Why Free and Open-Source Software is Essential to Privacy
You may listen to the podcast version of this essay here.
Dear privacy seekers,
Let’s talk about Free and Open-Source Software.
Privacy-seeking people should use free and open-source software as much possible. “FOSS,” as is its acronym, has a feature that make it superior in privacy to its counterpart: proprietary software. FOSS is, well, open source, which means that the code used to create that program is visible to the public. This means that if that program promises privacy features, it is possible to verify that this is indeed the case. And while you might not be able to understand that code yourself, others will be able to, and a kind of communal verification can determine if the software is what it says it is.
But let’s step back to fundamentals before proceeding. To understand the importance of FOSS for privacy and freedom it can help to look at the history of computing and the Internet. Think about this: all digital tools—that is, tools which are software—are run by computer code. Computer code is essentially logical instructions—sentences and equations—that create a program that can do simple or extraordinary things. Your computer browser is written with many lines of code, which basically amounts to the following:
if X button is clicked, then proceed to the page Y.
X button = Z set of pixels on the screen.
It goes on and on and on.
All computer programs, from your your browser to your Windows or Linux operating system, to your private messenger app, to your text editor and favorite website, to the latest video game on the market, are written with thousands or millions of lines of code defining everything that can be done or seen within this program. Lines of code, which are for now and for the most part written by humans, dictate our lives. They sustain every digital thing we use. They determine what we can or cannot see on search engines and video sites. They allow and limit how we can communicate with other humans online. They establish the encrypted security measures that our banking sites and our password managers rely on. In just a few thousand lines of codes Bitcoin was created, an entire new currency, which many people believe to be the savior of the monetary world and consequently the world at large. Code dictates how nuclear missiles are launched and how our cars react to obstacles in the road. Computer code allows for digital life to exist. And digital life is the center of physical life today. People, especially in developed countries, spend approximately 100 days of the year on a digital device. Let’s do the math. 8 billion people would means 800 billion days are spent on a digital device per year. 800 billion human days are spent using code every year. Do you see why understanding code is important? It would be wise for you to understand some of this if you do not already. You can start by taking some free classes such as those run by Codeacademy.com or many other places. Understanding code is the beginning of understanding how society and culture today works.
Okay, so that’s a sweeping overview. Let’s narrow down to our privacy purposes. Coding is also broken down into two types. Open source code is available to public scrutiny. Proprietary code is usually private, closed off to public scrutiny, available only to the select few who are developing it under tight intellectual property expectations.
Let me explain this further. Proprietary code is not necessarily inferior; in many cases a beautiful thing has been created that the coder or company wants to protect for itself. Such is the case with the Dropbox-alternative SpiderOak One, which is proprietary, but still trusted by many people and corporations for its data security. SpiderOak developed something they think is fantastic, and in certain ways can prove that it is without revealing the underlying code. They decided that they would keep the recipe under lock and key so the code cannot simply be taken, copied, and sold by someone else.
This is really at the heart of the debate of FOSS and proprietary code. Intellectual property. Think about it like this. One of the keys to Coca Cola’s success is its formula, which it famously and supposedly keeps in a vault in its headquarters in Atlanta. It does this because the company thinks that should the recipe ever be divulged, copycats will start producing their own Coke product and take away some of the profits that Coca Cola deserves for having created it. You can understand why Coca Cola thinks this, just like you can understand why SpiderOak does not want to make public the code for their cloud storage software.
This isn’t a perfect comparison and here’s why. The value of Coke is its ingredients, which you can enjoy even if you don’t know what they are. The value of SpiderOak One is the promise of protecting and keeping hidden your data. Maybe SpiderOak is doing exactly that. But we don’t know that. We can’t be certain, since we don’t see the code, that some government spy agencies or some rogue employee hasn’t added a particular line of code that opens up your data to prying eyes elsewhere. By contrast, with open source software that fact can be verified. Sunlight is the best disinfectant. Scrutiny of publicly-available code is the only way to be certain that our digital lives are being protected in the way that that software promises.
Besides being able to see and verify the code, there are other things going on with FOSS. Free and open-source software describes two slightly different philosophies about code, which it is in your interest to also research. But in general some of the things you will find in FOSS is that they do not rely as much on software-as-a-service. In many cases you don’t have to create an account. You own that copy of the code that you’re using on your computer. It can’t be taken away from, invalidated, expire, or be changed without your permission. In general, proprietary code is rented, while FOSS is owned. I’ve already talked about the danger of rental culture in Episode 10 of my podcast. Owning a piece of popular FOSS software is, broadly speaking, a good privacy measure.
Let’s not get too arrogant though. FOSS is not inherently private. Obviously, there can be bad FOSS in addition to good FOSS. A piece of spy software could easily be FOSS. And just because something is available for public viewing does not mean that everyone is necessarily catching every line of code. Even if you can read code—which most people cannot—you might miss something. Furthermore, there is a period of time for some FOSS between submission to a storefront such as the Google Play store or the Apple App Store where the code is no longer in developer hands and which, technically, code can be changed before it is made available. You cannot look at the code of the thing you just downloaded on your Android. So while FOSS is a great step forward for privacy software, and by default you should seek it out as a privacy-seeker, my explanation here is just the beginning. And there is never a substitute for doing the work yourself. We will discuss the benefits and vulnerabilities of FOSS in more depth in future episodes. Consider this a primer.
