lol ... lmao even

  • BelieveRevolt [he/him]
    ·
    1 year ago

    It's open source too, so if a dev decided to add some code that forwards the entire instance's content directly to Xi's email account, they'd know about. Or they can just fork the thing at any point and be free of the version that's obviously tainted by tankies shrug-outta-hecks

    • PorkrollPosadist [he/him, they/them]
      ·
      edit-2
      1 year ago

      I don't think the fact that it's open source matters. I wouldn't be caught dead running Soapbox. Some libs feel the same way about Lemmy. It's pathetic though, because they all fucking know Capitalism is what's ruining the Internet.

      Even if you are forking a project like this, a rapport with the developers is essential for technical support and knowhow.

    • AernaLingus [any]
      ·
      edit-2
      1 year ago

      To your first point, you'd have to be able to verify the code that's actually running on the server, which I don't think is possible without having admin access to the server. Any kind of test which involved sending challenges to the server could be cheated--even if you did devise a randomized scheme which could only be passed by running the code you're testing for, the server could just run a second instance of the clean code in the background used solely for that purpose. As long as all the public interfaces (both the UI and API) are the same, you'd be none the wiser. The only thing I could imagine working are side-channel attacks like measuring response times (e.g. if certain responses take longer than expected there might be additional code being run) but I have no idea how feasible that is for this particular situation and it's possible to defend against such attacks with careful coding.

      But that's all made moot by your second point, at least from the perspective of an admin running their own instance, provided they audit the relevant parts of the code.