The NightOwl application has existed since 2018 and is used to automatically switch between light/dark modes on the operating system. It is an alternative to the built in macOS automatic mode which only switches when the user steps away from the computer.

However, the application has been bought out by “TPE.FYI LLC” in late 2022 that forcibly joins your devices into a botnet for use of market research, without your knowledge (other than the TOS in small text on the download page) or express consent (this feature cannot be turned off, even when the app is quit). This is documented in their terms of service.

    • Vale@apollo.town
      link
      fedilink
      English
      arrow-up
      39
      ·
      1 year ago

      Something being open source doesn’t automatically make it safe to use. Sure, it means it’s easier for people to check for security issues, but how many people actually have the knowledge and the time to do it? And even then, take the log4j vulnerability from a while ago, it’s been present in the code since 2013 and only reported in like 2021.

      • dangblingus@lemmy.world
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        Common sense still prevails. Don’t install obviously shady freeware. Something like GIMP or Blender or Ubuntu or FreeCAD or ProjectLibre is going to be safe. Large community = most likely safe.

      • sarchar@programming.dev
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        FOSS isn’t generally vulnerable to the “buyout” vulnerability. It’s not new that a valuable browser extension is bought out and repurposed, but FOSS is less likely to fall to these bugs. (also fuck WEI. You’ll get more of this with WEI)

    • Chocrates@lemmy.world
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      You still need to build package and install it yourself though or else you are trusting someone else. Open Source software has been used as a vector for attacks before by bad actors getting access to the build system or source code.