So I’ve been using Rustdesk with a self hosted server for business and personal use now for some time. However, it is definitely the sketchiest foss software I’ve used. It seems to be based in China but the developers keep lying and saying its in Singapore.

Here is a list if everything I’ve found:

https://www.reddit.com/r/selfhosted/comments/14kjvkg/community_consensus_on_rustdesk_with_all_the/

https://github.com/rustdesk/rustdesk/discussions/1159

https://www.reddit.com/r/rustdesk/comments/y230hf/my_rustdesk_client_try_to_communication_with/

https://www.reddit.com/r/selfhosted/comments/10ppntj/reminder_about_the_shadyness_of_rustdesk/

https://www.reddit.com/r/selfhosted/comments/109tn1i/rustdesk_server_117_supports_ipv6_now_selfhosted/j42pf4m/

https://www.reddit.com/r/selfhosted/comments/uurta8/_/

https://www.reddit.com/r/selfhosted/comments/y80sw1/as_someone_that_knows_nothing_about_virtualremote/isxvib2/

https://youtu.be/JIAdEGX_sIU

It seems that now the clients and OSS server are completely foss which is good. They also no longer have public servers in China according to them. In the client itself it also now has better defaults so you are less at risk of getting attacked.

It still is sketch but it now is slightly less sketch I guess? Either way its not ideal.

  • filister@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    33
    ·
    10 months ago

    So your point is that a FOSS application made in China is sketchy by default or what exactly?

    Damn, you Americans are really brainwashed that everything that originates from China is bad.

    You know you are free to use TeamViewer or Anydesk and no one is forcing you to use Rustdesk.

    • Possibly linux@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      31
      arrow-down
      8
      ·
      edit-2
      10 months ago

      Software and hardware from China is known to be compromised on arrival. The CPP is a dangerous authoritarian government and they heavily influence private business in very nasty ways.

      As for Team viewer and Anydesk, they are proprietary and can not be trusted. At least Rustdesk is Libre. The most concerning part about Rustdesk is that they delete issues that question the source of the software or Rustdesk’s potential to be influenced by the CPP.

      • cooopsspace@infosec.pub
        link
        fedilink
        English
        arrow-up
        29
        arrow-down
        6
        ·
        edit-2
        10 months ago

        The US government is a dangerous authoritarian government and they heavily influence private business in very nasty ways.

      • filister@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        10 months ago

        The most concerning part about Rustdesk is that they delete issues that question the source of the software or Rustdesk’s potential to be influenced by the CPP.

        Seriously, if you make the effort to create a big piece of software and then you open source it and then someone opens a ticket in GitHub asking you those questions, how would you feel?

        Because neither “what is the source of the software” nor “potential influence by the CPP” has anything to do with the software itself.

        You are free to conduct a security audit of the project and based on the results you can open this thread but saying that they have deleted issues opened on their GitHub page that have nothing to do with the software itself is a pure form of witch hunt and I am genuinely surprised how many people have agreed with you.

        • Possibly linux@lemmy.zipOP
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          10 months ago

          Deleting issues shouldn’t even be allowed. You can just close the issues are irrelevant and ignore them.

      • MaliciousKebab@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        10 months ago

        I mean the same thing can be said about the USA, also if there are that many problems why don’t you just check the code, it’s one of the main strengths of open source software.

        • Possibly linux@lemmy.zipOP
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          3
          ·
          10 months ago

          The USA isn’t nearly as bad as China. I can access or create any news source for example. You also don’t see people posting about GNU being compromised by the NSA.

          Its always good to verify though.

          • MaliciousKebab@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            10 months ago

            Yeah you are right on that but there still are many backdoors on plenty of applications that are made by American companies. We also know that some agencies wanted to put backdoors on linux kernel etc. In that case why would you not trust an open source app, and trust a closed source one just because of the nationality of developers

            • Possibly linux@lemmy.zipOP
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              2
              ·
              10 months ago

              The problem is that China is very bad about backdoors. Free software and transparency is really the only answer to not having backdoors.

              As an example China put backdoors in some Chips though Huawei https://www.wired.com/story/huawei-backdoors-us-crypto-ag/

              My concern is that the people behind Rustdesk are kind of a mystery. Many projects with have a publicly known dev where you can track the origin and current developments behind a project. Rustdesk just has a user called “rustdesk” for the most part. The people behind that are not known. What complicates the matter is reports of them removing issues that question the integrity of the code authors. It would make me much happier if they ran a security audit on Rustdesk. Hopefully as it gets more popular someone will either find that it is mostly fine or that it is a security nightmare.

