Glass wire - Why closed source?

[ozzcer]

Why is glasswire, a security centric software solution, closed source?

 

TLDR:

I feel like this deserves to be a topic because of LTTs tacit recommendation of glasswire. A brief look in any textbook (I recommend Keith Martin's 'Everyday Cryptography' 978-0198788010) on security will highlight the importance of making commercial systems opensource; not just opensource for security reasons but for commercial reasons. People buy products they trust. Glasswire have created an ironic scenario where I want to use their product I feel the need for a 'Glasswire' to confirm that glasswire isn't behaving badly.

 

TL:

I can think of no legitimate real reason for glasswire to be closed source, so I will dispute some of the 'legitimate' reasons I think they may use (and other companies like them use) to justify being closed source.

 

1. Security. 'If our product is open source attackers will find it easier to find vulnerabilities'. Attackers will always find vulnerabilities', that's what they do and that's why cybersecurity is a multi-billion pound industry. Making software closed source offers no worthwhile protection against attackers. On the other hand, making software opensource allows the security community and 'white hat' hackers to verify that your product isn't complete trash before a nerfarious hacker gets close to it. This feeds into point two in that customers buy products they trust, and they trust products that decentralised communities agree are sound.

 

2. Business

Companies are terrified that someone will start selling what they are selling and beat them. And to be honest, that's an understandable fear in a world dominated by marketing. But the the downfall of this arguement is right there in its defence. If you are a large company with a reasonable amount of money to spend on marketing and you have made a good product then you will succeed in selling your product regardless of what the competition are doing. And just look at the world, your competition will copy you regardless of whether or not your product is open source and they will succeed based on the quality of their product and the effectiveness of their marketing, not the IP rights of their work. More importantly, glasswire, and many companies like them, have done nothing new. They have invented no technologies, made no breakthroughs, they have simply repacked existing technologies (looking at you wireshark) in a consumer friendly manner. Don't get me wrong, glasswire have a great product that took loads of work and I'm not criticising the product or others like it, but glasswires success is built on the work of others and enabled by the fact that work is open source. So why does glasswire get to decide that no one can do the same with their work? If glasswire are confident in their ability to provide a good product then what's the harm in allowing healthy competition? If the competition comes out with a brand new amazing feature then guess what? Glasswire can copy it straight back and improve their own product. Isn't that capitalism? 

 

In summary, closed source software is inherently anti-capitalist and anti-security. Which leads into the only real reason possible for a security service to not be open source. Disclaimer, I am not saying this is glasswires motivation, or any other company, many people believe the fallacious arguments above or maybe I've missed something and that's what motivates these companies. But, if it is not these things that motivate these companies then it must be the desire to profit of the privacy they are affording you. That is the only logical conclusion for a security company to fail to disclose how their product works. Maybe such a company is selling you're information, maybe they're using it to market to you more effectively, maybe they're using it to inform one of their other products. Whatever they are doing with it, don't allow them to do it for free. Don't allow companies to simply tell you 'we don't use user data', hold companies to the same standards you'd hold any person to, if not higher. Make companies prove they are worth your trust and you will receive better products.

 

The end.

 

Ps.

I just wrote a blog post to help me fall asleep, I really hope no one reads this lol.

 

But if anyone does read this and wants to chat about this kind of thing please message me.

[SorryBella]

3 minutes ago, ozzcer said:

Why is glasswire, a security centric software solution, closed source?

Unrelated, but i feel this is a common pattern. In the world where the open source version of something dominated the field (Wireshark in the case of package analyzer), other competition might go closed source, and vice versa (Windows and Mac OS having the counterpart of Linux as an example).

[ozzcer]

11 minutes ago, SorryClaire said:

Unrelated, but i feel this is a common pattern. In the world where the open source version of something dominated the field (Wireshark in the case of package analyzer), other competition might go closed source, and vice versa (Windows and Mac OS having the counterpart of Linux as an example).

 

You're totally correct, and not unrelated at all. Unfortunately the closed source versions are created by companies with massive marketing budgets and are able to outperform their competition through the sheer weight of economies of scale. And also very common with tech is walled gardens, like MacOS and windows. Why use someone elses better free product when your system comes preloaded with one that works alright but you have to pay to unlock it's full features. To be honest it's insidious behaviour but that's an argument for a different day and different case study.

Edited July 19, 2021 by ozzcer
Expand upon comment

[Wh0_Am_1]

1 minute ago, ozzcer said:

 

You're totally correct, and unfortunately the closed source versions are created by companies with massive marketing budgets and are able to outperform their competition through the sheer weight of economies of scale.

