Opensource

5865 readers

187 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

Credits

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

⠀

founded 2 years ago

MODERATORS

pylapp@programming.dev

Spyware distributed using modified code in Nekogram release. Dev closes issue without response. (github.com)

submitted 1 day ago by artyom@piefed.social to c/opensource@programming.dev

9 comments fedilink hide all child comments

This is why we install from FDroid.

you are viewing a single comment's thread
view the rest of the comments

[–] Kissaki@programming.dev 2 points 9 hours ago* (last edited 9 hours ago)

So, assuming good faith, they used two Telegram bots for some service functionality

these two bots are used to resolve username from user id, eg tg://user?id=25

Obviously, that should never happen silently. But these findings don't necessarily mean data has been compromised [beyond the scope of the app itself].

I get they may be very frustrated and annoyed at the negative blowback after their FOSS efforts, but dismissing concerns isn't a good way to respond.