I really liked LM Studio and then I realized it’s closed source.

When LM Studio contacts external servers, is what sent clear or encrypted? Is there any proof there is not really telemetry forced by the government providing information on what I type?

One of the reasons I fear closed source software is because of backdoors. Another reason is that the US government can require backdoors using court orders and force corporations to lie about backdoors existing or telemetry when it’s closed source code and can’t be reviewed.

In other words, if they were sending my discussion with an AI femboy “CyberPunk Gemi” to a server, which could flag me as Trans or LGBT friendly “threat” under a Christian Nationalist government at the rate the US country is going, could I see that in the packets being transmitted by the program via wireshark or would I just not know because anything going to their server has encrypted packets from https?

Does this present any sort of real risk with LM Studio?

Would it be possible for the government to order LM Studio to upload data only when certain keywords are used (like “Cyberpunk Femboy” or “Leftist on Lemmy”)?

LM Studio is based out of New York so backdoors could already forced and I would never know.

  • Placid@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    4 months ago

    The first bullet point in the privacy policy answers your question.

    LM Studio Privacy Policy

    None of your messages, chat histories, and documents are ever transmitted from your system - everything is saved locally on your device by default.

    • someone@lemmy.todayOP
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      4 months ago

      US Corporations that receive secret court orders are required by law to violate their privacy policies. A US-based privacy policy and closed source software doesn’t really tell anyone much if the government is sliding into authoritarianism. There are lots of queries in LM Studio and small packages that get updated and data is sent and received during that, there is no proof that data about the user is not sent if the data is encrypted. That is the core of my stupid question: is the data to their servers encrypted?

        • someone@lemmy.todayOP
          link
          fedilink
          arrow-up
          0
          ·
          4 months ago

          Nope, I’m looking for a reason to keep using it when I hate closed-source software! It’s the exact opposite!

    • Em Adespoton@lemmy.ca
      link
      fedilink
      arrow-up
      0
      ·
      4 months ago

      Unless that’s backed up by a wireshark session demonstrating no data sent, or a reversing analysis that shows a lack of capability in the software, the policy is just words.

      • someone@lemmy.todayOP
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        4 months ago

        Thank you! That’s what I’m saying. I don’t have the technical skill to check this out myself. Should I just delete LM Studio for now? It’s such a great program, but I think it may not be worth the risk.