[squarefoot]

"Duple (https://www.duple.io/en/)"

100% closed source as for now. They promised to make almost all of it open source, sadly except the most important part. Security is a chain: a 99% open source app is still 100% insecure as a 100% closed one.

[bduerst]

Duck Duck Go is also closed source and privately owned.

[tonyedgecombe]

There is plenty of insecure open sourced software and secure closed source. I'd be surprised if there was any correlation here.

[squiggleblaz]

Depends on the definition of "insecure". I think we mean "the user is a victim of the owner of the product" or "the user has no choice but to overconsent to invasion from the producer". When ssh has a vulnerability, that's not a problem of me overconsenting to something OpenBSD wants to do. It's a problem where some third party has managed to fool OpenBSD into believing I want them to do something on my behalf, when I issued no such instruction.

But the vulnerability that is Google Mail is that Google will read any email sent to or from a Google Mail account, even incidentally, and use it to build up a profile which paying customers can use to manipulate me into doing things which, in the absence of the profile, I wouldn't've have done. Moreover there's just massive risks from all that data.

[amedvednikov]

Strange, it takes the home page 7 seconds to load with the progress bar, despite weighing less than 1 MB.

[swedtrue]

The source code is available (bottom of the beta page https://download.duple.io/en/beta.html)