undefined | Better HN

0 pointsohazi5y ago0 comments

The only way to guarantee that your keyring is secure long-term is for the source code (and change history) of your password manager to be inspectable and verifiable. A promise made by a corporation is not sufficient.

You can pay a corporation to buy a product with more features or better service. But you can't pay a corporation to hold or maintain a principle. There will always be someone who can offer them more money to hold the opposing principle. Principled people who work for a corporation eventually leave and are replaced with apethetic or differently principled people.

In this case, the principle is the privacy and security of the credentials in your keyring. How much money do you think a bad actor would be willing to pay for these? How much money do you think a bad actor would be able to pay to a corporation that secures credentials for a huge number of users, and who can push arbitrary updates without pesky source code validation getting in the way? You and I don't have enough money to win this game.

Look at another high value target for comparison -- browser extensions that have a large installed userbase. Browser extensions are frequently bought for tens to hundreds of thousands of dollars by ad/tracking/malware vendors in order to quietly replace the extension with one that does their bidding, without the users' knowledge.

What's the solution to this problem? Open-source, inspectable, verifyable software that is maintained by a person or a community that shares your principles. I trust the work of Jason Donenfeld (pass, wireguard) and Raymond Hill (uBlock Origin) more than the work of any corporation selling a similar product at any price.

The incentive structure of corporations in general precludes them from being given the level of trust required for certain products.

0 comments

waynesonfire5y ago

And what makes you think that Jason or Raymond won't wake up one day and decide they had a change in principles? Just like people, companies have reputations and values. Individuals are not immune to malevolence.

ohaziOP5y ago

Companies swap out their internal functionaries regularly, and regression to the mean suggests that as an organization they're likely to lose any principles they may have started with.

People can certainly lose their principles, but from observing past behavior (e.g. the number of times Raymond has told moneyed interests to fuck off), I believe that certain people are capable of holding certain principles for longer than a corporation would be able to.

Secondly, these individuals and communities recognize the inherent problem with needing to trust them, so they jump through hoops to make sure that publicly available binary builds are reproducible and verifiable. They publish their open-source software in a way that doesn't require you to trust them as much as you would need to trust a corporation with a closed-source product.

Not only do many corporations not bother doing this, many corporations that maintain open source products deliver binaries that obviously have more stuff baked in than their source code would suggest. For some categories of product, like a password manager, open source with reproducible builds is table stakes, not an optional feature.

CallMeJim5y ago

You can absolutely pay a company to hold a principle.

Consider the number of companies now who are promoting sustainability as a core value, because it gives them an edge up on competition in big government tenders.

More common than you'd think, especially in physical product supply!

ohaziOP5y ago

> who are promoting [...] as a core value

> because it gives them an edge up on competition

That's... literally the opposite of holding a principle. They're doing a thing that they don't otherwise care about because it results in an advantage today. What happens when the money runs out? When the fad shifts? When someone offers them more money to do something that conflicts with this principle?

You hold a principle because you believe (logically, axiomatically, morally, etc.) that it is correct, regardless of all other incentives that might pull you towards or away from it.

If the only reason that someone claims to hold a principle is because you're paying them, they're not actually holding that principle.

j / k navigate · click thread line to collapse

0 pointsohazi5y ago0 comments

The incentive structure of corporations in general precludes them from being given the level of trust required for certain products.

0 comments

waynesonfire5y ago

ohaziOP5y ago

Companies swap out their internal functionaries regularly, and regression to the mean suggests that as an organization they're likely to lose any principles they may have started with.

CallMeJim5y ago

You can absolutely pay a company to hold a principle.

Consider the number of companies now who are promoting sustainability as a core value, because it gives them an edge up on competition in big government tenders.

More common than you'd think, especially in physical product supply!

ohaziOP5y ago

> who are promoting [...] as a core value

> because it gives them an edge up on competition

You hold a principle because you believe (logically, axiomatically, morally, etc.) that it is correct, regardless of all other incentives that might pull you towards or away from it.

If the only reason that someone claims to hold a principle is because you're paying them, they're not actually holding that principle.

j / k navigate · click thread line to collapse