103

I see random websites that aren't open source saying they are "encrypted, safe", when they obviously aren't! Come on!

top 47 comments
sorted by: hot top controversial new old
[-] gemakey@lemmy.world 27 points 2 weeks ago

How do you know they aren't?

[-] XLE@piefed.social 26 points 2 weeks ago

Am I in the wrong community here?

Burden of proof is always on the service to demonstrate that they are private.

[-] gemakey@lemmy.world 5 points 2 weeks ago

The burden of proof is on the claimant. In this case, the claim is that they are neither encrypted nor secure. The claim can be made from both sides but if neither provides proof then we're all just tinfoil hats.

[-] rants_unnecessarily@piefed.social 14 points 2 weeks ago

The website is the claimant in this case. They are claiming they are secure, which is what OP is sceptical of.

[-] gemakey@lemmy.world 2 points 2 weeks ago

And what of the claims made in this post? Just blindly go with it?

[-] Alberat@lemmy.world 4 points 2 weeks ago

the argument of this post is to not go blindly trusting something lol

[-] XLE@piefed.social 12 points 2 weeks ago

Claimant? This isn't some Socratic debate or court of law, it's privacy 101. It's the safest position to take if you didn't know better.

[-] gemakey@lemmy.world 3 points 2 weeks ago

Yes, claimant. It doesn't have to be a court of law for a word to have a meaning. When a person makes a claim, they are a claimant. I've always understood this to be plain English. It's exhausting when everyone wants to make pedantic arguments rather than discuss the topic. Are they encrypted or are they not? Let's answer the question and then we can have a Socratic debate about it.

[-] luciferofastora@feddit.org 9 points 2 weeks ago

It's exhausting when everyone wants to make pedantic arguments rather than discuss the topic.

Yeah, absolutely. Like being pedantic about burden of proof, when the topic is actually privacy where the default position is zero trust and it is always on the person claiming to offer privacy or security to prove that they can be trusted.

But sure, let's treat it philosophically instead of practically:

Are they encrypted or are they not? Let's answer the question and then we can have a Socratic debate about it.

They claim to be. That makes them the claimant. The burden of proof thus falls on them. So what proof do they offer for their claim?

[-] gemakey@lemmy.world 1 points 2 weeks ago

The person who posted this is claiming they are not. How are people here this stupid? I thought people on Lemmy were the more intelligent bunch. I'm finding otherwise here.

[-] luciferofastora@feddit.org 3 points 2 weeks ago* (last edited 2 weeks ago)

If two people make opposing claims, who does the burden of proof lie with?

More particularly, if someone tells me I can trust them, am I supposed to believe that claim without proof?

Please, educate me. If you claim we're stupid, surely you can prove your superior logic.

[-] gemakey@lemmy.world 1 points 2 weeks ago

The claim here, yoeard the community is that the app is not encrypted or secured. The claim has no evidence or reasoning beyond "COME ON!" - Neither the app nor its developers came to this community and claimed to be anything. They out up a website where OP finds it and decides they're lying based on zero technical data or testing. Just the kneejerk opinion of a random Lemmy account.

The surety is that they are not what they claim to be. Ok, then show it. You can't just make claims you can't substantiate and then argue when people ask questions. I don't buy either claim because neither claim has demonstrable evidence.

People are arguing with me over pointing out the fact that this person does not know what they claim to be true. They belive it to be so. What have we learned from the religious right? Belief without evidence negates clarity in understanding.

I came to Lemmy to get away from the Reddit blowhards. It seems hysteria is the mode of discussion no matter the platform.

[-] luciferofastora@feddit.org 3 points 2 weeks ago

The claim [...] is that the app is not encrypted or secured.

The original claim, made by the app's publishers on that site, is that it is secured. That claim is not substantiated anywhere.

Neither the app nor its developers came to this community and claimed to be anything.

In the strict logical sense of AND, this is true. They did claim to be something, just not in this community.

The surety is that they are not what they claim to be. Ok, then show it. You can't just make claims you can't substantiate and then argue when people ask questions. I don't buy either claim because neither claim has demonstrable evidence.

This is where the context of community and subject comes in, because it shifts the semantics of the claim.

In privacy and security context, Zero Trust is the baseline assumption out of practical considerations: Any app, service, environment or infrastructure is to be treated as insecure unless proven otherwise. I'm sure I don't need to explain the reasoning to you here.

Under that convention, that claim isn't so much an objective assertion of fact, which would subject it to the burden of proof, as an assertion of that baseline in absence of that "proven otherwise".

It's not much different from asserting "We don't know" in scientific contexts. "We don't know if there are infinite primes" is an assertion that needs no substantiation by itself, because ignorance is the baseline in that context. If you want to claim that there are, in fact, infinite primes, you will need to back that claim up with proof. (I know that proof isn't hard to find, this is just an illustrating example).

The key difference is that, in privacy or security contexts, ignorance is considered tantamount to a lack of privacy or security. That essentially just leaves proofs of security and refutations thereof.

What have we learned from the religious right? Belief without evidence negates clarity in understanding.

