Comment by drawkward
4 days ago
I am merely a data scientist, so don't really know a ton about mainline programming beyond a few intro CS courses.
Why would an open source android distro be more trustworthy?
4 days ago
I am merely a data scientist, so don't really know a ton about mainline programming beyond a few intro CS courses.
Why would an open source android distro be more trustworthy?
Here is my simplified take on it which will likely get me flamed.
Trust has many meanings but for this discussion we’ll consider privacy and security. As in, I trust my phone to not do something malicious as a result of outside influence, and I trust it to not leak data that I don’t want other people to know.
Open source software is not inherently more secure nor more private. However it can sometimes be more secure (because more people are helping find bugs, because that specific project prioritizes security, etc.) and is usually more private. Why? Because it (usually) isn’t controlled by a single central entity, which means there is (usually) no incentive to collect user data.
In reality it’s all kind of a mess and means nothing. There’s tons of bugs in open source software, and projects like Audacity prove they sometimes violate user privacy. HN-type people consider open source software more secure and private because you can view the source code yourself, but I guarantee you they have not personally reviewed the source of all the software they use.
If you want to use an open-source Android distro I think you would learn a lot. You don’t need to have a CS degree. However unless you made massive lifestyle changes in addition to changing your phone, I’m not confident it would meaningfully make you more secure or private.
It was a bit of a strawman question anyway; as someone who could review the source myself but wont (because the pain-to-utility threshold is way too high) I am then required to place my trust in some ad-hoc entity (the open-source community), that doesn't actually have a financial disincentive to make sure things aren't bad.
I have other reasons, perhaps, to prefer open source stuff, but I am not ready to assume it is inherently more private or secure.
Sorry, I lost some context in the thread or something because I thought you were asking as someone who legitimately didn’t know what open source was. Which I thought was kind of weird for HN but didn’t put two and two together.