I’m thinking that software like Signal, Bitwarden, Firefox and RHEL is more likely to be pushed (by unconventional methods) to introduce backdoors under Trump 2.0. Less complex software that is developed by an international community is of course less suseptible.

What do you think? Will the risk be higher during Trump 2.0 or is the FOSS community diverse and international enough? Am I just paranoid and irrational?

Closed source software and cloud is of course a no brainer since always. But clompex FOSS with centralized development and hosting pretty much suffers from the same problem.

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    22 hours ago

    Will the risk be higher during Trump 2.0

    Why would it?

    I think you’re paranoid and irrational, and should probably step away from social media and go talk to some actual Trump supporters. That’s not me, but my family largely voted for that clown, so I think I know a thing or two about what his supporters want.

    In essence, they want Trump to cut spending, stop drug trafficking, and create jobs. I think it’s far more likely that he cuts the FBI and related law enforcement and potentially merges them than to put them on the attack. He cares more about stopping illegal immigration than spying on residents, so that’s where his attention will be.

    FOSS

    FOSS + self-hostable is always the right answer. I don’t think who the President is matters all that much because data requests are an agency level thing and not something the President or even the cabinet member is involved in (outside of perhaps very high profile issues).

    If it’s not on your machine, you won’t know if the server admin has been forced by the courts to give up the data. I use a VPS, but it doesn’t actually store anything, it just forwards packets to my computer on my network, so if LE wants my data, they have to get it from me directly.

    If you’re paranoid about the government spying on you, it doesn’t matter who’s in the Oval Office, what matters is if they can get access to your data without you knowing. So my tier list for this is:

    1. Self-hosted, FOSS, E2EE with no data stored on the server (e.g. Simplex)
    2. Self-hosted, with data stored on the server (e.g. Matrix) - only if it’s on your LAN
    3. FOSS client, E2EE (e.g. Signal)
    4. Hosted in a country with strong privacy protections and no agreements with your country for exceptions (e.g. Proton)

    Pretty much everything else is unacceptable IMO.