Atheists generally feel no need to substantiate their belief in the non-existence of god either. The mechanism is rather similar: Because the existence of god has significant ramifications, the burden has been categorically shifted to those making that claim, while the rest of us carry on under the assumption that he doesn't exist.

Sure, agnostics acknowledge that uncertainty, but what is the practical implication of that theoretical? Do you act as if there was a god, as Pascal's Wager would have it, or as if there was no god, in the same way that Zero Trust treats the uncertainty as insecurity?

I came to Lemmy to get away from the Reddit blowhards.

How kind of you to bring some of their arrogant, universal pedantry with you.

Okay, that was a bit too sarcastic. Let me rephrase:

You double down on a theoretical point, heedless of practical context, arguing about the logical mechanisms without acknowledging the semantics that act upon them, the purpose which they are supposed to serve. You act like an even more misguided enlightened centrist saying we should make no judgement either way in contexts where a judgement definitely needs to be made and the absence of convincing arguments is itself an argument.

Then you have the absolute gall to consider your detached, past-the-point quibbling with complete disregard for half of what people are saying some form of evidence that we're all stupid.

We're not. We're practical.

We know that tomato is a fruit and that, technically, there is no explicit proof of insecurity. We also know that tomato doesn't fit into the general taste profile of a fruit salad and that handling private data requires a great deal of trust that is not given, but earned. We don't put tomato into a fruit salad and we don't trust websites making a cheap claim without putting in the work to convince us.

[-] XLE@piefed.social 1 points 2 weeks ago

I really appreciated this comment although it's apparently not low hanging enough of a fruit for it to be engaged with, apparently. I find it harder to put into words the idea that an assertion of the default is not necessarily a claim of evidence of something. And you did that handily here.

[-] gemakey@lemmy.world 1 points 2 weeks ago

It's really simple. Either you know its not encrypted or you don't. Don't make claims you can't verify. OP doesn't know that. You can assume, you can have an opinion, you can say whatever you want - none of it has weight or even meaning until you have something to show for it.

Your points on security are entirely true. The default should be distrust. That does not invite a witch hunt on every site you've never heard of making a claim. Had OP stated some key understanding they have and disclosed, then I wouldn't even be commenting here. I would have scrolled right past and never thought about it again.

How kind of you to bring some of their arrogant, universal pedantry with you.

Where are the pedantics? Lol I'm getting shit on for being reasonable and pointing to the facts that no one in here knows and somehow that's arrogant and pedantic. No sir, that's exposing people for spreading incompetence and hysteria.

You don't know the condition of that data or that backend. There is no pedantics there. A claim was made that can not be verified. There's no pedantry there unless you're upset that I want proof of claims rather than instant judgement. To be fair, I want proof of claims from that site before I would trust it either but I'm not gonna throw it into the pit just because it made a claim.

Or are you fine with people running around saying shit and spreading unverified claims they don't know or understand?

[-] luciferofastora@feddit.org 2 points 2 weeks ago

It's really simple.

It is: Either we can trust them or we can't.

You keep insisting that we technically don't know. That is an empirical approach, perfectly suited for empirical contexts.

Practically, this service targets a market where it is expected that you provide some evidence that you're serious and reliable. That makes it a rationalist context, where deduction dictates a base assumption in absence of truth to the contrary.

If they aren't showing evidence, the either don't understand the claim they're making and why they can be expected to back it up, or they have no actual evidence to show. In either case, pointing back to the baseline is valid and requires no further proof.

So practically "they're insecure" is not a claim. It's a reminder, an assertion of the default position, comparable to "he's not qualified to perform surgery" or "he cannot handle a firearm responsibly": true by default, until proven otherwise.

Where are the pedantics?

In your insistence on epistemological uncertainty beyond practical implications. You're arguing about formalism, which is the textbook definition of pedantry.

Lol I'm getting shit on for being reasonable and pointing to the facts that no one in here knows

You're not being reasonable. You're being stubborn in your refusal to acknowledge the differing context.

To be fair, I want proof of claims from that site before I would trust it either but I'm not gonna throw it into the pit just because it made a claim.

What pit? The pit of "can not be trusted" that it was born into and never climbed out of?

Or are you fine with people running around saying shit and spreading unverified claims they don't know or understand?

In a pure, empirical context? No, of course not.

In a rationalist context with a clearly defined base assumption, with the claim running counter to that base? No, of course not.

But asserting that base assumption isn't a claim. It's the default position. So yes, I am fine with people saying that the "true until proven otherwise" assertion that has not been proven otherwise is still true.

[-] hypnicjerk@piefed.social 2 points 2 weeks ago
[-] gemakey@lemmy.world 1 points 2 weeks ago

A riveting and compelling response. Look at your keanrinf to spell. Good job!

[-] hypnicjerk@piefed.social 3 points 2 weeks ago

are you actually this retarded or just really committed to the bit?

[-] gemakey@lemmy.world 1 points 2 weeks ago

Lmao. When people dip to the low effort "retarded" insults because they can't articulate an idea or have any meaningful insight into a conversation.

