. They are not lying.
It is logical. With open source software, the source code is out there for everyone to see how user data is being handled. But with closed source, you can't, it's a black box, so you have to trust the developer on how user data is handled.
I mean yeah, it's a closed source app. The most that could possibly be collected is your IP alongside browsing habits. Your ISP already does that and definitely doesn't care who gets it, so anyone who is concerned already uses a VPN.
You can collect a helluvalot more than that. Take a look at Threadsβ permissions. You can collect just heaps of user data if youβd like.
Agreed, certainly possible, but I haven't personally granted Sync permissions to anything except notifications.
It is what it is. When the app is this good, the warning doesn't matter all that much. You can tell by the activity on this community that Sync is one of the most popular apps anyway.
Btw, that's the first time I've seen the redesigned join-lemmy site and it's pretty slick imo. Not sure when they updated it, but it definitely didn't look like that when I joined π
So should you have that comment on every instance that you donβt own? Because whatever instance you join can collect all that information too even if the software is open source. A site owner can trawl the database and get all your private info that you supply too.
The site owner could just modify the source code they run too. It's not like, as a user, I can prove the server is running the same code that I can see in the public repo.
while i think it's not bad having this warning i can say sync's a good app you can trust. maybe the only closed source lemmy app you can trust. the last time i paid for a closed source app, it went eol way before i thought. hope lj doesn't do that π.