The Importance of Free and Open-Source Software for Privacy Tools
Getting back to the good stuff, I have talked in the above pages about a term called FOSS or open source, or the long form Free, Open Source Software. This refers to a program that has its source code published in a free manor (ie without restrictions, not pertaining to money), for the public to look at. The preferred way of opening the source code of a program, service, or application is to submit it to a website like GitHub, SourceForge, or Bitbucket and allow the public to view it. When it is published to these sites, it is also easy to track changes to the code as the developers publish new versions. You can then in some cases, if they have developed the program for your operating system, build the program from source yourself. This would give an expert the ability to inspect the code, determine whether or not it is legitimate like the company states, download it, and compile the program from it.
This individual would thus be getting the most out of the service and maximizing their security model. The one issue that has arisen with Open Source Software however is the fact that many of these applications are being downloaded onto Smart Phones without reproducible builds. This means once they have hit the App Store (iPhone) or Play Store (Android), we can’t confirm whether the application we are downloading is the same one being showcased in the source code they have published. For the most part, this shouldn’t be deemed a concern. However, let’s say you are communicating some really sensitive and potentially illegal information through an application that is Open-Source and thus garnered your complete trust but the company behind the app is pushing out a fake app (different souce code than being documented) to the App Store. You would be communicating through a backdoored version that is logging everything and handing it to the police. This is a very unlikely thing to be happening, people who depend on these apps for their life need to be taking extra steps to assure they are legitimate,