[-] hypnicjerk@piefed.social 3 points 2 weeks ago

nobody wants to engage with you because you're a weird pedantic asshole

[-] gemakey@lemmy.world 1 points 2 weeks ago

Interesting statement given my inbox is blowing up. Who's the asshole? Making a point and defending it is not the asshole behavior here lol that's called discussion.

[-] hypnicjerk@piefed.social 2 points 2 weeks ago

whatever helps you sleep

[-] XLE@piefed.social 2 points 2 weeks ago
[-] gemakey@lemmy.world 1 points 2 weeks ago

Yeah I'm not clicking that. I don't know what you intended to say here but it didn't land.

[-] AwesomeLowlander@sh.itjust.works 10 points 2 weeks ago

The original claim is by the websites / services that they ARE encrypted / secure. Why are you conveniently ignoring that they're not providing any proof for their claims?

[-] unexposedhazard@discuss.tchncs.de 23 points 2 weeks ago* (last edited 2 weeks ago)

My and i assume any software aware persons general assumption for a computer system is that it is insecure until proven otherwise. But even disregarding the whole open source thing, if they dont make you set your own encryption key, then it most likely wont be securely encrypted or they will just also have the key because they generated it for you in the background.

[-] MeowerMisfit817@lemmy.world 10 points 2 weeks ago

The site doesn't show a "Source Code" option. Neither I can find it by search. Try by yourself, it's here

[-] bl4ckp1xx13@lemmy.dbzer0.com 9 points 2 weeks ago

If you can't see it, technically this is a Schrödingers cat problem.

The site is both telling the truth and lying at the same time, in a state of superposition.

Only be observing the code would you fall onto one reality.

Although there are people who can observe the code, which differs from the metaphor slightly.

[-] MeowerMisfit817@lemmy.world 6 points 2 weeks ago

I think one should distrust services that claim to be privacy-respecting without wanting to be opensource. Like, what are they hiding?

[-] iamthetot@piefed.ca 4 points 2 weeks ago

I understand the ethos here but you have to appreciate the irony in that statement.

[-] luciferofastora@feddit.org 2 points 2 weeks ago* (last edited 2 weeks ago)

To torture the metaphor further, would you trust Schrödinger to sell you a cat if it might not be alive when you open the box?

[-] lime@feddit.nu 7 points 2 weeks ago

that doesn't mean they're not encrypted.

but also this is an online service for something most computers have been able to do locally out of the box for like 15 years, and it hasn't been updated since 2023. it's an obvious red flag even without being unsafe.

[-] monnier@lemmy.ca 2 points 1 week ago

Actually, "is it encrypted" is just the tip of the iceberg: it's all too easy to encrypt in a way that does not provide security against the threats the users want to defend. E.g. maybe the answer to this question is "yes" because the connection is over https, yet the server sees and stores the data in the clear

[-] lIlIlIlIlIlIl@lemmy.world 7 points 2 weeks ago

What does encryption have to do with showing source code?

[-] x00z@lemmy.world 2 points 2 weeks ago* (last edited 2 weeks ago)

I checked it. The image is definitely sent to the server. The OCR does not run on the client side and it's impossible to know what the server does with the image.

[-] XLE@piefed.social 23 points 2 weeks ago

All the text on this website just screams AI-generated.

Every line of code, every feature improvement, every bug fix

Every list of three...

If something stinks this bad, you shouldn't give it private information. I don't know what you'd call it, but I would stick to things that are impolite.

[-] MeowerMisfit817@lemmy.world 8 points 2 weeks ago

Slop. In all senses. AI Slop, Privacy Slop...

[-] luciferofastora@feddit.org 7 points 2 weeks ago* (last edited 2 weeks ago)

Every Tricolon, every overused rhetorical device, every self referential joke

[-] unexposedhazard@discuss.tchncs.de 11 points 2 weeks ago* (last edited 2 weeks ago)

Maybe "FUD slop" that tries to market itself towards people that dont understand software but are vaguely aware of the privacy problems of popular tech and therefore uncertain and scared, making them easy targets for marketing like this.

[-] MeowerMisfit817@lemmy.world 5 points 2 weeks ago

Hmmm, makes sense.

[-] adarza@piefed.ca 6 points 2 weeks ago* (last edited 2 weeks ago)

i usually assume the worst of sites like this, and i skip right over them..


tesseract, a very popular foss ocr engine, maintains a list of 3rd party gui interfaces:
https://tesseract-ocr.github.io/tessdoc/User-Projects-%E2%80%93-3rdParty.html

this is where i would start if i couldn't just scan and use my naps2.

[-] coriza@lemmy.world 4 points 2 weeks ago

Having an open source code for the server is good for self hosting but it says nothing about the real server. You can only trust a service based on the API you use, and for privacy you better off not trusting anything, if you want privacy you need to send the data encrypted already.

[-] Radical_Socialist_t00t@lemmy.ca 2 points 2 weeks ago

Its already called Meta ;D

[-] armrecords@lemmy.ca 2 points 1 week ago

"Privacyslop" actually fits pretty well. You see more and more services throwing around words like "private" and "encrypted" without explaining anything.

this post was submitted on 29 Jun 2026
103 points (100.0% liked)

privacy

10343 readers
158 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

founded 4 years ago
MODERATORS