So I’ve been using Rustdesk with a self hosted server for business and personal use now for some time. However, it is definitely the sketchiest foss software I’ve used. It seems to be based in China but the developers keep lying and saying its in Singapore.

Here is a list if everything I’ve found:

https://www.reddit.com/r/selfhosted/comments/14kjvkg/community_consensus_on_rustdesk_with_all_the/

https://github.com/rustdesk/rustdesk/discussions/1159

https://www.reddit.com/r/rustdesk/comments/y230hf/my_rustdesk_client_try_to_communication_with/

https://www.reddit.com/r/selfhosted/comments/10ppntj/reminder_about_the_shadyness_of_rustdesk/

https://www.reddit.com/r/selfhosted/comments/109tn1i/rustdesk_server_117_supports_ipv6_now_selfhosted/j42pf4m/

https://www.reddit.com/r/selfhosted/comments/uurta8/_/

https://www.reddit.com/r/selfhosted/comments/y80sw1/as_someone_that_knows_nothing_about_virtualremote/isxvib2/

https://youtu.be/JIAdEGX_sIU

It seems that now the clients and OSS server are completely foss which is good. They also no longer have public servers in China according to them. In the client itself it also now has better defaults so you are less at risk of getting attacked.

It still is sketch but it now is slightly less sketch I guess? Either way its not ideal.

  • monkA
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    2
    ·
    10 months ago

    It’s literally a third-party service that let’s others control your desktop. Doesn’t matter how FOSS the clients and end servers are, one also needs to trust the intermediate servers. If those running them are caught dishonest about which country they’re located, the trust evaporates. China or not.

    • moonpiedumplings@programming.dev
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      10 months ago

      I’m not too well versed in rustdesk, but it seems that they use end to end encryption (is it good? Idk).

      https://github.com/rustdesk/rustdesk/discussions/2239#discussioncomment-5647075

      I have experience with a similar software that uses relays, syncthing. With syncthing, everything is e2ee, so there’s no concern about whether or not the relay’s are trustworthy, and you can even host your own public relay server.

      I find it hard to believe that rustdesk, another relay based software, wouldn’t have a similar architecture.

      edit: typo

      • monkA
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        I run syncthing with my own relay and I trust that setup. Owning me through syncthing would basically require backdooring the software, something that’d be likely to go noticed by the syncthing community.

        Rustdesk is a backdoor by functionality and it’s already using infra I don’t control. I don’t feel comfortable using that.