              I use it because there aren’t a lot of options. Maybe someone else will create something more transparent.

    • monk@lemmy.unboiled.info
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      2
      ·
      10 months ago

      It’s literally a third-party service that let’s others control your desktop. Doesn’t matter how FOSS the clients and end servers are, one also needs to trust the intermediate servers. If those running them are caught dishonest about which country they’re located, the trust evaporates. China or not.

      • moonpiedumplings@programming.dev
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        10 months ago

        I’m not too well versed in rustdesk, but it seems that they use end to end encryption (is it good? Idk).

        https://github.com/rustdesk/rustdesk/discussions/2239#discussioncomment-5647075

        I have experience with a similar software that uses relays, syncthing. With syncthing, everything is e2ee, so there’s no concern about whether or not the relay’s are trustworthy, and you can even host your own public relay server.

        I find it hard to believe that rustdesk, another relay based software, wouldn’t have a similar architecture.

        edit: typo

        • monk@lemmy.unboiled.info
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          I run syncthing with my own relay and I trust that setup. Owning me through syncthing would basically require backdooring the software, something that’d be likely to go noticed by the syncthing community.

          Rustdesk is a backdoor by functionality and it’s already using infra I don’t control. I don’t feel comfortable using that.

    • ShortN0te@lemmy.ml
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      10 months ago

      Even in FOSS, parts can be so cryptically written, that no one really understands the code. There is even a tournament about that. When the shady person is the maintainer, it is even easier to implement a backdoor that way.

      (Not saying there is or is not)

    • daddy32@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      4
      ·
      10 months ago

      It sound like you are personally offended by this because you are Chinese, but as an European, I share your sentiment. I don’t trust either Chinese, nor American solutions. After all, after Snowden, we know American solutions are systematically compromised.

      • filister@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        3
        ·
        10 months ago

        I am not Chinese, I am born and raised in the EU and I am Caucasian.

        I am just irritated that FOSS software is being questioned just because it might have been developed by Chinese programmers.

        And for the record you can’t be sure that any commercial software isn’t compromised or it doesn’t have backdoors, it just makes detecting those backdoors a lot harder.

        • fruitycoder@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          5
          ·
          10 months ago

          Foss from places with known APTs are more secure than non-foss too personally. It would be daytime robbery compared to an inside job to implement spyware. It’s been done and should be monitored for though.

    • vampire@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      7
      ·
      10 months ago

      “So your point is…”

      Perhaps the single most dishonest way to begin a sentence

      • filister@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        2
        ·
        10 months ago

        Can you answer me if he will have questioned this piece of software if it was developed in the US, Europe or any other part of the world? And he presumes that by default if something is developed in China must be riddled with backdoors.

        Same with the Huawei’s network equipment, that the US forced so many governments not to use. And to the best of my knowledge this was never proven.

        Shall I also remind you that the US isn’t spotless either https://www.vice.com/en/article/5d9bp8/us-spies-allies-south-korea-pentagon-leak

        U.S. officials have been scrambling to mend ties with its allies following a leak of secret documents showing that the U.S. spied on its friends—again.

        • vampire@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          8
          ·
          10 months ago

          Is it really impossible to critisize a leftist even the slightest bit without them flying completely off the handle? I only critisized your wording.

          • filister@lemmy.world
            link
            fedilink
            English
            arrow-up
            11
            arrow-down
            2
            ·
            edit-2
            10 months ago

            So now I got labelled leftist? That’s very presumptuous of you, don’t you think? You know there are more shades of gray and in normal democracies we have more than two political parties. But nice of you trying to generalise my whole personality, based on a couple of sentences, written in a social platform.

            And for the record, English isn’t my native language. And surprisingly there are other reasonable human beings living outside the US (surprise, surprise) who might have slightly different world views from you. The world doesn’t revolve around the US, no matter what your politicians are telling you.

            • vampire@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              9
              ·
              10 months ago

              Literally only leftists repond with 5x as much text as whatever you said to them

              It’s like I’m psychicly DDOSing you

              • filister@lemmy.world
                link
                fedilink
                English
                arrow-up
                6
                arrow-down
                1
                ·
                10 months ago

                I can only feel sorry for you and would strongly recommend you to seek some specialised help.

                • vampire@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  arrow-down
                  4
                  ·
                  10 months ago

                  You really nailed the proportional response this time. It’s crazy that this started with me criticizing your wording, and now it ends with you saying I need “specialized help” like you have any authority on the matter at all. What can I say? My ability to pick out dishonest, manipulative, snake-like people remains on point.