Rustdesk started as an open-source alternative to TeamViewer. Now, it offers more than just remote desktop access, making it handy for casual self-hosting.
With no need for (dyn)DNS, port forwarding, or a VPN, you can get:
- Remote terminal
- File transfer
- Tunneling (similar to SSH port forwarding)
- Remote desktop
I think it’s a solid choice if you have a simple one-server setup.
didn’t i hear some off-putting shit about rust desk kinda recently?
Looks like overworked devs did some pretty bad practice with certs, not as big of a deal as people are making it out to be. https://hackaday.com/2024/03/01/this-week-in-security-forksquatting-rustdesk-and-mms/
I would not touch it, seems very sketchy, and with this sort of program you need total trust
What’s the sketchy part tho?
Binary blobs
It seems they were trying to hide the app being Chinese, added a trusted certificate on your machine without prompting, complaints about not really being open source, etc. It doesn’t look very good to me at this point.
Search around a bit and you will find these issues being raised by people, at the same time the answers fron the team seem very dismissive and amount to “please no politics here”.
Check the wikipedia page edits as well, weird stuff. I don’t like weird stuff when choosing a remote control software.
Rather paying Anydesk than using this. At this point at least.
Edit: to add, rustdesk was using and sending data to a chinese server for some reason. At least they got an EU one instead, at least according to wikipedia, but that could just resend whatever data forward. This is all just what I see on the net though. But, enough for me to choose something else.
I did some digging and there’s no real basis for most of these claims. The company seems to be backed by a weird commercial OSS VC, with a founder with a hand in crypto bullshit, but that doesn’t mean that the application is insecure. Also, for what its worth, I couldn’t find any links to China outside of the rendezvous server thing.
I checked the wiki page edits - not sure which one you’re referring to but I didn’t see anything malicous or suspicious.
This article summed it up well https://hackaday.com/2024/03/01/this-week-in-security-forksquatting-rustdesk-and-mms/
TL;DR it’s not an issue
Binary blobs
If this is as significant an issue as you imply, please link some credible sources.
As far as I can tell, the “Chinese server” (or EU server) is just a public ID and Relay server, and necessary for the application to function unless a self-hosted server is used.
It doesn’t need to be, I just won’t go near it if they communicate like this and do stuff like change their users’ system settings without prompting. You can do a search for rustdesk controversy and have a look yourself. Just looking at how they hide the company’s chinese origins and their communication style when they are asked for clarification… That’s enough for me. Everyone should be paranoid when installing apps, and this is for remote control, no less.
Edit 2: see also their claims of open source while people could not compile a working version without a pre compiled binary blob. Maybe they fixed that? Or not?
Edit: I want to add, I want an open source software like that, I hope they would turn up good. Just going to watch from over here.
Can you please provide any sources for any of your claims?