I don't know what you're mentioning, but let's not forget that whatever view he might have, it changes nothing in the technology he creates. It's open source, it's auditable, and the code does not have worldviews of its own.
Your comment promotes cancel-culture, and as filthy as it is in general, it's even more so in the technology world. Don't do it. Please.
As long as you are not auditing every bit of code you run yourself AND are sufficiently knowledgeable to detect even obfuscated malicious code, you need some basis of trust.
Evident world views far off reason, reality, compassion and pragmatic self-regulation, don't speak for a stable, predictable and reasonable personality.
If a person thinks some humans deserve less rights than others, how could you trust any update to not reflect this world view?
Additionally you may be becoming technologically dependent on a person whose actions may be detrimental to your safety or wellbeing in other parts of your life.
You may also just don't like to promote this person's work.
It's fair to inform others about the person behind the software they are running. Everybody can make their own informed choices.
And the appropriate basis of trust in the technology world would be source code audits, not scraping some individual's Twitter posts.
If the users' communications are encrypted — which they are — there is no way for the creator to "reflect his world view", whatever it might be, in the form of undermining the security or privacy for some part of the user base.
I like your point that if a developer is a vocal neo nazi then only people capable of regularly conducting their own thorough code reviews should rely on the products that they make. I agree with you that regular folks that can’t do code audits should not trust neo nazis with their private communications. It is good to know that we’re on the same page about not implicitly trusting the simplex code
This is not my point. Trusting someone else's code audit is infinitely more valuable than trusting any "vibe check", since it touches the actual subject matter.
Anyway, since we're talking concrete software, could you point to such code reviews from vibe-independent auditors for continuous verifiable simplex builds targeting common communication platforms?
If not, your point is moot for the subject at hand. Decisions have to be made on the basis of reality not cozy fantasies.
I am not sure I run a single piece of software where this is done. Sporadic audits tend to bring evidence of soundness and security, not continuous absence of malicious functionality.
> I am not sure I run a single piece of software where this is done.
And yet you run it. Have you vibe-checked every such software? Did that bring you enough information about individuals creating it? If not, if there are no readily available signs, have you vetted their own, private beliefs otherwise — in order to ensure they don't clash with your own?
What if Linus Torvalds turned out to be secretly a Nazi pedophile for the whole time? Would that make you stop using Linux?
You are moving the goalpost. There is no constructive discussion possible, if you can't concede weak arguments.
But yes, I vibe checked the software projects I use. They are mostly large enough, where single individual failings are of no consequence and unhinged people are usually removed from executive control through various means. But it's trust based on feelings and the information I got. Most people involved in these projects are mature and controlled enough to not mix politics with their work. It's not a good sign to not be in control of such impulses.
And I rather take a chance with the unknown bad, than rationalize the known. Luckily most people with a collectivist FOSS mindset don't turn out to be monsters. Who could have predicted that?!
I was just asking to know your thought process, but this discussion probably won't lead to anything anyway — in my view a person's stance on vaccines, gay rights, what have you, doesn't make you any worse developer. If the technology is sound — which I can vibe-check (by a glimpse on how the code is maintained, documented etc.) — I have no reason to peek into one's private views. Your opinion is different, I still don't fully understand it, but we'll just have to agree to disagree.
We are not talking private opinions, we're talking public ones. Lol.
If you fail to understand why human rights and state repression stances don't matter evaluating trust in secure and private communication means, we indeed don't need to discuss any further. It is a bit silly tho.
>could you point to such code reviews from vibe-independent auditors for continuous verifiable simplex builds targeting common communication platforms?
and sandblast has written a lot of words that indicate “no”, so they’ve been pretty consistently arguing not to use simplex.
This makes sense. Trusting a stranger’s code is bad but trusting a stranger’s opinions about code is good.
Unless you mean that only users personally capable of walking through the code line by line and their immediate friends and family should run code written by neo nazis
If I wanted to make a honeypot that undermines users' privacy and anonymity, I would make sure to be as nice to everyone as possible. The "vibe check" is irrelevant, the false positives are far too common.
However, human being human beings, they find it very hard to sequester their beliefs, emotions from their work. It's a common human failing. Often they are not even aware of it.
Having politically or socially divisive beliefs publicly also makes such a person a target of coercion and encouragement to yield to a "harmless" temptation by way of appropriate 3 letter like agencies.
To ensure that this does not happen will require maintaining a paranoid level of vigilance on the code all the time. That is a lot of work, very expensive and is unlikely to happen. Perhaps not fair to his creation, but that's just how it goes.
My comment is at a high level. This is the first time I heard of Simplex chat, so I don't even know what views its developer has.
Your comment promotes cancel-culture, and as filthy as it is in general, it's even more so in the technology world. Don't do it. Please.