So I've been using Rustdesk with a self hosted server for business and personal use now for some time. However, it is definitely the sketchiest foss software I've used. It seems to be based in China but the developers keep lying and saying its in Singapore.
It seems that now the clients and OSS server are completely foss which is good. They also no longer have public servers in China according to them. In the client itself it also now has better defaults so you are less at risk of getting attacked.
It still is sketch but it now is slightly less sketch I guess? Either way its not ideal.
If you have a custom DNS, be sure to block all the relay domains they use and block the respective ports from external access. Even if you disable the settings to avoid relays, they don't acknowledge them and continue to try and phone home somewhere. Just checked the latest version on my phone, which has no relay setting configured, before commenting on this and sure enough, still true. Just logged an entry to rs-ny.rustdesk.com on my DNS, which of course was blocked. Desktop app has an option to disable them if I recall, but it never worked for me.
That out of the way, it is a very good local network software for remote access. Way faster than the alternatives I've tried.
Noticed it with the android install (via fdroid) and I think I had the appimage on Linux (not at my machine to check, so going by my memory). I connected to a windows machine that had no internet connectivity so can't speak to the windows installs working and ignoring relays or not, but Linux and android do phone the relay servers at least. I'll see if I can pull some screenshots or details tomorrow when I get a moment! I'll update the appimage too just in case (since I only validated the DNS call being made on my phone yesterday)
Either way, if I had to choose between it and TeamViewer for what I use it for, Rustdesk is still a clear winner lol.
Was using AnyDesk (until it went to shit), then Teamviewer (before they went to shit) and a ton of other VNC and remote desktop options, but did finally land on self-hosting RustDesk.
It's been VERY solid and reliable for me, but what you just brought up concerns me.
I checked my filter log (from Adguard on Windows) to see if Rustdesk is calling home, and I'm not seeing anything after multiple connections and several hours of use. I guess these things aren't a concern with the self-hosted deployment?
I’ve found using software meant for gaming often works better for this application. My personal choice is moonlight. I run it behind Tailscale so my connections never leave my devices. Even over cellular it’s snappy enough for non gaming tasks, and if I need to check on my dailies in a game or something similar, it handles that much better than any Remote Desktop product. I messed around with rust desk and could never get it quite working and didn’t feel comfortable using the public servers at the time. So I swapped to moonlight and it serves me well.
Games on Whales is a containerized version of moonlight that I struggled to get working as well, but I thinks that’s because I’m a docker beginner.
As of now I ran moonlight on Windows, so I might not be able to help a ton. I just started my own Arch (by the way) install that I plan to revisit getting moonlight running on, but I’m not even at a desktop environment yet.
Software and hardware from China is known to be compromised on arrival. The CPP is a dangerous authoritarian government and they heavily influence private business in very nasty ways.
As for Team viewer and Anydesk, they are proprietary and can not be trusted. At least Rustdesk is Libre. The most concerning part about Rustdesk is that they delete issues that question the source of the software or Rustdesk's potential to be influenced by the CPP.
The most concerning part about Rustdesk is that they delete issues that question the source of the software or Rustdesk's potential to be influenced by the CPP.
Seriously, if you make the effort to create a big piece of software and then you open source it and then someone opens a ticket in GitHub asking you those questions, how would you feel?
Because neither "what is the source of the software" nor "potential influence by the CPP" has anything to do with the software itself.
You are free to conduct a security audit of the project and based on the results you can open this thread but saying that they have deleted issues opened on their GitHub page that have nothing to do with the software itself is a pure form of witch hunt and I am genuinely surprised how many people have agreed with you.
I mean the same thing can be said about the USA, also if there are that many problems why don't you just check the code, it's one of the main strengths of open source software.
It's literally a third-party service that let's others control your desktop. Doesn't matter how FOSS the clients and end servers are, one also needs to trust the intermediate servers. If those running them are caught dishonest about which country they're located, the trust evaporates. China or not.
I have experience with a similar software that uses relays, syncthing. With syncthing, everything is e2ee, so there's no concern about whether or not the relay's are trustworthy, and you can even host your own public relay server.
I find it hard to believe that rustdesk, another relay based software, wouldn't have a similar architecture.
Even in FOSS, parts can be so cryptically written, that no one really understands the code.
There is even a tournament about that.
When the shady person is the maintainer, it is even easier to implement a backdoor that way.
It sound like you are personally offended by this because you are Chinese, but as an European, I share your sentiment. I don't trust either Chinese, nor American solutions. After all, after Snowden, we know American solutions are systematically compromised.
I am not Chinese, I am born and raised in the EU and I am Caucasian.
I am just irritated that FOSS software is being questioned just because it might have been developed by Chinese programmers.
And for the record you can't be sure that any commercial software isn't compromised or it doesn't have backdoors, it just makes detecting those backdoors a lot harder.
Can you answer me if he will have questioned this piece of software if it was developed in the US, Europe or any other part of the world? And he presumes that by default if something is developed in China must be riddled with backdoors.
Same with the Huawei's network equipment, that the US forced so many governments not to use. And to the best of my knowledge this was never proven.
U.S. officials have been scrambling to mend ties with its allies following a leak of secret documents showing that the U.S. spied on its friends—again.