- Joined
- May 25, 2019
- Messages
- 158
- Likes
- 218
I have a critique regarding the D10.
1. If you want to upgrade firmware you have to execute Chinese software. Nothing against Chinese people, but we've all heard about backdoors from the Chinese government in software from reputable outlets. I really dislike having to expose my computer to security risks to upgrade performance.
2. The firmware itself is downloaded from Topping's website which doesn't use HTTPS. This means that anyone in transit can modify the firmware. So we can't even be sure we are downloading the software from Topping directly. Needless to say, this is a large security risk. This would be solved if Topping cryptographically signed it.
Issue 1 might be controversial to some. Issue 2 shouldn't be controversial. It's just common sense not to execute stuff you downloaded from HTTP, even if it comes from reputable sources (because you cannot verify that it hasn't been tampered with). I hope Topping changes this.
1. If you want to upgrade firmware you have to execute Chinese software. Nothing against Chinese people, but we've all heard about backdoors from the Chinese government in software from reputable outlets. I really dislike having to expose my computer to security risks to upgrade performance.
2. The firmware itself is downloaded from Topping's website which doesn't use HTTPS. This means that anyone in transit can modify the firmware. So we can't even be sure we are downloading the software from Topping directly. Needless to say, this is a large security risk. This would be solved if Topping cryptographically signed it.
Issue 1 might be controversial to some. Issue 2 shouldn't be controversial. It's just common sense not to execute stuff you downloaded from HTTP, even if it comes from reputable sources (because you cannot verify that it hasn't been tampered with). I hope Topping changes this.