Nature of Etcher-Portable: is it “safe”? A current version doesn’t start right

Is Etcher-Portable is trustworthy?

Firstly, when you start it, it phones home a lot: requesting…
…A worrywart might wonder if it wants to report to someone (gvt1 = government??) that their IP is now trying to install Tails.

Not only that, when the system proxy settings block these requests, Etcher-Portable tries to direct call some IP (e.g., ignoring the system settings. I can’t say I like this behavior.

Even if you block every phoning-home, an older version of Etcher-Portable works fine; the current version does not even start right, the main window is created but anything is draw on it. Perhaps it might start working if you allow it to have remote connections, but for obvious reasons I didn’t and won’t test that.

I have multiple backup Tails sticks and I don’t need Etcher-Portable to install Tails, so the above things are not practical problems for me.
Yet I was always wondering the nature of Etcher-Portable. Is it trustworthy? Is it a free software? Tails itself can be verified from browser for general users, or can be checked pgp sig if one wants to, but Etcher-Portable is not even guarded like that.

If anyone can explain the truth behind this, it’d be really appreciated, as I always feel unsure about recommending Tails for general Windows users because of this. Thank you very much :slight_smile: and sorry if this is not the best place to ask this.

It is an open source software [source code].
But it is also an adware.
There are lots of discussions on github about this.
Some alternatives [ArchWiki].

1 Like

That depends on your threat model: I do not use Windows, so I cannot provide you with any assessment regarding the credibility of programs compiled for it.

balenaEtcher is released under the Apache License 2.0; feel free to browse/clone the repository and audit the code yourself for your own security needs.

Why not just use
It does the same thing and is open source