ProtonBlog(new window)
Subscribe by RSS

Why open-source encryption is better for your privacy

Lydia Pang(new window)

Share this page

From the creation of the Android mobile operating system(new window) to powering the first interplanetary helicopter(new window), open-source projects have been critical to the development of new technologies. In a recent survey of enterprise developers(new window), 85% already use open-source code in their organizations, and over 90% will continue adopting open-source projects and technologies. 

As open-source projects continue gaining traction, it is beneficial to understand how you can leverage the advantages of open source for better privacy and security. This article looks at what open source is, debunks the myths of open source, and explains why open source is good for encryption and your privacy. 

What is open source?

Open source, sometimes referred to as open-source software, is the name for code that is available for anyone to modify and share in its original and modified forms. It enables developers to share their work without the restrictions of a proprietary license. 

The open-source movement encourages the development of high-quality software by tapping into the creativity and enthusiasm of a global community of developers. Based on collaborative development, many well-known and widely used software solutions have emerged from open source, including the Apache HTTP server(new window) and the Linux operating system(new window)

Another goal of open-source projects is to promote rapid innovation in software development. Innovation thrives in an environment where users and developers are free to work together on projects and synthesize great ideas. In other words, making software open source democratizes the development process and drives down costs.

Debunking myths about open source

Although the open-source movement has been around for several decades, it’s still plagued by misconceptions. Here are the top three: 

Myth one: Open-source software is less secure than proprietary software

Proprietary software is often believed to be more secure than open-source software, though this is not always the case. Besides lowered costs and increased flexibility, open-source projects are more transparent about vulnerabilities as the source code is publicly accessible. Due to its open nature, anyone in the community can detect and resolve security flaws before they pose a serious threat.  

You can also review the code yourself, make modifications, and even release a custom version of the software. Open-source projects allow anyone with the technical expertise to fix broken code, whereas only the vendor or company can examine and update proprietary software. As a result, open-source software is often more reliable and secure than proprietary software. 

Myth two: Open-source software is bad quality

Though anyone can modify open-source projects, this does not mean that all submitted modifications are accepted. In fact, most open-source projects use a workflow where a lead developer or a group of developers must sign off on all changes made to the code. Many open-source projects experience the same quality assurance checks as proprietary projects do — they undergo code review, testing, and adhere to consistent guidelines(new window)

Myth three: Open-source software provides less technical support than proprietary software

Open-source projects are surrounded by vibrant communities of developers and volunteers that share a collective interest in creating a high-quality product. The larger the community, the more likely you are to find solutions for an issue you’re facing. Most open-source projects have dedicated forums where users can post questions and troubleshoot bugs through crowdsourcing.

When a project is open source, you can also look at the version history to get an idea of the time required to resolve a bug and receive an update. In addition, many tech companies like Netflix(new window) and Adobe(new window) use open-source code in their projects, which guarantees continued support for big open-source ventures. 

Why open source is good for encryption

Governments, businesses, and individuals rely on end-to-end encryption(new window) (E2EE) to safeguard their digital communications and data from theft or unauthorized access. 

E2EE is a secure method of encoding data so that only authorized parties can decrypt(new window) the information with a private key. Since the purpose of E2EE is to keep sensitive information private (such as your financial data or medical records(new window)), it seems counterintuitive to open up its source code for everyone to scrutinize. 

However, the effectiveness of E2EE does not depend on the secrecy of its algorithm but the secrecy of the keys. Even if an attacker perfectly understands the implementation of E2EE in an application, they would not be able to hack into your account unless they also knew your private key.  

On the contrary, by opening up the source code, anyone can directly verify that the encryption features are implemented correctly. Instead of operating on blind trust, you can examine the code to ensure that there are no backdoors built in. You can even hire third-party security firms to conduct independent audits.  

Open-source encryption enables individuals, experienced developers, and cryptography experts to learn what algorithms are employed, how they work, and point out potential flaws and vulnerabilities. This transparency makes it possible to quickly resolve bugs and independently assess the security of an application, which in turn leads to better privacy. 

How Proton Mail’s open-source encryption protects your privacy

We developed Proton products and services with the principles outlined above — all of our apps are fully open source and built with end-to-end encryption. We believe in being transparent with our community and giving them a choice in how their data and privacy are handled. 

Since the beginning, we have been strong advocates(new window) for open-source software, and you can find our source code for all our apps on GitHub(new window). We maintain two popular open-source encryption libraries, OpenPGP.js(new window) and GopenPGP(new window).

We also hire third-party firms to conduct independent audits of our apps and share the results so that you can read an expert’s assessment of our service’s security. 

Recently, we released an audit report(new window) for the new Proton Mail, which was found to be secure and robust. This audit report provides additional certainty that Proton Mail’s end-to-end encryption protects everyone who uses our service as intended. We also performed security audits for Proton VPN(new window) on all supported platforms, including Android, iOS, macOS, and Windows. If you believe in open-source encryption and would like to support our efforts in building privacy-focused products, you can sign up for a free email account(new window).

FAQ

What is open-source encryption?

Encryption refers to the process of encoding information so that it can only be read by authorized parties. When you make encryption “open source”, you are making its source code and algorithms available to the public for inspection. This means that anyone can review the code and check for vulnerabilities. Because more people are able to examine the code and propose fixes, this makes it more likely that vulnerabilities will be swiftly reported and resolved, resulting in a more secure product.

Does encryption allow for privacy?

Encryption, especially end-to-end encryption, protects your privacy by converting sensitive information into indecipherable text. Only your intended recipient can decode this information with a private key. Without access to this private key, it is impossible for a hacker to steal your data unless they also have physical access to the device where your private key is stored. As such, end-to-end encryption ensures that your privacy is protected at the highest level.

Which open-source encryption is the best?

Open-source encryption can be used in a variety of applications, from password managers(new window) to email providers. As the world’s largest encrypted email service, Proton Mail provides one of the best open-source email encryption on the market. We use a combination of TLS, zero-access encryption, and end-to-end encryption to secure your emails(new window). All of our code is open source and available on GitHub(new window).

Feel free to share your feedback and questions with us via our official social media channels on Twitter(new window) and Reddit(new window).

Protect your privacy with Proton
Create a free account

Related articles

Section 702 of the Foreign Intelligence Surveillance Act has become notorious as the legal justification allowing federal agencies like the NSA, CIA, and FBI to perform warrantless wiretaps, which sweep up the data of hundreds of thousands of US citi
In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring. Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often
Your email address is your online identity, and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches
proton pass f-droid
Our mission at Proton is to help usher in an internet that protects your privacy by default, secures your data, and gives you the freedom of choice. Today we’re taking another step in this direction with the launch of our open source password manage
chrome password manager
You likely know you should store and manage your passwords safely. However, even if you are using a password manager, there’s a chance the one you’re using isn’t as secure as it could be. In this article we go over the threats some password managers
sensitive information
We all have sensitive personal information we’d all rather not share, whether it’s documents, photographs, or even private video. This article covers how to handle sensitive information or records, and what you can do to keep private information priv