Anthropic's Claude Desktop silently installs a Native Messaging bridge into seven Chromium browsers, including browsers Anthropic's own documentation says it does not support, and browsers the user has not even installed.
while it can, there probably is some arch user who runs the program too and notices it suddenly takes 2ms longer to do something thusly finding the xz attack.
so, yeah foss isn’t inherently safe, but most probably saf er
Projects that have lots of attention and assuming you always compile from source. But someone could easily distribute a binary that is different than the source.
People should do frequent audits, especially network traffic. I had this one file manager that was kinda like Midnight Commander. Someone on a forum said “check out me app” etc. immediately on launch it made network requests…… why? Anyway, definitely don’t use that for long!!
Open source software you don’t code review and build yourself can also contain spyware.
while it can, there probably is some arch user who runs the program too and notices it suddenly takes 2ms longer to do something thusly finding the xz attack.
so, yeah foss isn’t inherently safe, but most probably saf er
Projects that have lots of attention and assuming you always compile from source. But someone could easily distribute a binary that is different than the source.
People should do frequent audits, especially network traffic. I had this one file manager that was kinda like Midnight Commander. Someone on a forum said “check out me app” etc. immediately on launch it made network requests…… why? Anyway, definitely don’t use that for long!!