pfsense concerns that I've read

NE_77

I'm sure that this has been asked before but I can't seem to nail down a location here.

I've read concerns on reddit and else where about pfsense+ not being 100% open source. Some have even "claimed" that netgate is or could allow your internet usage, etc. to be given over to the Gov./ Five Eyes.

Any cause for concern?

the other

@ne_77
well...
afaik pfsense ce is still fully open source. with + version there are some extras. since it is sold for commercial use, some might be not quite so open. but this is left for the netgate pros to discuss and answer.
:)

afaik netgate still holds the ce version very much up for a lot of ppl use that so there are tons of ppl giving feedback.

noone knows what tommorow will bring, but that's true for everything, including EVERY opensource project, imho.

Now, since netgate is us based and there are some very special us laws, sure...might be that a bunch of heavy armed ppl in your office show you a sheet of paper trying to force your company to work for "freedom's sake" and hand over source code so to manipulate it and...
But then...that could might as well happen to EVERY us based company, including...well, everyone.
Does that stop you from using any product made by us based companies?

Theoretically there could be a silent listener in every closed code...drivers, software, operating systems....IoT (hahaha), your smartphone with fruit logo...

So, if you are really really THAT concerned, throw away that whole IT stuff and live long and prosper (but without email).

jm2c

;)

AndyRH

"Just because I am paranoid does not mean everyone is not out to get me." - Anonymous

You can block your firewall from talking to Netgate servers.
To my knowledge Netgate cannot logon to my FW to get logs and usage. If they add code to secretly gather that information, they would be breaking the trust of the users and loose many very quickly. It would also prevent pfSense from being used in any DOD site or DOD subcontractor. There would be freely available information should that ban happen. The government does not allow intentional undocumented features. This is why Microsoft stopped putting all Easter Eggs in MS Office. Remember the Doom like game in Excel?
If the government wanted to do that they would start with the most bang for the buck, Windows...

Patch

@andyrh said in pfsense concerns that I've read:

If the government wanted to do that they would start with the most bang for the buck, Windows...

Intel & AMD back door would be better.
Mmm I thought that already existed

emikaadeo

@ne_77 said in pfsense concerns that I've read:

I've read concerns on reddit and else where about pfsense+ not being 100% open source.

That’s true

emikaadeo

@the-other said in pfsense concerns that I've read:

@ne_77
well...
afaik pfsense ce is still fully open source.

AFAIK, pfSense CE is not fully open source.
;)

ranger2

@ne_77 If the government wants to look at your internet usage, they're likely going to your ISP. That's why people use offshore VPNs.

The only reason (I can think) to hack/monitor your Firewall would be to see what's behind it.

pwood999

Having worked in the Broadband Equipment Vendor industry for many years, one of the key requirements for the systems is "Lawful Intercept". I have done customer demos of voice & data intercepts on generic consumer cable modems !!

So given the appropriate court docs or pre-existing laws, officialdom can look at every packet in & out of your system. They can quickly spot if you're using a VPN, and if jurisdiction allows, they will simply intercept at the exit point of the VPN provider. Clearly offshore VPN would be harder, but governments do collaborate more than most people think.

They don't need Netgate to send data to them !!

More of a concern is whether they have back-doors on the VPN encryption, or if this is simply a conspiracy theory.

Personally I'm not worried, as I don't think I do anything worth snooping.

gabacho4

And you’d have to be someone pretty damn important for a government to spend that kind of effort and money to go after. Redditor in your basement watching hentai isn’t gonna make the threshold.

pwood999

Not a pfsense thing, but many people ask if devices like Amazon Echo or Google Home are always listening & sending data to the companies. I tested both, and yes they are listening for their trigger word. . . . . but nothing seem to go to the servers until you trigger them.

But then see how much data the Face-Numpty & similar Apps on your phone send in the background while you're not using it, and then any pfsense concerns will disappear fast !!

pwood999

@gabacho4 it tends to be organised crime they go for.

gabacho4

@pwood999 that’s the point I was making. Terrorism, organized crime, espionage…but not basement dwelling hentai watchers. The level of paranoia some people have is nuts. It you want to truly be safe, don’t use anything electronic. Ever.