Open Source

Open source means the source code is published under a license that lets anyone read, audit, and (usually) modify and redistribute it. Common licenses: MIT, Apache-2.0, GPL-3.0, AGPL-3.0, MPL-2.0, BSD-3. Open source is necessary for trust in privacy claims because the encryption claim is verifiable — researchers can read the code and confirm the math, the keys, and the protocol match the marketing. But open source alone does not prove the running binary matches the source (reproducible builds address that), nor that a vendor will continue maintaining it, nor that an audit has actually happened. Closed-source privacy tools can still be defensible if they have published audits, a Secret-Key-style architecture (1Password) that limits server-side compromise, and a track record under legal pressure. But the floor of trust is lower because nobody outside the vendor can verify their claims directly.