Comment by jachee
4 years ago
If you're not reading all the source of everything you're running, any or all of it it absolutely could be reporting usage/stats/your data to a "mothership".
Just because there's no single central org involved doesn't mean there aren't risks.
You don't need to read it, you just need to be able to read it.
Just because there are risks doesn't mean the risks are meaningfully comparable.
Ken Thompson won a Turing Award for showing how that isn’t the case: http://users.ece.cmu.edu/~ganger/712.fall02/papers/p761-thom...
May I direct your attention to https://reproducible-builds.org/
That what isn't the case? Pointing out additional threat vectors doesn't in any way contradict my point.
We already know that, by design, macOS will report back to the mothership. If things are working 100% correctly, Apple will collect what programs you run and when you do so.
Linux won't report to the mothership by design. If things work 100% correctly, you don't have to worry about some company knowing what programs you run and when.
> If you're not reading all the source of everything you're running, any or all of it it absolutely could be reporting usage/stats/your data to a "mothership".
there's a big difference in threat vector between one mothership and 200.
Just because there's no single central org involved doesn't make it safe.