Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreie5bifjrho57afljj6aaxvfudtbbo7itmshxmey7qblsthqvvc564",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3ml4nc35zmmk2"
  },
  "path": "/t/remove-onlyoffice/37621#post_6",
  "publishedAt": "2026-05-05T16:31:20.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "I guess this is ultimately a threat model debate? My threat model & corresponding mitigations are rigidly based on evidence-backed risks. I do not believe this russian argument is a risk that warrants special mitigation\n\nMightyPenny:\n\n> > trustworthy Russian FOSS developer\n>\n> They haven’t proven to be trustworthy. Trust is not given out like candy but earned\n\nI didn’t say that I believe this developer _is_ trustworthy, only that the behavior you listed _could_ be exhibited by a trustworthy developer, thus the behavior _itself_ is not evidence of untrustworthiness\n\nMightyPenny:\n\n> > There are good reasons why a trustworthy Russian FOSS developer would attempt to obfuscate their identity\n>\n> such as?\n\nTo hide from their totalitarian government or to circumvent international sanctions, for example. Developers are also entitled to privacy\n\nMightyPenny:\n\n> If they’re in Russia they can be **forced** to do a backdoor or a malicious update etc.\n\n**There is no evidence of a backdoor in this tool.** Implementing mitigations based on the fear one may eventually exist in this tool specifically is not a reasonable, evidence-based threat model. Russia is not a special case, many (if not every) technological nationstate can/has/does compel backdoors.\n\nIt _would_ be reasonable to operate under the assumption _every_ piece of software may eventually contain a backdoor. In that case, run all software in a zero-trust venv. Qubes is a strong option\n\nMightyPenny:\n\n>   * **Codebase includes binary blobs and obfuscated code**\n>   * **Mobile apps are not open source, just proprietary wrappers**\n>   * Broken build instructions\n>   * Euro-Office situation\n>   * Russian jurisdiction and obfuscating it, making it seem like an EU alternative\n>\n\n\nMy opposition is specifically to the implication that this tool’s Russian connections adds a special risk. Except for that last point, I do not believe these objections fall under that umbrella\n\nMightyPenny:\n\n> So you’re telling me that Russia isn’t cutting undersea cables, didn’t meddle in EU or US affairs, isn’t authoritarian, didn’t invade a peaceful country\n\nThis is all obviously true. But unless you believe Putin himself developed this tool, these concerns are not particularly relevant to the discussion: evaluating an office software tool.",
  "title": "Remove OnlyOffice"
}