Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
reconnecting 13 hours ago

There is no guarantee that this software will not occasionally start acting as a keylogger. If somehow this happens (let's assume not intentionally), will it be the direct responsibility of the author?

Legally, there is no entity behind that responsible for privacy (1), and honestly, I don't see even minimal reason to trust this software from a legal perspective.

1. https://refine.sh/privacy-policy

woadwarrior01 13 hours ago | parent | next [-]

There's no reason to trust it from a technical perspective either. The app is unsandboxed. Easy enough to check from the CLI.

    codesign --display --verbose=4 Refine.app 2>&1 | grep sandbox
Apple provides a network client entitlement[1] that sandboxed apps must have, to connect to the network. Since this app isn't sandboxed, that restriction doesn't apply.

Personally, I only use software that was either built on my machine or downloaded off of the Mac App Store (MAS apps have the be mandatory sandboxed).

[1]: https://developer.apple.com/documentation/bundleresources/en...

reconnecting 13 hours ago | parent [-]

Most of the time, both legal and technical misalignments walk together. Thank you for noticing this.

throwawayffffas 10 hours ago | parent | prev [-]

Isn't that true of all software? How do you know that grammarly is not already doing that your data is transmitted to their servers after all.

reconnecting 10 hours ago | parent [-]

Not at all. Most commercial software has a publisher (as legal entity) that is responsible for privacy and takes reputational risks if something goes wrong.

throwawayffffas 10 hours ago | parent [-]

So does this, it says at the bottom "© 2025 Runju Huang". Mister Huang is publishing this, presumably, he would be responsible for any wrong doing.

Is your objection that he is distributing this by himself, instead of through the app store? Or that it appears that he is doing it as an individual instead of a company?

Sure, it's a little sketchy, it's a guy with a website and a privacy protected domain and that's about it. But if anything were to happen you would be suing the developers of refine.sh.

I guess I do see your point though. For my software I have indeed created a legal entity and can be easily looked up.