| > Our navigation, .ovpn builder, alerts and other features rely on JS in order to function properly. At the end of the day, that does not matter for the customer. If they have JS disabled, and you force them to enable it, you lost a customer. As customers, we are expected to have JS enabled for signing up, and logging in, but a marketing website should not require it. > Again, open sourcing the apps, although it looks good, ultimately doesn't mean anything. Any malicious activity can be done in the back-end. Sure, I agree with that. However, notice that I said "if they open source their code, and if they run their business in the open". There is a lot that you can open source, but more importantly, you can operate your business in an open, and transparent way. Take Confirmed VPN[1] as an example. They allow you to request a read-only account to audit their infraestructure, and AWS account, to make sure they do what they say they do. Or SourceHut[2], which make most of their business decisions in the open, for anyone to see. Opening your code is not the only way to have an open business. [1] https://openlyoperated.org/report/confirmedvpn [2] https://sr.ht/~sircmpwn/sourcehut/ |
Thanks for taking the time with this.
Unfortunately there is not much we can do about the JS. We can put up static pages for marketing, but ultimately the website is there for the user to control various things to do with their account. It also allows guests to perform various tasks.
As far as your other point about the business itself being open, we are trying to run it in that exact manner. Regarding the audit, I replied to another user ( https://news.ycombinator.com/item?id=23666681 ). However, if you have an idea on how we can run the business more open, I am happy to take it on board. We keep users in the loop, took time with our terms of service and privacy policy, as well as provided a bunch of information in the FAQ.
Regards, Peter @ Oeck.