When a service advertise as 100% open source, do you expect the website to be open-source too? - eviltoast

Long title, wopsi.

Recently been checking out PIA VPN service(for research purposes), and they advertise their services to be 100% open source. However when checking their Github they don’t seem to have their code base for website there.

So this have had me wondering, when you hear the term 100% open source. Do you expect ALL of what they do, including website part, to be open source? Or just the application / service that they offer?

Lemmyknow your thoughts!

  • PeachMan@lemmy.world
    link
    fedilink
    arrow-up
    26
    ·
    11 months ago

    It’s pretty common for companies like that to advertise that their app is 100% open source, but then stop short of guaranteeing anything beyond that. In PIA’s case, I would point out that their infrastructure (the servers that they use to route your traffic) are closed, so they could be doing literally anything in there. Their desktop client being open source doesn’t actually do much to guarantee your privacy.

    If you want real transparency, Mullvad is the only real option: https://mullvad.net/en/help/open-source

    Having said that, I personally use PIA because it’s cheaper and I don’t care enough.

    • stepanzak@iusearchlinux.fyi
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      11 months ago

      I think that the client is what really matters, because AFAIK you have no way to verify what’s actually running on their servers.

      • PeachMan@lemmy.world
        link
        fedilink
        arrow-up
        10
        ·
        11 months ago

        Right, you can’t be 100% sure, but there are measures that they can take to make you trust them a bit more. For example, I believe Mullvad runs systems in RAM and keeps no records of who uses what. You don’t even have to give them your email address; they don’t want it. And they submit to regular audits (provided you trust the auditors).

        Also, if the client matters, then don’t use their client. Use the OpenVPN client instead.

    • Lunch@lemmy.worldOP
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      Thanks for the insight! Yeah aware that Mullvad is pretty much the closest to “state-of-the-art” as it gets, compared to the rest of these services in the market.

      • PeachMan@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        I mostly use a VPN for torrents, and not much else honestly. And Mullvad isn’t very friendly to torrenters (for good reasons), they don’t allow port forwarding.

  • LesserAbe@lemmy.world
    link
    fedilink
    arrow-up
    13
    arrow-down
    1
    ·
    11 months ago

    No, I don’t expect a company’s website to be open source, just their primary product or service

  • RQG@lemmy.world
    link
    fedilink
    arrow-up
    11
    arrow-down
    1
    ·
    11 months ago

    Only if the website is part of the product. Like if to use the product I have to login on the website or am forced to regularly use it or whatever. Then if it is advertised as 100% open source I’d probably be like ‘is it though?’.

  • TootSweet@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    5
    ·
    11 months ago

    The whole idea of a service being “open source” sounds like nonsense to me. “Open source” refers to code, not services.

    Might as well call my cat “100% open source.”

    I might use a term like “open source friendly” for a service to mean “can be used without using any proprietary software.”