Its not as nefarious as you think, often its about avoiding a large legal bill for your lawyers to review all the crap before sending it in. I know when i had to deal with this a decade ago the bill for review came out to almost as much as the bs settlement offer we got from the government (which was less than half of just the projected cost of going to court to fight and almost certainly win). We settled because we couldnt afford to fight. This regulatory stuff is basically an extortion racket all around.
Data will still be harvested. Logs that indicate when or how it was harvested, where it has been sent, or who has accessed it - those are the things that will be killed.
Is there one that supports MS RDP or FreeRDP? For me that would be quite an improvement, if the people who need support don't need to install anything and it's built-in in their OS. The other issue with RDP/FreeRDP/TeamViewer alternatives for me is that people are behind routers with dynamic IPs, and certainly not capable of setting up a dynds server or firewall settings or port forwarding.
So TeamViewer-like ID system + RDP in open source?
Agreed, unfortunately it's difficult to get purchase in a lot of companies because they don't want to be responsible for the security of the solution, and they don't want to be responsible for the maintenance of the solution. It's another form of corporate CYA, at the end of the day they just want to be able to point the blame for any security breaches towards someone else.
Love that you've been creating an alternative to the commercial, close-source, solutions!
I don't think this is the "gotcha" you think it is.
1. The developer isn't Chinese, he's Singaporean. The "Chinese" found in the cert path was literally gibberish, most likely garbled unicode.
2. They were using a dev cert for a virtual video driver, which they're working on getting proper signing from MSFT and also have a workaround virtual driver in the mean time. https://x.com/rustdesk/status/1781263566504653052
> I don't think this is the "gotcha" you think it is.
Sorry it came across as a "gotcha"; just meant as a potentially-relevant HN post from a few months ago in the spirit of sharing and curiosity.
But digging a bit further, I did find a few HN comments from two years ago that may be worth considering; pizza234's "I personally discourage people from using this software."[1] and proto_lambda's "If this is the kind of thing that's considered acceptable by the developer, I'd rather keep their products far away from my machines."[2]
The revenue tunnel vision disease that PMs have, totally ignoring features and other important things that have not a direct impact on that number. Hopefully we'll get a vaccine soon!
On a more serious note, security breaches can happen to anyone. Might not be fair to assume it's the PMs negligence. In fact, I met some that really saw the value in security and cared to dedicate the resources on it even if that meant not shipping more features.
Not sure about your opinion about TeamViewer in particular, but if you manage any MacOS servers there's not much alternative but to have some form of remote desktop client in my experience. If you're on a team where everyone has Macbooks, you probably just use the builtin screen sharing app though.
For Windows environments you're probably using Remote Desktop, which, enough said there.
I dumped TeamViewer a few months ago in favor of Google Remote Desktop. It satisfies my occasional low bar requirements, and doesn't make me feel guilty for using it without pay. I connect between iPad, Windows, Linux, a couple of times a month. Easiest thing I've found so far.
"There is no evidence to suggest that the product environment or customer data is affected."
Yet.
I've heard C-suite literally say: "if there's no logging, there can be no evidence"...
Keeping no evidence of misbehavior is already becoming standard practice to avoid regulators.
https://www.bloomberg.com/news/articles/2024-01-26/doj-ftc-w...
or https://archive.is/T5f3G
Its not as nefarious as you think, often its about avoiding a large legal bill for your lawyers to review all the crap before sending it in. I know when i had to deal with this a decade ago the bill for review came out to almost as much as the bs settlement offer we got from the government (which was less than half of just the projected cost of going to court to fight and almost certainly win). We settled because we couldnt afford to fight. This regulatory stuff is basically an extortion racket all around.
With recent govt mandates to report known incidents within XX hours, this approach will possibly become the gold strategy
A win for privacy?
Data will still be harvested. Logs that indicate when or how it was harvested, where it has been sent, or who has accessed it - those are the things that will be killed.
Oh no no no. They’ll still collect data about people. Just not security logs that could indicate an incident. Double loss for privacy.
An open-source, self-hosted remote desktop solution can be more secure.
Is there one that supports MS RDP or FreeRDP? For me that would be quite an improvement, if the people who need support don't need to install anything and it's built-in in their OS. The other issue with RDP/FreeRDP/TeamViewer alternatives for me is that people are behind routers with dynamic IPs, and certainly not capable of setting up a dynds server or firewall settings or port forwarding.
So TeamViewer-like ID system + RDP in open source?
Agreed, unfortunately it's difficult to get purchase in a lot of companies because they don't want to be responsible for the security of the solution, and they don't want to be responsible for the maintenance of the solution. It's another form of corporate CYA, at the end of the day they just want to be able to point the blame for any security breaches towards someone else.
