this post was submitted on 20 Mar 2024
48 points (84.3% liked)

Sync for Lemmy

15188 readers
1 users here now

πŸ‘€


Welcome to Sync for Lemmy!

Download Sync for Lemmy


Welcome to the official Sync for Lemmy community.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Community Rules


1- No advertising or spam.

All types of advertising and spam are restricted in this community.



Community Credits

Artwork and community banner by: @[email protected]


founded 2 years ago
MODERATORS
 
top 28 comments
sorted by: hot top controversial new old
[–] [email protected] 55 points 9 months ago* (last edited 9 months ago) (1 children)

It's honest. You can trust Ljdawson with your lemmy data, I do, but that's the nature of closed source.

I don't think the warning needs to be that big though heh.

[–] [email protected] 16 points 9 months ago (1 children)

Exactly. On one hand, I have LJ whose app I've used for over 10 years and never had a problem with. On the other is an open source app I know nothing about and I'm not going to pour over code to inspect.

LJ Burns me? I'll find a new app. So far it's never happened in the last decade.

[–] ljdawson 44 points 9 months ago (1 children)

I'm playing the extremely long con...

[–] [email protected] 5 points 9 months ago

That's what everyone else thinks... so I probably should too...

[–] [email protected] 40 points 9 months ago (2 children)

I find warnings like this rather amusing, because unless you compiled it yourself, even an open source application could secretly have malicious data-harvesting code added to it.

[–] [email protected] 38 points 9 months ago (1 children)

F-Droid has verified and reproducible builds.

On the Play Store or iOS App Store, though, anything goes.

[–] [email protected] 4 points 9 months ago (1 children)

Well this also assumes you trust fdroid but yeah

[–] [email protected] 2 points 9 months ago

Eh I think that's fair. You don't have to trust fdroid per se, so much as trust that they're not collaborating with a specific developer. It's a much, much narrower condition. (Or alternatively, trust in their competence to have developed a system that works, but not that they are doing things without being malicious, which is a worthwhile discussion, but not quite the same as the one we're having here.)

[–] Tier1BuildABear 9 points 9 months ago (2 children)

Isn't the point of open source that you can check the code for yourself though? Can't do that with closed source

[–] [email protected] 5 points 9 months ago (1 children)

Have you?

Or are you just trusting someone else?

I trust LJ

[–] Tier1BuildABear 2 points 9 months ago

Have I what? Read all open source code? I was replying to someone else, and not about any particular app. It's just way harder to sneak something malicious into open source code than closed source, trust only gets you so far. It's just common sense.

[–] [email protected] 3 points 9 months ago* (last edited 9 months ago)

You can check the code for unintentional vulnerabilities, or intentionally added in by a contributor, but you can't do anything about something intentionally added in later in the process by the person responsible for managing the build and distribution of the application.

[–] [email protected] 37 points 9 months ago (2 children)

Makes sense to be on that site, since a lot of Lemmy users are probably interested at least in part due to the FOSS nature of it. Maybe it doesn't need to be phrased as a "warning" though, more just as an FYI. Seems like it could scare people away thinking it's a data harvesting tool, but such is life.

[–] [email protected] 4 points 9 months ago

yea it would be better if they were just marked as either open or closed

[–] [email protected] 35 points 9 months ago

The app does have ads(which may collect data) and it's also closed source. They are not lying.

[–] [email protected] 29 points 9 months ago

It is logical. With open source software, the source code is out there for everyone to see how user data is being handled. But with closed source, you can't, it's a black box, so you have to trust the developer on how user data is handled.

[–] [email protected] 8 points 9 months ago (1 children)

I mean yeah, it's a closed source app. The most that could possibly be collected is your IP alongside browsing habits. Your ISP already does that and definitely doesn't care who gets it, so anyone who is concerned already uses a VPN.

[–] [email protected] 10 points 9 months ago (1 children)

You can collect a helluvalot more than that. Take a look at Threads’ permissions. You can collect just heaps of user data if you’d like.

[–] [email protected] 4 points 9 months ago

Agreed, certainly possible, but I haven't personally granted Sync permissions to anything except notifications.

[–] [email protected] 6 points 9 months ago (1 children)

So should you have that comment on every instance that you don’t own? Because whatever instance you join can collect all that information too even if the software is open source. A site owner can trawl the database and get all your private info that you supply too.

[–] BradleyUffner 4 points 9 months ago

The site owner could just modify the source code they run too. It's not like, as a user, I can prove the server is running the same code that I can see in the public repo.

[–] [email protected] 6 points 9 months ago

It is what it is. When the app is this good, the warning doesn't matter all that much. You can tell by the activity on this community that Sync is one of the most popular apps anyway.

Btw, that's the first time I've seen the redesigned join-lemmy site and it's pretty slick imo. Not sure when they updated it, but it definitely didn't look like that when I joined πŸ˜…

[–] [email protected] 3 points 9 months ago

while i think it's not bad having this warning i can say sync's a good app you can trust. maybe the only closed source lemmy app you can trust. the last time i paid for a closed source app, it went eol way before i thought. hope lj doesn't do that πŸ™‚.