PrivacyTools's stance on closed source

@team (2018-11-25)

  • Open Source (2019-05-06):

  • Open Source / free software is preferred but not required (2019-06-01):

  1. No Closed Source Software

– applies to posts only.

Rule 1 in Reddit is somewhat inconsistent with the guidelines for contribution.

1 Like

For recommended software, yes open source. We don’t need people suggesting gazillion closed source programs which have open source alternatives.

However that said, with some things where you don’t actually have the software, ie a VPN provider’s back end or an email provider’s server, we aren’t purists about this.

We aim to make suggestions on a shortlist of the best, not an exhaustive list of everything that exists.



I think the primary wording of rule 1 at should be made clearer, to be consistent with things here.


– at a glance, it’s absolute, off-putting.


@Trai_Dep pinging you as the main Reddit person and I am not sure if team sends you a notification.

(and personally I don’t even have a Reddit account.)

1 Like

It is intentional that Reddit has different rules than our website. Our website has policies in place to ensure that the highest quality resources are posted. The subreddit has rules in place to prevent spam, so they are more absolute.


Hi, Mikaela! Shame on you for not having a Reddit account. (I kid, I keeeed!)

We try to have the same spirit of the law apply to posts and comments on r/PTIO, with an even more stringent standard for software we recommend. The thing is, if we applied strict rules like this one to comments, no one would be able to discuss stock Android or iOS solutions. While GrapheneOS is clearly better from a FLOSS standpoint, the utility and service we’d be able to provide if we ran around removing every post concerning Android or iOS privacy tactics would hurt more than help. Or exiling Chrome and Safari extensions, or Windows or MacOS software solutions.

We apply a somewhat stricter line for posts. But if someone posts a question about PGP running on MacOS, we’d obviously allow it, even though the OS is closed source. But recommending FB Messenger? Get outta town.

Our recommendations most strictly conform to the rules, then our website (and maybe forums?), then Reddit posts, then Reddit comments. At least, that’s the hierarchy I use.

Think of it as our not letting the perfect becoming the enemy of the good.

And, the sidebar rules have to fit character limits for mobile readers – over half our base. That’s why they’re so brief. As DNGray points out, they’re illustrative, not exhaustive.

I hope that helps!



Would this (the first line below) be one character too long?

Open source/free software is preferred but not required
Only Approved Surveys, Fundraising & Petitions Allowed

It’s more the point we want to discourage posts like:

“HELLO PLEASE ADD THIS AWESOME CHAT APP”… proceeds to link one of the millions of closed-source proprietary chat platforms.

That and developers of those platforms using our subreddit as an advertising platform.

If it has no chance of ever making it on we want to avoid it being advertised I think.

Of course there are extenuating circumstances, such as no alternatives, or very specific needs that we may consider, but general rule of thumb that no closed source software still applies.

Hi, Daniel! And, hi, Graham –

Excellent points!

Another worth mentioning is how threat modeling impacts how strictly we apply rules. If someone has relatively low-end adversaries, protecting less crucial information, closed-source software might be recommended as a least-worst option. I run across folks making Reddit comments asking whether, for more humble situations, Which out-of-the-box mobile OS is best? Hands down, vanilla iOS is better than vanilla Android OS. More so if a couple behavioral Best Practices are followed, and a few extensions/Apps are added.

But it’s worth pointing out that, for those with gargantuan threat models or high-value information, no mobile phone is safe. The entire category is just too damn leaky. So at that extreme, even FLOSS isn’t viable. Context is important.

But if we were to add every instance and exception to our sidebar rules, we’d exceed the character limits and no one would read them. Besides, we’re here on PT.IO and over on r/PTIO to highlight exceptions proving the rule, and hopefully explaining the finer points when needed.

We’re trying to strike a balance. I hope our replies help explain them better. A really good question, though. Thanks!

This is not about threat model at all.

It is about trust. Ie a large company such as Apple is more trustworthy than an application developed by an individual who may be hiding behind an anonymous company on some island.

For example we would be happy to suggest things like LineageOS and GrapheneOS, but we wouldn’t recommend closed source android ROM made by a single unknown developer or small team of developers unknown to the world.

Open source software can be verified, closed source software cannot. There is no need to ever suggest closed source software when open source alternatives exist.

That being said, for complex systems such as iOS/Android there will always be some closed source components such as firmware and drivers that are patent encumbered. The code for these is however generally available to the OEM producing the device. (Under NDA) along with documentation. A breach of the OEM’s trust with the party producing the patented component would likely result in a lawsuit between the two.

