Fedi, Keet and Fountain are closed source, proprietary apps popular in the wider bitcoin ecosystem.
I personally feel uncomfortable installing them.
Can closed source apps be considered freedom tech?
Discussion
absolutely not, it's not enough to permit a sovrein individual to understand if nothing sketchy is happening; a good proprietary app is like a good goverment: just an incidental temporary condition
I'd say that Fedi and Keet should go open source, but Fountain is just a podcast app and open sourcing their app to make sure they're not...uh...sending me subliminal messages?? isn't really a priority for me. It would be welcomed, but I don't consider Fountain "freedom technology".
Yeah agree.
My main issue is internet connectivity. It's currently very difficult to know if two proprietary Android apps are sending messages to each other and leaking private information. There is no app isolation at this level even in GrapheneOS.
Does Fountain allow nostr log in? If so, does it ask for an nsec?
They do not. They only allow you to add your npub for a Nostr address I believe. nostr:npub1unmftuzmkpdjxyj4en8r63cm34uuvjn9hnxqz3nz6fls7l5jzzfqtvd0j2 did mention a long while ago about tighter integrations.
Fountain still has data on users just like Spotify.
Agreed. Not every app needs to be, or is going to be, freedom tech. That's OK.
As long as such app is nostr based and supports nsecbunker and nip-07 - Yes
e.g. Yakihonne
The fact that you'd need to ask for permission to view the source code to evaluate it tells you all you need to know
It makes them less interoperable.
It's bad UX not to have verifiers.
It's bad marketing.
I don't mind anyone considering them anything. It's a losing strategy on an open protocol.
Agree!
I like the unverifiable/unreproduceable tag.
I've been thinking about these projects and I can't use them till their is a change.
since fedi is practically just keeping pieces of strings for you (no cryptography as an ecash end user), i guess it’s tolerable. fountain is also an LN custodian with no client side cryptography afaik. as for keet i never used it so don’t know
open source is mostly critical for applications that implement cryptographic protocols, to be able to verify they are not backdoored
Unfortunately it's not only about funds, we can be rugged our privacy too
that's a different issue, but for this you'll have to have visibility into the code that your counterparty runs, and that's impractical
you can use tor or vpn, and provide as little information as possible to the process that runs on your machine, but you can never validate what information your counterparty keeps and how it uses it
no, its possible to backdoor apps in a lot of ways, not only faulted crypto implementations
like?
client side scanning.
Whatsapp is closed source, and could implement a switch that can be remotely enabled by them that makes your client to start scanning your messages + upload plain text messages to their server in case it reveal some particular words.
Just a possible example of a backdoor well obfuscated in binary release that doesnt deal with crypto. This backdoor with open source and reproducible builds would be pretty impossible, but with closed source complex apps it is realistic and possible at least...
of course, but i only relate to the functionality of fedi for LN payments and of fountain. can’t think of any information too sensitive they cannot figure out by the server
i take it this fedi is not the fediverse?
fedi app for fedimints
its open? https://github.com/fedimint/fedimint
there is a new layer 2 called pearcredit planned
Join me on Keet.io - The Psychedelic Libertarian Repository (no expiry)
pear://keet/yry5f6hctja4dwbmpfxbpngqgjp6oiz3hqtzhimcseumfusi3koaeykkdtpe7u4pkubpkt4tykmjrpknr5an9ncjnw63w711x1q8pmkeqc
I hope Keet will be open sourced
it is mostly open source already, the open bit is called pear pears.com
Never
Not even once.
No. Simple as that.
Top