Signal recently announced that they will move away from a fully open-source model. To fight spam, a fraction of the server-side code will become closed. Some people became worried—“WHAT ARE THEY HIDING?”—but, honestly, I couldn’t care less if server side is “open source”. It actually made me realize that we are finally living in an age where you can run fully open-source software on clients’ devices, collect zero personal data and still make money.
Trusting the Server
Here’s how the Internet1 works. If you type in yoshke.org/contact
into your browser’s address bar, a request will be made to the server (that I control) responsible for yoshke.org
domain name. Ideally, all you’d want this server to do is send back an HTML document containing my contact details. But you have no guarantee how and what the server will do. I could be
- generating the page each time or simply serving a static file
- sending different contact details to different people
- logging your IP address and selling the information to the Chinese Communist Party
The first one shouldn’t matter to you, the second one is really annoying, and the third one—well, it depends… My point is, if you don’t know what’s happening on my server, how can you trust me with your data? After all, this website doesn’t even have a privacy policy—OH NO!
The good thing is that you don’t have to trust me. This website uses zero cookies2—you can confirm it in your browser. Thus, the only information you’re sending me is your IP address3 which alone can’t be used to personally identify you.
What about Signal? It is a messaging platform so all it deals with is private information! Fortunately, it is end-to-end encrypted. If Alice wants to send a message to Bob, it will get encrypted before leaving her device. The server will receive a series of seemingly random characters but even if they decide to store it or send it to someone other than Bob, these characters will be worthless to them. That’s because only Bob has the key capable of decrypting them into the message that Alice sent him.
So all we should care about is that Signal keeps their client-side app fully open. Unless you wish to run your own Signal server, it doesn’t matter what fraction of the server-side code they publish on GitHub—we couldn’t verify that that’s what they’re running anyway. As long as we (or someone who understands cryptography) can verify that the messages are properly encrypted, we can feel safe about our communications.
Zero-Knowledge Business Model
Unfortunately, most of the other apps utilize personal data in some way. Even if they say they don’t you can’t be sure because the majority are not revealing the code that is running on your device. And it makes sense—businesses have little incentive to open-source their apps.
But there are examples of community- or even business-driven applications whose source code is available to the end user. A major problem, though, is that most people possess multiple devices. If you install a note-taking app on your phone, you’d probably want to access those notes on your desktop computer. How do you do that while keeping them private? Open-source evangelists will probably recommend you some program which you can host on your server and which will sync the data between your devices. The issue is… normal people don’t own servers.
Although the end-to-end encryption model is usually synonymous with communication apps, I believe there is a huge market in other segments as well. There is no reason why your notes, calendars or news feeds which you subscribe to shouldn’t be encrypted by default—if all the server does is synchronize data between devices, it doesn’t need to know what the contents are4. It also solves the financial incentive problem5—everything that runs on your devices is open source, yet the entrepreneurs can still make money by offering a service that syncs your data. Importantly, you don’t have to trust them because all they’ll know is where the encrypted data are coming from and where they should be sent to.
I am actually surprised this isn’t a more popular business model. In a world where people are supposedly becoming more conscious about their privacy online, only fake solutions like VPNs6 are starting to gain traction. I hope it’s just a marketing problem because trustless zero-knowledge apps seem to be one of the very few ways to ensure real digital privacy.
As a side note, only zoomers and the NYT choose not to capitalize this word. ↩︎
I also don’t use embedded social media buttons or YouTube video players which often enable these third parties to track you. ↩︎
This is necessary so that I know where the requested information should be sent back to. ↩︎
Etebase looks like an amazing framework for this kind of model. ↩︎
At one point in his life, Travis Oliphant, the creator of NumPy, was worried about the amount of time he was spending on writing open-source software—how does one make money, afford to have kids, etc.? So he asked Richard Stallman and here’s what Stallman had to say: “Well, you know, I think just be like me and don’t have kids.” I can’t express in words how stupid this advice is. It’s ridiculous to abandon plans of starting a family just to develop software which is in line with your ethics. ↩︎
All that VPNs are good for is torrenting and accessing US newspapers. ↩︎