this post was submitted on 27 Feb 2024
68 points (89.5% liked)

Selfhosted

40006 readers
799 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

So I've been using Rustdesk with a self hosted server for business and personal use now for some time. However, it is definitely the sketchiest foss software I've used. It seems to be based in China but the developers keep lying and saying its in Singapore.

Here is a list if everything I've found:

https://www.reddit.com/r/selfhosted/comments/14kjvkg/community_consensus_on_rustdesk_with_all_the/

https://github.com/rustdesk/rustdesk/discussions/1159

https://www.reddit.com/r/rustdesk/comments/y230hf/my_rustdesk_client_try_to_communication_with/

https://www.reddit.com/r/selfhosted/comments/10ppntj/reminder_about_the_shadyness_of_rustdesk/

https://www.reddit.com/r/selfhosted/comments/109tn1i/rustdesk_server_117_supports_ipv6_now_selfhosted/j42pf4m/

https://www.reddit.com/r/selfhosted/comments/uurta8/_/

https://www.reddit.com/r/selfhosted/comments/y80sw1/as_someone_that_knows_nothing_about_virtualremote/isxvib2/

https://youtu.be/JIAdEGX_sIU

It seems that now the clients and OSS server are completely foss which is good. They also no longer have public servers in China according to them. In the client itself it also now has better defaults so you are less at risk of getting attacked.

It still is sketch but it now is slightly less sketch I guess? Either way its not ideal.

you are viewing a single comment's thread
view the rest of the comments
[–] possiblylinux127@lemmy.zip 23 points 8 months ago* (last edited 8 months ago) (3 children)

Software and hardware from China is known to be compromised on arrival. The CPP is a dangerous authoritarian government and they heavily influence private business in very nasty ways.

As for Team viewer and Anydesk, they are proprietary and can not be trusted. At least Rustdesk is Libre. The most concerning part about Rustdesk is that they delete issues that question the source of the software or Rustdesk's potential to be influenced by the CPP.

[–] cooopsspace@infosec.pub 23 points 8 months ago* (last edited 8 months ago) (2 children)

The US government is a dangerous authoritarian government and they heavily influence private business in very nasty ways.

[–] octoblade@lemmynsfw.com 13 points 8 months ago (2 children)

If I am remembering correctly, Australia also has laws that allow the government to force private companies to build backdoors. I think it was the Ass Access Act.

[–] cooopsspace@infosec.pub 4 points 8 months ago (1 children)

Oh yeah I'm not denying that.

I'm just saying its short sighted to take any shots at China when the west are authoritarian themselves.

[–] sunbeam60@lemmy.one 1 points 2 months ago

The difference is that there is SOME accountability in the West and we can, to an extent, influence who leads us, especially in Europe.

So if flagrant misuse does appear, there’s a much higher risk of it being discovered and of heads rolling in the west.

Think of the number of exposed scandals in the West and compare that to China.

And I’m not throwing shit China’s way and thinking the West infallible. I’ve been to China plenty and worked with awesome Chinese people plenty. There’s a lot to love in China.

But let’s not get lost in whataboutisms. Where would you rather raise your children?!

[–] slazer2au@lemmy.world 1 points 8 months ago

Yea, we do....

[–] possiblylinux127@lemmy.zip -5 points 8 months ago (2 children)

The US government is in fact not authoritarian. As for influencing private business that is a real concern but at least here it isn't illegal to stay private. I can vote for my officials and criticize the government without fear.

[–] filister@lemmy.world 5 points 8 months ago

https://www.reuters.com/article/idUSKBN27D1DO/

https://www.atlasobscura.com/articles/a-brief-history-of-the-nsa-attempting-to-insert-backdoors-into-encrypted-data

https://archive.is/CFLMV

https://www.theguardian.com/world/2021/may/31/denmark-helped-us-spy-on-angela-merkel-and-european-allies-report

Damn, if only the US government didn't have a proven track record of putting backdoors in commercial software.

But hey, at least they are not authoritarian state so backdoors originating from the US are all fine, right?

[–] cooopsspace@infosec.pub 5 points 8 months ago

The US is especially authoritarian.

And if you think you actually have a choice in candidates, let alone any good ones you're sorely mistaking.

Voter suppression is a widely used tactic to influence votes away from low socio economic areas and black communities.

[–] filister@lemmy.world 7 points 8 months ago* (last edited 8 months ago) (1 children)

The most concerning part about Rustdesk is that they delete issues that question the source of the software or Rustdesk's potential to be influenced by the CPP.

Seriously, if you make the effort to create a big piece of software and then you open source it and then someone opens a ticket in GitHub asking you those questions, how would you feel?

Because neither "what is the source of the software" nor "potential influence by the CPP" has anything to do with the software itself.

You are free to conduct a security audit of the project and based on the results you can open this thread but saying that they have deleted issues opened on their GitHub page that have nothing to do with the software itself is a pure form of witch hunt and I am genuinely surprised how many people have agreed with you.

[–] possiblylinux127@lemmy.zip 1 points 8 months ago

Deleting issues shouldn't even be allowed. You can just close the issues are irrelevant and ignore them.

[–] MaliciousKebab@sh.itjust.works 6 points 8 months ago (1 children)

I mean the same thing can be said about the USA, also if there are that many problems why don't you just check the code, it's one of the main strengths of open source software.

[–] possiblylinux127@lemmy.zip 1 points 8 months ago (1 children)

The USA isn't nearly as bad as China. I can access or create any news source for example. You also don't see people posting about GNU being compromised by the NSA.

Its always good to verify though.

[–] MaliciousKebab@sh.itjust.works 3 points 8 months ago (1 children)

Yeah you are right on that but there still are many backdoors on plenty of applications that are made by American companies. We also know that some agencies wanted to put backdoors on linux kernel etc. In that case why would you not trust an open source app, and trust a closed source one just because of the nationality of developers

[–] possiblylinux127@lemmy.zip 1 points 8 months ago

The problem is that China is very bad about backdoors. Free software and transparency is really the only answer to not having backdoors.

As an example China put backdoors in some Chips though Huawei https://www.wired.com/story/huawei-backdoors-us-crypto-ag/

My concern is that the people behind Rustdesk are kind of a mystery. Many projects with have a publicly known dev where you can track the origin and current developments behind a project. Rustdesk just has a user called "rustdesk" for the most part. The people behind that are not known. What complicates the matter is reports of them removing issues that question the integrity of the code authors. It would make me much happier if they ran a security audit on Rustdesk. Hopefully as it gets more popular someone will either find that it is mostly fine or that it is a security nightmare.

I use it because there aren't a lot of options. Maybe someone else will create something more transparent.