being proven in some way to be secure and/or private. proving it could entail auditing the software, looking at the design and technologies used etc
ok and can i see if the app is audited and proven that is secure and private?
Steve Ballmer, is that you?
Being open sourced is not equal to being trustworthy but itâs a prerequisite to that.
I fully agree with that, but would like to add a precision (in my personal opinion): non-free software can also be trustworthy.
Notably, it depends on how far you push the open source requirement. For example, Protonâs software is all open source, except their server software. Does this make them untrustworthy? No.
Additionally, itâs possible for non-free applications to be audited, and to be trustworthy. Usually though, there isnât a reason for a free application to be private, but not open source. The servers make sense, as without them being non-free, it wouldnât be as easy to make money from them.
Paid applications can be non-free and still trustworthy. Most paid applications are non-free, since, as stated previously, itâs not as easy to make money from paid applications that are open source.
Tl;dr: my philosophy is: you should always use open source software when possible, for both privacy and freedom. But, you should always make sure this software is trustworthy first. And, if you need non-free software for something, you should, provided itâs trustworthy, not write it off due to it not being open source.
Wow, this is a debate thatâs been raging inside me ever since I first came across open source software back in 2001 or so.
I was about to create a thread about this but it seemed better I just reply to this thread instead.
My big question comes in regards to the money that a closed source user is giving to the closed source app developer: Doesnât this money payment give the closed source app developer more incentive to not share personal user data and maintain user privacy as best as they can?
I think that:
- Open vs closed source
- Paid vs Free applications
Are independent variables. FOSS software can be free or paid, and Proprietary software can be free or paid. It seems like you are conflating these two factors in a way that they canât/shouldnât be.
Doesnât this money payment give the closed source app developer more incentive to not share personal user data and maintain user privacy as best as they can?
Setting aside the fact that probably most closed source apps are free (either freemium, ad based, vc backed, or monetizing your data), It doesnât have to be an either or scenario. An unscrupulous or oblivious developer can charge you, and still violate your privacy or monetize your data. For instance big companies (like Google, your ISP, your mobile carrier, or Amazon) or a single independent developer making some small mobile app, or a VC backed company trying to squeeze every last dollar out of their software).
I think you are on the right track, thinking about choosing software where the developers incentives are aligned with your own/what is best for users (and paying for the software you use is a great way to do this), and thinking about the sustainability of the business model, But Iâd encourage you to disentangle those considerations from whether software is open or closed source (or somewhere in between (source available)).
But even only considering cost-free open source software, I think that because the code is publicly available and because there is some level of community scrutiny and in some cases professional scrutiny (and a community that is very touchy about privacy abuses and anti-features) FOSS projects that abuse user data typically get weeded out if they have even a modest userbase. Because a FOSS project that violates user trust will most likely just be forked or abandoned. Its not something we can or should count on but I think we can count on it more than we can count on closed source software with no oversight. As others have said, I see FOSS (or at least Source Available) software as (almost) a pre-requisite for trust, but not a guarantee.
Thatâs only the case for products/services whose primary selling point is privacy itself and had the bad luck of actually growing an user-base primarily inside the privacy community. In that case, privacy mishaps will damage the companyâs reputation and may drive clients away.
For all the rest, users simply donât care about privacy. So why chose one source of revenue when you can have two? Or three? Or four?
Why should your phone operator/ISP be content with the subscription fees you pay them? Why canât they sell your semi-anonymyzed data to advertisers? Why canât they also sell your full raw data to spy agencies?
Same goes for your car. Why should Toyota (or any other) be content with a one-off profit from selling you a car, when they can racket you into paying for yearly revisions in exchange for not losing your warranty? Then selling your driving-style data for insurers who can use that info to assess your risk? Then selling the contents of your messages to advertisers? Then selling your real-time location and audio recordings to the government?
The answer is: thereâs absolutely no reason for them not to do any of that, because users just donât care, so thereâs absolutely no consequences whatsoever. And also, some game theory: since they all do it, what CAN you do about it? Oh, youâre not going to buy Toyota anymore? Good luck finding any vehicle that wonât sell you out. Or phone provider. Or smart tv. Or smart phone. Or door camera.
But not software. Because with open source, people can actually verify what itâs doing. Thatâs why even evil companies, like Google, who have open-source products, like Android, must hide their evil spyware in closed-source components, like Google Play Services. Itâs one thing for Apple to spy on you covertly with its closed-source products, and another completely different thing to do it openly. Not even Google has the balls to do it in the open.
And finally, for open-source projects: even though they have an incentive to sell you out, they canât (and most of them are actually unwilling to). And thatâs why pure open-source projects usually struggle financially, scramble to get donations (all of them), try to find sponsors (like Mozilla), give up and sell out (like Simple suite) or just go under and abandon their projects.