Love that you've been creating an alternative to the commercial, close-source, solutions!
Anywhere Windows binary? My mother and her dog cannot build from source.
But I appreciate your work.
Will you start writing one?
Look at the profile of the person you replied to.
Well what a coincidence, the person you're replying to has done precisely that!
https://github.com/rustdesk/rustdesk
RustDesk Installs Chinese Root Certificates (4 months ago, 68 points, 19 comments)
https://news.ycombinator.com/item?id=39256493
I don't think this is the "gotcha" you think it is.
1. The developer isn't Chinese, he's Singaporean. The "Chinese" found in the cert path was literally gibberish, most likely garbled unicode.
2. They were using a dev cert for a virtual video driver, which they're working on getting proper signing from MSFT and also have a workaround virtual driver in the mean time. https://x.com/rustdesk/status/1781263566504653052
> I don't think this is the "gotcha" you think it is.
Sorry it came across as a "gotcha"; just meant as a potentially-relevant HN post from a few months ago in the spirit of sharing and curiosity.
But digging a bit further, I did find a few HN comments from two years ago that may be worth considering; pizza234's "I personally discourage people from using this software."[1] and proto_lambda's "If this is the kind of thing that's considered acceptable by the developer, I'd rather keep their products far away from my machines."[2]
[1] https://news.ycombinator.com/item?id=31457238
[2] https://news.ycombinator.com/item?id=31456522
I would imagine this is due to a Product manager vetoing time spent on Security Considerations.
The revenue tunnel vision disease that PMs have, totally ignoring features and other important things that have not a direct impact on that number. Hopefully we'll get a vaccine soon!
On a more serious note, security breaches can happen to anyone. Might not be fair to assume it's the PMs negligence. In fact, I met some that really saw the value in security and cared to dedicate the resources on it even if that meant not shipping more features.
Rustdesk.
Been using it locally over a zerotier network for over 2 years now. Bulletproof.
It works.
There was a scare about accepting certificates from. "Chinese Devs" but they removed that I think.
It is being built like a war machine, copying features left and right.
It does have keyboard issues, persisting but still good
Again? The last ransomware issue was like in the beginning of this year:
https://www.techradar.com/pro/security/hackers-target-teamvi...
Not surprising, if Teamviewer lets other people control your machine by design.
At least they have a nice disclosure page and acknowledge researchers.
https://www.teamviewer.com/en/resources/trust-center/securit...
So many scammers use TeamViewer that I'm surprised they are still in the App Store
It has in-app purchases! Apple doesn't reject shady apps that bring revenue unless it's really bad for PR.
More background:
TeamViewer's corporate network was breached in alleged APT hack https://www.bleepingcomputer.com/news/security/teamviewers-c...
So glad we're no longer using TV at work.
Lol, I first thought "what's the link between televisions and TeamViewer?"
On the this episode of a teamviewer security breach...
Using TeamViewer is a security breach.
Not sure about your opinion about TeamViewer in particular, but if you manage any MacOS servers there's not much alternative but to have some form of remote desktop client in my experience. If you're on a team where everyone has Macbooks, you probably just use the builtin screen sharing app though.
For Windows environments you're probably using Remote Desktop, which, enough said there.
Jump desktop works really well for connecting remotely to macOS...
https://jumpdesktop.com
What are yall using macOS Server for? I thought it was end of life'd.
I think we're talking about normal macs that are being used as servers, not Xserve
You can use Remote Desktop on MacOS.
only from a Mac, not to a Mac.
Not sure that's right.
In general any Mac can serve its desktop to the Apple Remote Desktop client:
https://support.apple.com/guide/mac-help/allow-apple-remote-...
Also can support most any VNC viewer. But FileVault has to have been unlocked.
Doesn't macOS have a built-in VNC server?
Yes. But it’s only convient connection from other Macs, not from Windows or unix.
> not from Windows
That's how you know it's secure /s
Tried RustDesk?
I didn't think anyone used TeamViewer anymore except as ManU jersey sponsor which says all you need to know.
What do you use instead?
RustDesk has been pretty good for something that's 1:1 comparable, but for most cases ssh or rdp is preferable.
I dumped TeamViewer a few months ago in favor of Google Remote Desktop. It satisfies my occasional low bar requirements, and doesn't make me feel guilty for using it without pay. I connect between iPad, Windows, Linux, a couple of times a month. Easiest thing I've found so far.
Self-hosted Mesh Central.
AnyDesk is by former TeamViewer folks.