Open source: The only way to restore privacy ?

Open source: The only way to restore privacy ?

Browsers, Privacy, Kathrin Jennewein, 16. February 2021

Harmonie Vo Viet Anh is the security and privacy manager at eyeo. She is responsible for the compliance of our personal data processes and the security of the information in general. She has experience in health data privacy and open source projects and has worked for the Interministerial direction of Digital affairs in France.

In the era of online tracking and micro targeting, all kinds of organizations want to record and monitor your online activities for various purposes. The devices we carry in our pockets can collect massive amounts of data via their sensors. They have microphones and cameras, GPS locators, fingerprint and facial scanners, which opens up the possibility to correlate data in addition to behavioral data.

Buying and selling behavioral data became a large part of the revenue model of an overwhelming majority of content and services on the internet. In return for free access to these services, users get used to the idea of being under surveillance constantly.

Using the services of a company that holds your personal data means that at some point you accept the risks engendered by the level of privacy of the data entrusted to this company. Most people compromise their privacy for convenience and at this point different models that offer alternatives for paying with your data are not available or still very few. This means that there is no real choice for users yet who want to protect their data and privacy, they would rather prefer to pay for the service monetarily than give their data away, for example.

The response to systems we don’t and shouldn’t trust can be to build a new system that obviates trust. Transparency is the only way to create a system in which you don’t have to trust, because you know what is done with your data. Having access to the source code and having all information about the software available are essential elements for online transparency.

Open source of the code helps you if you have enough knowledge to analyze it to prove that the software you are using is not doing something unattended with your data. But it is not possible for everyone to do this study of the source code on their own. As a result, we realize that it is hardly possible to get rid of trust entirely.

The solution to mistrust in online systems isn’t to eliminate trust entirely, but to have enough constituents to trust more wisely. In this respect, open source is indispensable for restoring this quality trust you need when it comes to protecting your privacy. Open source allows people who have no financial or other interests in the software to guarantee that this software effectively protects your privacy. This leads to a more empowered trust that is not blind but based on information and actual facts.

Not everyone has the knowledge and skills to understand code and we know it’s a privilege to be able to do so. eyeo has been an open source company ever since and we are incredibly thankful for the open source community that challenges our code. They are handing in their knowledge, skills and resources to make software and online surfing in general more safe and secure for those who are not able to code themselves and make the internet a more democratic place.

Furthermore, quality and security are crucial when it comes to privacy protection, and security by obscurity, which means hiding the code, is just not working. Access to the source code, contrary to what many people thought a few years ago, makes it possible to identify and respond more quickly to security breaches that could compromise user data. You basically can’t have privacy protection without a high level of security, this is why these two topics can’t be divided: they belong together by nature. Since transparency and openness increase security protection levels, open source is even more important.

Of course, open source is not addressing all the issues when it comes to privacy. You can still build toxic software for the privacy of your users and make it open source. But there is no real privacy possible without Open source.

You can’t have privacy without trust.You can’t have trust without open source.
You can’t have privacy without great security. You can’t have great security without open source.
You can’t have privacy without open source.

Harmonie is a legal expert specialized in privacy, open source and open data. She has been working in open source communities for several years and combines her legal and technical skills in the field of privacy and IT security. She launched the open source community of the French government in 2018: Blue hats – hackers of public interests. She is working from Strasbourg, France.