Open Source (and Source Avaliable) vs Proprietary
On this site I preach source available software whenever possible. This is a highly important subject worth explaining: what is source availability, why do I push it so heavily, and what are the advantages and disadvantages of it?
What is Open Source Software?
The exact definition of open source varies depending on who’s guidelines you’re following. This is an important subject I want to familiarize my readers with, but overall one that falls far outside the scope of this website. If you wish to learn more about this subject, I recommend starting with the Open Source Initiative and Free Software Foundation. For the purposes of this site, just know that in general open source software is software that respects transparency, user freedom, and meets a few other technical criteria.
This website places a special emphasis on the “transparency” part of open source, specifically “source availibility.” Source available software is software who’s source code has been publicly published for anyone to view. This may include open source software, but sometimes software that is not “open source” by definition will still publish their source code publicly. In other words: all open source software is source available, but not all source available software is open source.
There are several reasons an organization or developer may publish their source code, and of those reasons there are two that cause me to place a heavy emphasis on source available software. The primary reason is for trust and transparency. With source available software, experts who know how to read and interpret the code can confirm that there’s nothing unethical going on in the background such as unnecessary data collection, or search for potential bugs or vulnerabilities such as poor encryption implementation. A second closely-related reason is because those same people can submit suggestions for improvement when they find those issues. While far from being a guarantee of either of these, source availability is one of many tools that can help us ensure that an app or service is indeed doing what it promises to do and does not have any glaring weaknesses. Consider the story of LastPass, a password manager who did not publicly publish their source code. After suffering a data breach in which user vaults (encrypted password databases) were compromised, it then came to light that LastPass was using poor hashing implementation for user master passwords and was not encrypting the URLs of sites stored in the vault, making vaults potentially easy to crack or helping cybercriminals know what sites you had accounts with and effortlessly craft convincing phishing emails to steal your logins for those sites. (I talk more about password security on the Password Managers page.) Again, while source availability alone cannot guarantee that these sorts of issues don’t exist, it very likely could’ve helped LastPass avoid this embarassing and damaging (to both them and their customers) revelation.
With open source software specifically, a primary reason for making the code available is so that people can modify it as they wish and/or self-host it independently to ensure the safety of their data. I will not be focusing on this particular subject on this site. While the exact level of skill required varies, in general self-hosting or modifying software requires a relatively high standard of technical knowledge regarding networking, programming, and other subjects. I promised at the start of this site that I did not expect you to possess such technical knowledge and I meant it. If you are interested in advancing onto these subjects, there are a plethora of resources available online to assist you. For now, just know that truly open source software - and not simply source available software - allows for this type of granular control by anyone. Even if you don’t possess these skills yourself, you will benefit from this type of freedom if you follow some of the recommendations I list later on this site (particularly my recommendations for a web browser). A great example I read once said to think of open source as cooking at home and proprietary/closed-source as eating at a restaurant: at home you can see each ingredient and have total control over which ones to add, exclude, substitute, or modify. In the restaurant, your knowledge of the ingredients and control over them is limited to varying degrees, like substituting an ingredient or knowing what’s in the secret recipe.
Why Does Open Source Matter?
If my emphasis is specifically on source-available code, then why am I taking the time to explain open source as a whole? To start, I should explain DRM. DRM stands for Digital Rights Management, which is the technical term for anti-piracy or anti-copyright abuse technology. It allows companies to ensure that you’re using a legitimate copy of their software, game, or ebook (or other digital files) rather than a pirated version, and also that you’re using it in accordance with the terms of service (ex: not hosting a movie theater in your home). In some ways, there is a good reason for this technology to exist. This can ensure that musicians get paid for their work and that that popular products have a chance to continue their success. However, DRM is prone to abuse. Let’s examine two real-life cases of DRM gone wrong and how open source can benefit everyone.
Two separate people purchased different proprietary products: a refrigerator and a printer. Those products come with additional accessories that provide additional revenue streams: water filters and printer ink respectively. In today’s competitive market, it’s often more frugal (and legal) to find a third-party off-brand who offers a compatible part for less than the manufacturer’s product that works just as well. Manufacturers are beginning to respond by making their products digitally refuse to use third-party accessories. In the case of the fridge, the owner learned this when they installed a $19 generic water filter. The fridge used DRM to confirm that installed filter was not an official GE filter and therefore refused to dispence ice or water like it had before. The official filter costs $55. The printer story was even worse: the customer noticed that they had a recurring $5/month subscription to “HP InstaInk.” The customer cancelled this subscription, unsure what it was for. After cancelling, the printer refused to print anything, even with official HP ink installed.
On the one hand, one could argue that this is a company protecting its investment or intellectual property, especially since many manufacturers sell the initial product at a loss or reduced profit expecting to make the money back in recurring purchases. However this also sets a dark trend where corporations control all the products in our lives, crushing out competition. In the case of the refrigerator, if I wanted to start a company that sells a filter that provides cleaner water, I would need to convince GE to contract with me. Without this heavy-handed DRM, I can simply enter my product into the free market and let the consumer decide which filter they feel is better. But this kind of anti-competitive behavior holds the products hostage, putting unreasonable limits on what consumers are allowed to do with them and forcing them to pay exorbitant prices just to get basic functionality out of items they already paid for.
The modern era is flooded with examples of DRM overreach. In 2022, BMW started requiring a subscription to make use of the heated seating feature installed in their cars. Pearson, the publishing company who essentially monopolizes the academic textbook space, abused their monopolistic power to raise texbook prices by $500 in a single week. In 2009, Amazon entirely removed digital copies of 1984 from paying customer’s libraries after a copyright dispute. Apple users were outraged in 2014 to wake up one morning and find that copies of U2’s latest album had been placed into their iTunes libraries without their consent. There are certainly defenses to be made to fight piracy and ensure products aren’t being used for illegal means, but I’ve yet to meet anyone who thinks that these stories aren’t even a little excessive.
We have entered a new world of truly 24/7 online connectivity. Many cars now have their own modems built in to connect to the internet from anywhere; our appliances like thermostats, lightbulbs, washing machines, and coffee makers are constantly connected for remote control or convenience. As connectivity begins to permeate every item in our lives, it’s important to not only be aware of what data those devices are sending and the security risks of such a device, but also to know that they now have the ability to enforce the terms of service - which are often subject to change at any time without warning - at any time for any reason, like when the power companies remotely adjusted smart themostats during a heatwave without warning to conserve power and reduce strain on the grid. Your car might not report you for speeding right now, but it has the ability to and at any time the service provider may change the rules and start reporting your speeding habits to insurance and law enforcement. In the future your car may only allow you to repair it with manufacturer parts, or may decide that attempting repairs at home voids your warranty. Take for example the driver who got stranded when his rental car couldn’t connect to a network.
Open source products protect against situations like these because they are designed to be proliferated. You can’t control the competition if you make the product freely available without restriction. You can’t stop anonymous users from sharing and modifying it. Even if you tried to enforce DRM, the source code can be modified to remove that enforcement. An open source fridge, for example, could easily be modified to remove the digital locks requiring the manufacturer’s filters. It protects consumers from anti-competitive monopolies who price gouge, collect too much data, fail to implement proper security, and put unreasonable restrictions on users for the products they already paid for.
Despite all my praise on this page, it’s important to note that open source products are not automatically guaranteed to be safer or more private. However, with the code freely available there’s less room for abuse and more opportunity for an active, involved community to help improve the product.