• asudox@lemmy.world
    link
    fedilink
    arrow-up
    66
    arrow-down
    8
    ·
    edit-2
    1 year ago

    Is it open source? If no, proton can suck my stroganoff.

    Edit: The official subreddit of Proton says that it is a proprietary CAPTCHA system. Great.

    • 1chemistdown@kbin.social
      link
      fedilink
      arrow-up
      25
      ·
      1 year ago

      Proton has opened sourced everything so far and I would expect them to do that here. They have whole pages written on why they open source everything and why that helps privacy.

    • Sha'ul@lemmy.ca
      link
      fedilink
      arrow-up
      16
      arrow-down
      1
      ·
      1 year ago

      Stroganoff is quite good if cooked correctly, may I try a taste of it? I’m messing with you

    • smollittlefrog@lemdro.id
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      Does it say that both the front end and back end are proprietary, or just the back end? I’d be fine with a closed source back end

      • asudox@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 year ago

        Nothing is mentioned other than “proprietary system”. Probably meaning that both ends are closed source. I don’t see how I can verify whether it respects my privacy or not. I don’t see a reason to implement this instead of mCAPTCHA, which is fully FOSS.

  • ᴅᴜᴋᴇᴛʜᴏʀɪᴏɴ@lemmy.world
    link
    fedilink
    arrow-up
    49
    arrow-down
    3
    ·
    1 year ago

    I’d be much happier if they’d finish building Drive to have auto-upload like every. other. cloud. service.

    We keep hearing “small team” so why do they keep adding half-done products and services?

  • ono@lemmy.ca
    link
    fedilink
    English
    arrow-up
    34
    ·
    edit-2
    1 year ago

    Other than making the web tedious to use, my biggest CAPTCHA complaint is that it puts the main providers in a position to monitor everyone’s web use. The blog post doesn’t address that, but it does say this:

    No third-party services

    Perhaps they mean it’s self-hosted? That would be very welcome. It might require open source code to catch on, since many site owners are uncomfortable running mystery code on our servers. That would be very welcome, too.

    Here’s hoping it’s good.

    • activ8r@sh.itjust.works
      link
      fedilink
      arrow-up
      13
      arrow-down
      3
      ·
      1 year ago

      since many site owners are uncomfortable running mystery code on our servers

      And yet Node.js exists and flourishes.

          • QuazarOmega@lemy.lol
            link
            fedilink
            arrow-up
            6
            ·
            edit-2
            1 year ago

            I wonder if it’s really true that this practice is particularly prevalent in JavaScript development or just a false impression caused by it being one of the most, if not the most, used programming language

        • ono@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          2
          ·
          edit-2
          1 year ago

          The Node package manager is used in some web applications and has a very trusting distribution model, but it’s not particularly relevant to what I wrote (red herring fallacy), and GP’s phrasing alone is enough to identify them as a heckler. Please don’t feed the trolls.

    • Dark ArcA
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      That just means they’re using other servers to route traffic. It doesn’t mean those servers are third party services.

  • squid@feddit.uk
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    1 year ago

    I often won’t touch websites with captcha as its used to train ai for google so if I see open source captcha solutions of which I doubt I will see as often as id like as googles strong hold

    But proton keep up the good work

  • Zerush@lemmy.ml
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    Nice, but captchas are never a good measure to avoid bots, only to annoying users, apart from spying them, if it is from Google. Long before AI, bots could solve captchas better than humans. It is a clearly obsolete method. Apart the system used by Proton is impossible for blind users, Google captcha at least had an auditive captcha too.

  • Sha'ul@lemmy.ca
    link
    fedilink
    arrow-up
    14
    arrow-down
    15
    ·
    1 year ago

    Proton is trying to do too many things and can’t excel at doing one thing. It’s getting too big beyond its capabilities which means services are going to suffer at a lower quality.

    If the want blanket trust from users, remove the VPN login to make it anonymous and change the VPN code to remove all anti-features and comply with native F-Droid, other RiseUpVPN is the only choice for everybody to use.

    • 1chemistdown@kbin.social
      link
      fedilink
      arrow-up
      16
      arrow-down
      2
      ·
      1 year ago

      Sure, push a known malware free vpn service while bashing a service that is very well known and respected.

      • speck@kbin.social
        link
        fedilink
        arrow-up
        11
        arrow-down
        1
        ·
        1 year ago

        I have to admit that I don’t know enough about any of this to be sure I’m reading in the right way. Is it “known malware, free VPN” or “known malware-free VPN”?

      • Sha'ul@lemmy.ca
        link
        fedilink
        arrow-up
        8
        arrow-down
        1
        ·
        1 year ago

        You found malware in the source code for RiseUpVPN? The source code is publicly accessible, what kind of malware is in it?

      • QuazarOmega@lemy.lol
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        It’s one of the most transparent services, there’s this neat video examining the available free VPNs by Techlore that was coincidentally made very recently: peertube/piped

      • Sha'ul@lemmy.ca
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        Accoding to F-Droid build service, it says ProtonVPN depends entirely on non-free network services, which means:

        “This Anti-Feature is applied to apps that promote or depend entirely on a Non-Free network service which is impossible, or not easy to replace. Replacement requires changes to the app or service. This antifeature would not apply, if there is a simple configuration option that allows pointing the app to a running instance of an alternative, publicly available, self-hostable, free software server solution.”

        Compared to RiseUpVPN source code which has zero anti-features

        • fluckx@lemmy.world
          link
          fedilink
          arrow-up
          8
          ·
          1 year ago

          So the issue is that you can’t point it to your own VPN server( or another VPN server ) and only use protonvpn servers?

          Or am I misinterpreting this?

          • Sha'ul@lemmy.ca
            link
            fedilink
            arrow-up
            5
            arrow-down
            1
            ·
            1 year ago

            It’s the combination of requiring Proton servers and the fact that that there is no public release of server source code or specifying which open source software runs on Proton servers, amount to a type of vender lock-in

            RiseUpVPN uses OpenVPN from Bitmask so everybody can duplicate the service using their own custom build version of OpenVPN to connect to RiseUp servers so their server’s code is publicly accessible.

            • zwekihoyy@lemmy.ml
              link
              fedilink
              arrow-up
              3
              ·
              edit-2
              1 year ago

              you can do this with proton servers as well. they offer openvpn and wireguard. iirc, the “non-free services” is because the “Alternate routing” feature in proton apps routes over Google servers. if you disable this option it goes directly to their servers.