The NightOwl application has existed since 2018 and is used to automatically switch between light/dark modes on the operating system. It is an alternative to the built in macOS automatic mode which only switches when the user steps away from the computer.

However, the application has been bought out by “TPE.FYI LLC” in late 2022 that forcibly joins your devices into a botnet for use of market research, without your knowledge (other than the TOS in small text on the download page) or express consent (this feature cannot be turned off, even when the app is quit). This is documented in their terms of service.

    • Vale
      link
      fedilink
      English
      391 year ago

      Something being open source doesn’t automatically make it safe to use. Sure, it means it’s easier for people to check for security issues, but how many people actually have the knowledge and the time to do it? And even then, take the log4j vulnerability from a while ago, it’s been present in the code since 2013 and only reported in like 2021.

      • @dangblingus
        link
        51 year ago

        Common sense still prevails. Don’t install obviously shady freeware. Something like GIMP or Blender or Ubuntu or FreeCAD or ProjectLibre is going to be safe. Large community = most likely safe.

      • @[email protected]
        link
        fedilink
        English
        21 year ago

        FOSS isn’t generally vulnerable to the “buyout” vulnerability. It’s not new that a valuable browser extension is bought out and repurposed, but FOSS is less likely to fall to these bugs. (also fuck WEI. You’ll get more of this with WEI)

        • @Stovetop
          link
          41 year ago

          FOSS isn’t generally vulnerable to the “buyout” vulnerability.

          Oracle has entered the chat.

    • @Chocrates
      link
      51 year ago

      You still need to build package and install it yourself though or else you are trusting someone else. Open Source software has been used as a vector for attacks before by bad actors getting access to the build system or source code.