![]() the number of times Raymond has told moneyed interests to fuck off), I believe that certain people are capable of holding certain principles for longer than a corporation would be able to. People can certainly lose their principles, but from observing past behavior (e.g. ![]() The incentive structure of corporations in general precludes them from being given the level of trust required for certain products.Ĭompanies swap out their internal functionaries regularly, and regression to the mean suggests that as an organization they're likely to lose any principles they may have started with. I trust the work of Jason Donenfeld (pass, wireguard) and Raymond Hill (uBlock Origin) more than the work of any corporation selling a similar product at any price. What's the solution to this problem? Open-source, inspectable, verifyable software that is maintained by a person or a community that shares your principles. Browser extensions are frequently bought for tens to hundreds of thousands of dollars by ad/tracking/malware vendors in order to quietly replace the extension with one that does their bidding, without the users' knowledge. Look at another high value target for comparison - browser extensions that have a large installed userbase. How much money do you think a bad actor would be willing to pay for these? How much money do you think a bad actor would be able to pay to a corporation that secures credentials for a huge number of users, and who can push arbitrary updates without pesky source code validation getting in the way? You and I don't have enough money to win this game. In this case, the principle is the privacy and security of the credentials in your keyring. ![]() Principled people who work for a corporation eventually leave and are replaced with apethetic or differently principled people. There will always be someone who can offer them more money to hold the opposing principle. ![]() But you can't pay a corporation to hold or maintain a principle. You can pay a corporation to buy a product with more features or better service. A promise made by a corporation is not sufficient. The only way to guarantee that your keyring is secure long-term is for the source code (and change history) of your password manager to be inspectable and verifiable. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |