• John Richard
    link
    fedilink
    English
    -26 months ago

    You realize that Microsoft code is inspected as well, even more heavily and regulated… and yet they still end up with major breaches. Security evolves through open source collaboration and inspection by experts that aren’t being paid to say you’re doing a good job.

    • sunzu
      link
      fedilink
      16 months ago

      You are making a lot good points… But is there any other practical solution?

      Seems this is the best a normie on budget can get

      • lastweakness
        link
        fedilink
        English
        36 months ago

        They’re not actually good points at all… Proton’s open sourcing of the clients is for the purpose of trust in terms of security and privacy. The backend doesn’t matter because the point is that the data is encrypted before it ever gets to the backend. The goal with Proton’s open sourcing is not the ability to make it self-hostable. Sure, a lot of concerns are valid, but this isn’t like Microsoft or Google. Nearly all of Proton is verifiably and provably secure. Well, at least as long as you trust the web clients being served are the ones whose code is publicly available. But again… You can’t verify that with any SaaS. Such a risk is even present with self-hosting tbh. But that’s another discussion.