Rustdesk started as an open-source alternative to TeamViewer. Now, it offers more than just remote desktop access, making it handy for casual self-hosting.
With no need for (dyn)DNS, port forwarding, or a VPN, you can get:
- Remote terminal
- File transfer
- Tunneling (similar to SSH port forwarding)
- Remote desktop
I think it’s a solid choice if you have a simple one-server setup.
What’s the sketchy part tho?
It seems they were trying to hide the app being Chinese, added a trusted certificate on your machine without prompting, complaints about not really being open source, etc. It doesn’t look very good to me at this point.
Search around a bit and you will find these issues being raised by people, at the same time the answers fron the team seem very dismissive and amount to “please no politics here”.
Check the wikipedia page edits as well, weird stuff. I don’t like weird stuff when choosing a remote control software.
Rather paying Anydesk than using this. At this point at least.
Edit: to add, rustdesk was using and sending data to a chinese server for some reason. At least they got an EU one instead, at least according to wikipedia, but that could just resend whatever data forward. This is all just what I see on the net though. But, enough for me to choose something else.
I did some digging and there’s no real basis for most of these claims. The company seems to be backed by a weird commercial OSS VC, with a founder with a hand in crypto bullshit, but that doesn’t mean that the application is insecure. Also, for what its worth, I couldn’t find any links to China outside of the rendezvous server thing.
I checked the wiki page edits - not sure which one you’re referring to but I didn’t see anything malicous or suspicious.
This article summed it up well https://hackaday.com/2024/03/01/this-week-in-security-forksquatting-rustdesk-and-mms/
TL;DR it’s not an issue
Chinese company profile
https://tracxn.com/d/companies/rustdesk/__hVv0PUAcFB2LfybEPDvvPkJf14Mc7PfmkSGfqXkYxsg
News piece about them
https://inf.news/en/tech/b99963560cecae8e1dfe347c68e36ff8.html
None of this means much else than that I will not use it myself, at least yet. I don’t trust it
That news source is a joke. Go to the homepage and its filled with weird anti Chinese stuff about cannibalism in Shanghai! The first article on the homepage is:
This is not a credible news source.
The “Chinese company profile” you linked is a VC research page, not an authoritative source.
There could be weirdness going on here though despite all that. The claim they are based in Singapore while Huabing Zhou of Wuhan University clearly has input (when I looked him up, the RustDesk team page was a search result on DDG, despite his name not appearing on the linked page) is a little odd. But as long as all the code is open I’m not too worried for self-hosters.
Thanks for the additional digging.
Is it totally open source? Because I am not suited to verify this - I can only see that at some point it was not open source while claiming to be, and relied on binary blobs. Their server side code? Cannot know what is in there (of course). Running your own server? Cannot really vet the code either, so until it becomes still more popular I cannot trust it yet.
I mean, it is probably fine, I hope it is.
They have scrubbed Zhou from the company info page. They were listed as founder before among the two other people (who may or may not be real - this is another question mark I saw). This scrubbing could, of course be non nefarious. But I think this could have and should have been communicated better.
But instead they seem to shut down discussion: https://github.com/rustdesk/rustdesk/discussions/1159#discussioncomment-3312105
None of this has to mean anything much but I personally will continue with paid options still for now and keep hoping rd would turn out alright!
Binary blobs
If this is as significant an issue as you imply, please link some credible sources.
As far as I can tell, the “Chinese server” (or EU server) is just a public ID and Relay server, and necessary for the application to function unless a self-hosted server is used.
It doesn’t need to be, I just won’t go near it if they communicate like this and do stuff like change their users’ system settings without prompting. You can do a search for rustdesk controversy and have a look yourself. Just looking at how they hide the company’s chinese origins and their communication style when they are asked for clarification… That’s enough for me. Everyone should be paranoid when installing apps, and this is for remote control, no less.
Edit 2: see also their claims of open source while people could not compile a working version without a pre compiled binary blob. Maybe they fixed that? Or not?
Edit: I want to add, I want an open source software like that, I hope they would turn up good. Just going to watch from over here.
Can you please provide any sources for any of your claims?
One example of criticism
https://www.reddit.com/r/selfhosted/comments/14kjvkg/community_consensus_on_rustdesk_with_all_the/
Binary blobs