- cross-posted to:
- apple@kbin.social
- hackernews@derp.foo
- cross-posted to:
- apple@kbin.social
- hackernews@derp.foo
The NightOwl application has existed since 2018 and is used to automatically switch between light/dark modes on the operating system. It is an alternative to the built in macOS automatic mode which only switches when the user steps away from the computer.
However, the application has been bought out by “TPE.FYI LLC” in late 2022 that forcibly joins your devices into a botnet for use of market research, without your knowledge (other than the TOS in small text on the download page) or express consent (this feature cannot be turned off, even when the app is quit). This is documented in their terms of service.
Use free and open source software
Something being open source doesn’t automatically make it safe to use. Sure, it means it’s easier for people to check for security issues, but how many people actually have the knowledge and the time to do it? And even then, take the log4j vulnerability from a while ago, it’s been present in the code since 2013 and only reported in like 2021.
Common sense still prevails. Don’t install obviously shady freeware. Something like GIMP or Blender or Ubuntu or FreeCAD or ProjectLibre is going to be safe. Large community = most likely safe.
FOSS isn’t generally vulnerable to the “buyout” vulnerability. It’s not new that a valuable browser extension is bought out and repurposed, but FOSS is less likely to fall to these bugs. (also fuck WEI. You’ll get more of this with WEI)
Oracle has entered the chat.
You still need to build package and install it yourself though or else you are trusting someone else. Open Source software has been used as a vector for attacks before by bad actors getting access to the build system or source code.
I try to where I can, but unfortunately this is not always an option for me.