|
|
|
|
|
|
by ds
998 days ago
|
|
|
You could have no auto-update functionality, and that would go a long way. But then, you are severely crippling your product by doing that. Releasing clientside sourcecode doesnt mean much if the NSA forces you to give everyone else a different binary and sourcode than your target. It means nothing. Look- the point is, you will go down a endless rabbithole of trying to appease everyone with "bulletproof" security. And the more you go, the more functionality and usefulness you will give up. The best solution is to be realistic and not make defacto claims. Even things like TOR, which have been open source and audited from day one have had serious issues, and I am sure many TOR developers parroted the "you cant be tracked using us" only to have exploits and code issues pop up multiple times. |
|
|