Question about security

First of all the app looks quite nice.

But I have a question about security. If I understand correctly, once I follow a project, all files will be replicated locally on my machine. And before I follow a project, there is no way to see really what files are contained in the project. So what if someone decides to host some fraudulent files (viruses etc.). People would follow the project and the files would automatically land on their machines. I am not a security expert, so I guess maybe it’s not “enough” to have a fraudulent file (virus) on your machine, the files would still have to be executed somehow I guess, but it still seems quite risky?

BTW: Signing up to the forum only worked through github, the normal sign-up threw an error even though there were green checkmarks on all fields…

2 Likes

There is definitely little risk in simply storing a “dangerous file”. For one, as you say, you’d have to manually execute it, and second, unless you execute it as root, it would only have limited effect on your system.

I think there is a point here to make, that “Following” is not quite equivalent to “bookmarking”, but really is more like “hosting”. We are also looking into having a read-only web view that could serve the casual browsing use-case.