Skip to Content

Moq and why open-source works

Edwin van der Thiel
August 23, 2023

As some of you already know I’m a big supporter of the open-source mindset. I believe it’s a core principle that implements trust, self-correction and accountability. As a freedom architect I rely on these principles to build transparent communities.

On August 4th, the creator of Moq decided to add SponsorLink – one of his other projects and not open-source – to the Moq package in version 4.20. This software extracts email addresses from the git repository where it’s used and sends this back to the SponsorLink CDN.

At this moment the community exploded, because:

  • Moq is a library to create mocks for your unit tests, the added software does nothing to help that.
  • It’s added as binary, in the hope people wouldn’t notice. But we did.
  • It may even be illegal, at minimum from a GDPR perspective, as there is no valid reason for Moq to collect it.

On August 9th version 4.20.2 of the Moq software was released where the SponsorLink software got removed – apparently because of some issue on MacOS. In addition, the versions 4.20 and 4.20.1 were removed from Nuget so they can’t be used any more.

It should be noted that – after having already defended his actions – on August 10th the creator added feedback that he made the SponsorLink project open-source. It seems he’s still adamant on including his email harvester in projects.

Why this is a good thing

Now as mad as we may get, this process shows exactly why open-source filosophy works. Openness builds trust, as it makes the owners and maintainers accountable. As a community we can keep an eye on what happens in the products we use and can correct any abuse.

To further clarify, in a similar situation where there was no open-source software, companies like Google and Facebook have been able to grow using our data as their main fuel. It’s impossible to tell whether this would not have happened had their software been open-source, but at the least we would not have discussions on whether the microphone is listening in on our conversations when our phone is in our pocket or not.

Sources

About the author

Edwin van der Thiel

Technology Consultant Microsoft
In 2011, his passion for creating new solutions led him back to the field of software development, where Sogeti offered the opportunity to make this switch. Since then he has worked with different customers at various locations – among which Netherlands, India, Oman and recently joined Joleen and Menno in a Blockchain inspiration session.

    Related posts

    #1 Frequently Asked NIS2 Question

    10 Nov 2023

    Focus areas for enhancing Live Chat and scaling up with Bots (Part 3)

    29 Mar 2021

    The California Consumer Privacy Act

    11 Mar 2019

    Comments

    Leave a Reply

    Your email address will not be published. Required fields are marked *