• 0 Posts
  • 2 Comments
Joined 1 year ago
cake
Cake day: June 15th, 2023

help-circle

  • The point of open source isn’t necessarily that you can self host it for free. If you want to only use services you can host yourself that’s fine, but that doesn’t make proton’s model wrong or bad.

    As for the server, you have no way to verify they’re running what is in the repo, so you have to trust them anyway. Open sourcing the server-side components doesn’t accomplish anything other than making their spam filtering easier to bypass.

    In models like this (and bitwarden), all the magic happens on the client (which IS open source), so the server can be dumb and more or less untrusted. If you use the Open source bridge application you don’t even have to trust the JavaScript coming from the server. I can compile the bridge and mobile clients myself and have reasonable confidence that things haven’t been tampered with without having to trust the server despite it being proprietary.