Alexandre Oliva on Nostr: I don't think I made a security argument here. the article is not wrong that ...

I don't think I made a security argument here. the article is not wrong that transparency and auditability don't automatically make software secure, and that there are various approaches to investigating software for security flaws that don't involve the 4 software freedoms. but any decent security analysis begins by assessing the threat models, and it's quite evident, once you think about it, that software running under someone else's control doesn't and can't generally give you any security whatsoever from abuses by that who controls it. so even if it's true that free software isn't guaranteed secure for the mere fact of being free, it is true also that nonfree software is guaranteed insecure for the mere fact of being nonfree.

now, having the four freedoms also helps mitigate a number of risks, some of which have security implications. following scientific processes doesn't guarantee or prove that a theory is correct, but it can reduce the risk that errors or fraud go undetected and unchallenged, while also discouraging the most blatant forms thereof (that are commonplace in the darkness of nonfree software), because they'd be more easily detected. that's why cryptographers know that strong algorithms are not those that some very smart people come up with and keep secret, but rather those that very smart people come up with and publish so that other very smart people can more immediately try to crack them. the more they try and fail to crack it, the stronger the algorithm is presumed to be. algorithms kept secret are generally held to be insecure, because if they claim to depend on secrecy of the algorithm for security, they're typically fruit of amateur, inexperienced cryptographers' minds, and the secret will be revealed as soon as someone sets out to figure it out despite attempts to conceal it.