Open-sourcing the client does not address server-side trust. Data retention, access controls, aggregation, correlation, and operational security remain opaque.
“Read-only API” does not mitigate metadata abuse, profiling, or node targeting.
The code was published only after concerns were raised.
A polished ai generated, or at the very least heavily assisted, defense posted from a long-dormant, no activity account and immediately liked by the original promoter is a credibility red flag, to put it mildly.
Mentioning a country (“I’m from Germany”) carries no weight. Jurisdiction, operator identity, and accountability are what matter.
I’m out. @moderators this whole thread needs your urgent attention and escalation to the storj security team.
Gotta say I’m with @arrogantrabbit on this one. This is a rightfully security minded community. But I’m not here to pile on.
I think this would have been received a whole lot better if it were a self contained self hosted dashboard, like the official multinode dashboard and the entire source code would have been available from the start. Then people can easily see what happens and know that no data is being sent to third party domains. Food for thought on a future project. I don’t think this had bad intent. But when dealing with security questions, good intent just isn’t enough.
You can see it’s built to progress to a paid tier: but that’s OK: some competition is good! It may be too many SNOs are already using the free Grafana or multinode dashboards.