I am new and installed eBlocker on my Rasp 4 yesterday. I did not find any information to get a good feeling on how secure it is to enable https option. Anything seems to be a black box and I have no idea how to check if eBlocker SW or the os image does not contain any code that grabs my decrypted information. I just need to trust eBlocker.
But how is it secured, that the code is secure before it is published as a new Version? How can i ensure and check that the data from my white list entries like my bank are not decrypted by eBlocker?
Do you have any independend security audits?
Thank you 🙂
Anything seems to be a black box and I have no idea how to check if eBlocker SW
eBlocker is quite the opposite of a "black box" as everything is fully transparent. You can check the code here: https://github.com/eblocker and if you feel like building your own eBlockerOS - just do it.
But how is it secured, that the code is secure before it is published as a new Version?
eBlockerOS is developed by an international team of volunteers. There core team is the maintainer of the software and we check every pull-request in detail first and then publish it to the volunteers for further testing. You might also want to check this out: https://eblocker.org/docs/how-is-eblockeros-tested/
How can i ensure and check that the data from my white list entries like my bank are not decrypted by eBlocker?
Just check out the certificate chain. If the eBlocker root certificate is the CA, then the traffic is being decrypted by eBlocker. Otherwise it's not.
Do you have any independend security audits?
I'm not aware of any Open Source project running "independent audits". The community and the transparency is the audit.
A last personal word regarding trust: All anti-virus SW decrypts the traffic and that's "black box" software with no control or verification at all for the user. With eBlocker you are fully in control. And if you are in doubt: do not switch on eBlocker HTTPS and you still get a 90% protection via the DNS firewall.
If you want to learn more about the privacy protection principles eBlocker is based on, check out this: https://eblocker.org/en/magazine/privacy-and-data-usage-at-eblocker-devices/ (also available in German: https://eblocker.org/de/magazin/datenschutz-und-datenverwendung-des-eblockers/ )
THX!
Thank you for a lot of clarification. Yes, sure, open source is not a black box, but you need to understand everything if the source or just trust :).
And here comes into play how the team ensures that only tested code is part of a release. Trust the team is not the question here, I guess they are all professional.
Regarding the security audit of open source sw, bitwarden has
Thank you for your help 🙂