Welcome to the LTT forum! Now what I would consider the main reason why the code is closed source is because their business model is to monetize their code/features which allows them to directly reap profits rather than hope and pray for donations later (which the latter can work such as with Blender and the success of the Blender foundation but this is extremely rare and unlikely) now they could admittedly do what Codeweavers did with WINE and contribute to the develop to the base of the code and then add additional and complicated features later, but then they would have to compete with their own code. Rather what they aim to do is raise the barrier to entry for a competitor in the market and significantly reduces the chance of having to compete with a free alternative to their own work. Why is this the case? well because if there is not a compelling quality or stability advantage with the paid service over the open and free service people are going to choose to go with the open and free service and by definitions of "open" and "free" it is extremely hard to monetize. In the end dedicated professionals need to get paid for their work, and to pay for the work the company or organization needs to get money to pay professionals for said work and this is their model to do so. To close this thought while the open model may have worked, at the same time it may not have, and the open model doesn't bring in the same level of cash for the same level of demand as the closed model, so the open model may not have been sustainable, or even if it was it likely would not have properly rewarded the people that would have made it possible so that them and others can go and create a new service to improve our lives.

[ozzcer]

1 hour ago, Wh0_Am_1 said:

Welcome to the LTT forum! Now what I would consider the main reason why the code is closed source is because their business model is to monetize their code/features which allows them to directly reap profits rather than hope and pray for donations later (which the latter can work such as with Blender and the success of the Blender foundation but this is extremely rare and unlikely) now they could admittedly do what Codeweavers did with WINE and contribute to the develop to the base of the code and then add additional and complicated features later, but then they would have to compete with their own code. Rather what they aim to do is raise the barrier to entry for a competitor in the market and significantly reduces the chance of having to compete with a free alternative to their own work. Why is this the case? well because if there is not a compelling quality or stability advantage with the paid service over the open and free service people are going to choose to go with the open and free service and by definitions of "open" and "free" it is extremely hard to monetize. In the end dedicated professionals need to get paid for their work, and to pay for the work the company or organization needs to get money to pay professionals for said work and this is their model to do so. To close this thought while the open model may have worked, at the same time it may not have, and the open model doesn't bring in the same level of cash for the same level of demand as the closed model, so the open model may not have been sustainable, or even if it was it likely would not have properly rewarded the people that would have made it possible so that them and others can go and create a new service to improve our lives.

You're making the common mistake of opensource = 'free' whereby free means no price to use, the GNU public license explicitly permits charging for your product and provides legal protections to ensure that if you want to charge for your product someone cannot simply use it for 'no cost' but instead must take the source code and replicate the product themselves, anyone with the know how to do that (and actually support and sell the product) has the know how to build it from scratch anyways, your argument is based on a common mistaken belief, there are many successful paid for open source platforms, unreal engine is an excellent example. To clarify, the reason why your belief is so common is because the most notable of actually free (meaning copyleft) software is also free (meaning no cost to use) such as blender or Linux, but there are many specialised tools that are copyleft but paid for, like unreal engine, that are incredibly successful, glasswire falls under this specialised tool category imo in that it is a product that does one thing extremely well.

 

Thanks for the welcome message, can't believe it took me this long to join! Sorry if I seem antagonistic I'm meant to be trying to provoke discussion please tell me you disagree with me if you do!

Edited July 19, 2021 by ozzcer
meant to say thank you

[Sandro Linux]

On 7/19/2021 at 3:52 AM, Wh0_Am_1 said:

Welcome to the LTT forum! Now what I would consider the main reason why the code is closed source is because their business model is to monetize their code/features which allows them to directly reap profits rather than hope and pray for donations later (which the latter can work such as with Blender and the success of the Blender foundation but this is extremely rare and unlikely) now they could admittedly do what Codeweavers did with WINE and contribute to the develop to the base of the code and then add additional and complicated features later, but then they would have to compete with their own code. Rather what they aim to do is raise the barrier to entry for a competitor in the market and significantly reduces the chance of having to compete with a free alternative to their own work. Why is this the case? well because if there is not a compelling quality or stability advantage with the paid service over the open and free service people are going to choose to go with the open and free service and by definitions of "open" and "free" it is extremely hard to monetize. In the end dedicated professionals need to get paid for their work, and to pay for the work the company or organization needs to get money to pay professionals for said work and this is their model to do so. To close this thought while the open model may have worked, at the same time it may not have, and the open model doesn't bring in the same level of cash for the same level of demand as the closed model, so the open model may not have been sustainable, or even if it was it likely would not have properly rewarded the people that would have made it possible so that them and others can go and create a new service to improve our lives.

You can make an open source app but make the the binaries paid for

[Sandro Linux]

You should portmaster it is open source and is much like glass wire: https://safing.io/portmaster/