Code is Power!

irvinewade · October 15, 2025, 5:04am

A good summary for just one month (September 2025) showing how when Big Tech rushes code out the door, or when security and privacy are afterthoughts, or, worse, when the code is intentional spyware, “IT Security” is almost an oxymoron.

j_s · October 15, 2025, 3:47pm

Is the title for the first example supposed to be struck through, or should it have been underlined like the others?

Maybe it was a Freudian slip, since having vulnerabilities is not the same as:

was caught transmitting every keystroke—passwords, messages, and financial entries—to overseas servers

spacemanspiffy · October 15, 2025, 4:38pm

@JCS I could be wrong but I think strikethrough thing happened once before and it was a Wordpress issue?

irvinewade · October 15, 2025, 9:21pm

My guess is “no”.

This has happened lots of times before. (@spacemanspiffy) I think I may have queried it the first few times. We can only speculate about the cause but it doesn’t seem to have been fully addressed.

Dlonk · October 16, 2025, 12:04am

A Siri Suggestions bug exposed precise location data to third-party apps without user consent. Apple patched it only after public outcry.

Purism’s stance: Permission boundaries must be enforceable. PureOS doesn’t allow silent cross-app data sharing.

Is the last sentence in my quotation false and a lie, though? I thought PureOS allows whatever the user wants since it’s totally free software - and that would include running bad apps that want to steal data from other apps.

That’s why the power to say, “No,” when someone asks me to run their proprietary programs is an important skill to practice when using a Librem 5 as my phone, since it doesn’t isolate each process to its own user / account or whatever.

irvinewade · October 16, 2025, 12:13am

With open source any data sharing is never silent?

Dlonk · October 16, 2025, 2:21am

What do we mean by silent? I can write an app that runs under root account on a cron and snoops on other Linux apps, and doesn’t self report the snooping to a log file.

irvinewade · October 16, 2025, 2:57am

So, since we don’t know the answer to that, the quote from the blog post can’t be “false” or a “lie”. Right? I think the text is open to interpretation.

I interpreted it as more in the meaning of “secret” or “covert” or “without your knowledge” (and hence “without your consent”). So some app that you write and run as root is definitely none of those things. Some open source app that you install and run as root is at least in principle none of those things.

FranklyFlawless · October 16, 2025, 3:32am

The issue with the declared stance is that it is not being specific about who it is being enforced by and against, nor is it being specific about how any enforcement is exercised to begin with. Personally, I write off all AI-generated blog posts and any contents within them as uncredible, so I see very little value in formally engaging with them within their respective Discourse topics.