Why should I trust closed-sourced apps like XOR Drive, form.id, etc if they’re closed source? What can assure to me that they’re not using they’re private code to upload my data to some other cloud drive besides Gaia?
In my opinion, even open source, there’s no guarantee that it’s exactly the same version between the one on Github and the one on their servers.
Could network request inspection/monitor help check that? And as JS files are downloaded and executed on our browser, maybe we can inspect them too.
Is that a way to identify closed-sourced apps that they use gaiahub as storage or not?
You can only trust the apps if you can deploy it yourself e.g. from git like OI Calendar. You can also use an (still to be developed) browser that verifies outgoing internet connections.
Also the loaded code should be verified through a hash that is associated to a blockstack Id of the app.