[BowBun]

No one will do this, and those that read source code during installation do not review it for every upgrade. It's one of those 'just do this!' arguments that has little to no basis in reality. There's more of them replying to the parent comment: "Just do this! Just compile a thing! Just verify signatures for every update!". Come on... Meanwhile the negatives immediately implicate anyone with access to the executable.

You don't know this person, and I see no personally identifiable information to make me trust them. They could literally be a state actor right now! We've also seen so many large supply-chain attacks over the last decade which could easily target a tiny project like this.

I agree with the parent - not wise.

[develatio]

But doesn’t that apply to chromium / firefox as well (or any other big application). Web browsers are insanely huge, nobody is reading the entire code. What makes this different?

[jolux]

No, because Google and Mozilla pay loads of people to write and review the code that goes into their browsers and ensure it’s not malicious.

[pinewurst]

Google pays loads of people to conceive and write code that is malicious to endusers e.g. those not paying it for eyeballs.

[vore]

Is Google going to hack your bank account?

[toomanydoubts]

If we start with the reasonable assumption that "being malicious" !== "hacking a bank account", then the answer to your question does not matter at all.

[autoexec]

They're going to do everything they can to learn how much money you have in your account and then they'll relentlessly try to manipulate you into losing more of your money.

[gitaarik]

If you think you can trust Google because they are not interested in robbing your bank account, then you have fallen well for their deceptive campaigns. Google is just a next level robber that operates on corporate level.

[Dalewyn]

So I can apply the same logic to Microsoft concerning Windows, Office, etc. and you wouldn't dispute me, right?

Incidentally, no I have no objections against closed source. I find the religious dogma behind FOSS patently stupid.

[jolux]

> So I can apply the same logic to Microsoft concerning Windows, Office, etc. and you wouldn't dispute me, right?

I mean, no, I would dispute you, because everything Microsoft is doing in those products isn't publicly available for the world to see.

Still probably pretty unlikely because those products are hugely popular and widely scrutinized.

[Dalewyn]

So you would dispute me, but not for the criteria you originally posed.

[jolux]

The post I was replying to said that despite being open source, nobody reads the code for Chromium and Firefox. This isn't true because people are paid to read that code. Nonetheless, anyone can still read it if they want to. This means that it's at least marginally higher risk for a state actor trying to get code into these codebases than a proprietary codebase.

As I said, I think it's still pretty unlikely that Microsoft products are compromised by a state actor. It's certainly not part of my threat model. I'm not sure what point you're trying to make though. I certainly wouldn't install a system-wide HTTP proxy from a developer I didn't trust. And I don't have much of a choice but to trust Microsoft, their products are so ubiquitous I often have little choice.

[vlovich123]

To take a different argument, it’s another party that’s less well known that you have to trust. The more parties you trust, the less secure things become. Whether that additional risk is something you want to take on is a personal decision. MITM SSL traffic would make me uncomfortable.

[BowBun]

Do you trust Google + Firefox as much as this random developer? Seems pretty different.

[1231232131231]

If you really wanted/NEEDED this, you could definitely go through all the code. It would take a bit, but it's doable with determination (lol). Also, you don't have to necessarily review all of the code every update. All you have to do is view the changes/new commits every time you want to update.

The hardest part is determining that you want to go through all of this hassle to replicate something browser extensions already do (for the most part).

[lxgr]

If you believe you can find even just all unintentional bugs, let alone deliberate security vulnerabilities, you've never looked at the underhanded C contest [1].

> All you have to do is view the changes/new commits every time you want to update.

These can be thousands of lines of code per day in busy projects.

[1] https://en.wikipedia.org/wiki/Underhanded_C_Contest

[imiric]

I'm as paranoid about this as you, but this type of verification seems easier today with AI tools. I'm not aware of any that do this, but if LLMs can give insight about what a piece of code is doing, they can surely be trained to detect possible suspicious behavior. Perhaps even by inspecting a binary, but certainly by processing code.

[krpl]

https://any.run/cybersecurity-blog/chatgpt-powered-analysis-... Sort of did this

[lxgr]

Maybe for well-intended code (and even there I have my doubts – the halting problem says hi!), but most definitely not for malicious backdoors at this point.

[BowBun]

I think that's a great use-case. I'd love a real-time security scanning system covering as many open source projects out there as possible.

[stitched2gethr]

Yes, some people will do this. I just read the whole project, it's actually a pretty simple program.

I'm installing it now and the best part is if I don't like something I can change it. OSS FTW.