If you can read and understand the code, sure. Otherwise you’re still just extending trust to someone perhaps less reputable than even the corporations who are dying to sell you out. For example, the back door some mysterious contributor slipped into xz recently.
My recommendation is to live life as if privacy on the internet did not exist, because it doesn’t.
There is such a thing as credibility. You can extend trust to others that have credibility. For example, security audits from companies that are credible. Or, you use an app because a trustworthy techie friend of yours says they're safe.
But a prerequisite in all these cases is going to be FOSS code and client side encrypt.
Telegram had credibility. It was being used by journalists to protect sources.
You can extend trust to individuals but do not apply that to companies or organizations if you care at all about what they’re doing with what you give them. Not everyone has some mythical tech privacy wizard on call to give them perfect advice every time they open an account on an app or website.
Even client side encryption is not infallible. The algorithm you use will eventually be crackable and probably sooner than you think. Nothing lasts forever.
The most foolproof way to ensure something remains private is to not put it on the internet at all.
Never trust a third party to keep your shit private. Especially if privacy is their main selling point.
Foss code and client side encryption is fine.
If you can read and understand the code, sure. Otherwise you’re still just extending trust to someone perhaps less reputable than even the corporations who are dying to sell you out. For example, the back door some mysterious contributor slipped into xz recently.
My recommendation is to live life as if privacy on the internet did not exist, because it doesn’t.
There is such a thing as credibility. You can extend trust to others that have credibility. For example, security audits from companies that are credible. Or, you use an app because a trustworthy techie friend of yours says they're safe.
But a prerequisite in all these cases is going to be FOSS code and client side encrypt.
Telegram had credibility. It was being used by journalists to protect sources.
You can extend trust to individuals but do not apply that to companies or organizations if you care at all about what they’re doing with what you give them. Not everyone has some mythical tech privacy wizard on call to give them perfect advice every time they open an account on an app or website.
Even client side encryption is not infallible. The algorithm you use will eventually be crackable and probably sooner than you think. Nothing lasts forever.
The most foolproof way to ensure something remains private is to not put it on the internet at all.
Fortunately we have folks like Freedom of the Press Foundation, who provide trainings to journalists