How to use FOSS in your life
Now that we’ve discussed the reasons to prefer free and open-source software, let’s give some practical advice for choosing and using it. Again, this is a primer, but it should give you a few ideas to work with until next we discuss this topic.
FOSS software is all around you and you probably already use some. Many computers have Audacity or VLC media player on them. The popular private messenger Signal is also free and open-source, which is one of the reasons I recommend it. For other suggestions about FOSS you can check out repositories such as FOSShub.com or simply do some searching online. Any time you need a piece of software search for “FOSS alternative” to whatever it is and see what you can find.
Let me give you several examples of good FOSS alternatives to proprietary and privacy-unfriendly software.
Stop using Word and Pages and use LibreOffice. What you type into a document software can be highly sensitive. Certainly if you use something like Google Docs or even Microsoft 365 you are giving Google and Microsoft permission to see what you’re typing. Microsoft can even ban your account based on what you type according to Microsoft Service Agreement. LibreOffice is similar to either of these in functionality, and I’m using it right now to type up notes for this episode.
Next, for your browser, instead of Chrome, Safari, and Edge, use Firefox or Brave Browser. Firefox is my preference and it works perfectly fine. Some people find that for certain tasks or in some instances where you are using a Google product, then Firefox can under-perform compared to Chrome: Chrome being the most popular web browser, by the way. But in most instances Firefox—or Brave Browser, which is an open-source offshoot of Chrome—should be your first choice when going online.
What about graphical design? Consider using GIMP instead of something like Photoshop. These days you can’t even buy a version of Photoshop that is not a service. And I shudder to think what kind of ownership and surveillance Photoshop has over your creations. That’s not something I’m comfortable with. I know that for professionals you need certain things and you have certain habits. But consider giving GIMP a try.
Similarly, instead of your standard video editing software (Sony Vegas, Apple Final Cut, Adobe Premier) try Shotcut. Or Kdenlive. As with all things, you’ll have to adapt, and this might not be the solution for professionals. But provided this new piece of software can do everything your previous one could, why not stick with it, try it out for a few weeks, iron out the problems, and see if it will suffice?
Then we have your operating system. The best FOSS period that you can use is a Linux operating system. Linux is an alternative to Windows and Mac and there are many different kidns of it: called distros. I discuss in my book how your operating system is the program—or series of programs—that runs all of your other programs. It’s quite possible that Windows sees everything you’re doing, and with macOS we can’t be certain. This is the problem with proprietary software. With an operating system like Linux Mint this is not the case. I tend to recommend Linux Mint because I think it’s the easiest for beginners to get into. There are many tutorials online that shows how to switch—or add—an operating system. You don’t have to erase your copy of Windows or macOS. You can use Linux alongside one of these until you get familiar with it. There will be growing pains with Linux Mint. For most people this involves how to install programs. But for 95% of your daily tasks—using the Internet, typing up documents—Linux Mint is going to take care of you completely. Search for a tutorial online and see if you think you can handle that switch.
What about cryptocurrencies? Get your coins out of your online exchange and put it in a FOSS wallet such as Electrum. Very simple to use. And that’s another benefit of FOSS is that it is often less bloated than proprietary alternatives. Less code can mean fewer vulnerabilities and fewer places to hide anything in the source code.
Private messengers. Signal is the popular choice. You also have Wire, Session, and Element. These are all good options. Remember that just because something is FOSS does not make it private. What makes these messengers private is that they use end-to-end zero knowledge encryption. The open-source aspect simply means that we can verify this fact.
If you feel savvy about changing your phone’s operating system to get out of the Google and Apple ecosystems, then you can opt for LineageOS and GrapheneOS. This is beyond the scope of this episode, but these are great FOSS alternatives that can help—though not fully secure—phone privacy. Remember that your SIM card location is the truly revealing piece of information on your phone.
Password manager. KeepassXC and Bitwarden are great and are recommended by many privacy advocates such as the website privacytools.io. I’m a fan of KeepassXC because I don’t want to sync my information to the cloud: which is necessary with Bitwarden. Instead I’ll deal with having to manually move the database to any device that I use.
Finally I’ll just throw out a couple more pieces of FOSS that you might find handy: QbitTorrent and Veracrypt. QbitTOrrent is a torrenting client (my previous episode on how to torrent and why) and Veracrypt is an encryption software that allows you to create encrypted folders.
This has been an overview of FOSS. We will absolutely explore these services in more depth in future episodes and also discuss how to evaluate open source software as best we can. For now I just want you to feel comfortable finding these, downloading them, and seeing what others have to say. You can look up the code of most of these on the website Github, and also see comments by coders and onlookers.
In conclusion: Supporting open source software.
The problem with open source software is that it is difficult to sustain, since it often does not demand money for its use. It thus becomes important to support these programs with your money, even if you are not required to do so upfront. I regularly look at the free software I use and once a year will visit their website and send along a donation. A program like LibreOffice I use every day of my life. Why wouldn’t I throw them a few euro every now and then?
But see, I’m not the majority. Most people will not send along money. So you have a program like Signal which requires immense development to sustain the tens of millions of people who use it. And physical servers, which are costly. So please, do your part, spread the message. Walk the walk and talk talk. Until next time.
Yours in peace and privacy,
Gabriel Custodiet
https://watchmanprivacy.com