I’m note a programmer. I Don’t Understand Codes. How do I Know If An Open Source Application is not Stealing My Data Or Passwords? Google play store is scanning apps. It says it blocks spyware. Unfortunately, we know that it was not very successful. So, can we trust open source software? Can’t someone integrate their own virus just because the code is open?

    • squiblet@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      The way people use npm has long been a problem - the basic concept of pulling in 4 dozen small snippets of code from repos all made by different people and rarely verified. It’s quite different than running one application with a group of developers who understand all the components and monitor/approve changes.

    • DogMuffins@discuss.tchncs.de
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      True, but these have been identified pretty quickly, they’re not insidiously harvesting data in the background over long periods.

      • Tanoh@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        Well, we have detected those that have been detected. It is possible that there are some sleeper repos no one has detected yet.

        But it is not really a problem or something bad with FOSS, just have to be careful when including and updating libraries, which you always have to be!