Therefore there is no hard rule on this, but that rule generally refers to “apps” not platforms like your above example, iOS vs Android etc.

The TLDR of this is it’s not a YES/NO answer but more of a NO/MAYBE (depending on circumstances).

Hi, Daniel –

It’s nuanced. When I see someone saying that they routinely operate digitally with their privacy shields always cranked up to 11, I think to myself, “This is a person who hasn’t done their threat modeling yet”. Or at least, hasn’t conducted an honest one.

I’m safe to assume everyone in this conversation, and many more reading these words, knows how to crank up their privacy shields to the max. Our max can be high. But the thing is, operating at this level is exhausting. Exhaustion leads to fatigue. Fatigue leads to mistakes. Mistakes make you vulnerable.

I think it’s foolish to always think your adversary is the FSB or other well-equipped TLA. I think if you silo properly, and contextually choose what level of effort and resources that silo is worth, you’ll expend the correct, sustainable level of energy that silo deserves. If it’s sharing cat photos (EXIF data stripped, naturally!) and helping people learn interesting ways to protect themselves online, then, yeah, a “6” or so is fine. Our 6 is probably a neophyte’s 9, FWIW.

So context – and threat modeling – is always the first, most crucial step. At least for me.

And for somebody who’s primarily concerned with avoiding corporate surveillance and wanting civilian-grade privacy levels, will I recommend Signal? Absolutely. But if I suspect that they won’t follow through, is iMessage better than FB Messenger, in spite of them both technically having E2EE? Absolutely. So, given that context, a closed-source solution works better than a (optimum) FLOSS solution: it provides a workable profile fitting their threat profile that they’ll actually use. That’s important.

I’d also advise them not to rely on iCloud backups, and instead back up locally, on their computer using an encrypted hard drive. Baby steps, into a warm bath. See? Privacy isn’t hard, it’s… Soothing!

But I can see your point too. For smaller, human-scale projects, FLOSS is better. It’s not a guarantee (HEARTBLEED, anyone?), but it’s solid advice. But I’d rather advise someone to go for a solution that I am 99% certain they’ll follow, then give them advice that requires too much effort given their situation, and have them later say to themselves, “Privacy is too hard – back to FB Messenger I go!”

But it all starts with threat modeling. Context is important, as is knowing your audience.

FWIW, I love starting neophytes into beginning the journey to becoming more privacy-minded people. Going straight to Tor, TAILS or QubesOS purism is a great way to ensure those first steps don’t happen. :wink:

Indeed, and I certainly agree with your point about threat modeling. One of the things that also gets overlooked is separation of identities, for example the name you use on gaming platforms might not be your real one.

You may also relax certain expectations surrounding compulsory tools used in a commercial or student environment. You may choose to use them for those purposes where required but we would always recommend better solutions for personal contact where you do maintain control over what medium is used.

There are precautions that can be taken, such as using alternate browser profiles, or virtual machines to confine those particularly privacy invading tools that we would never recommend normally on the site.

As a result we do try to make a shortlist of the best options in respect to our mission. Factors of this include, user experience, stability, security, source availability, reputation, transparency etc. During the vetting process one of the things we rate quite highly is the availability of staff to answer our questions in a manner that isn’t just canned responses from support staff.

We’ve taken to creating criterias, based upon these things and then measuring up those services and applications to what we’ve agreed is a minimal “base requirement” and a “best case” requirement. (This is evident on the email and VPN pages).

I would like to say here Signal is probably more accessible than iMessage, especially in regard to being able to install it on non-apple devices. In regard to trust, Facebook has continuously proven that they are untrustworthy with scandal after scandal. Their whole model of business is about collecting data, so isolating their applications would be something I would be doing at the very least.

For example if I required Facebook for work, then I would use a separate browser profile, or container or virtual machine. I would recommend against installing it on a personal phone where I am forced to grant them access to copious amounts of my data.

Exactly. One of the main areas I usually start when talking to people about this is with an email provider and communications platform. From there, one can branch out into other areas as they require them.


I should never expect that, but is the one character excessive? above.

I see your point. And appreciate your feedback.

But it’s better to have a strict, crisp line as the default that we give rare exceptions to, then have a fuzzier one that we’d have to argue over (in multi-response chains) from the hundreds of closed-source developers looking to push their (often) commercial product.

Keep in mind we’ve tens of thousands of subscribers, and roughly two or three active Mods. And I also Mod r/Privacy, which has hundreds of thousands of subscribers. We’re all volunteers fighting the good fight for y’all, so we need to optimize our efforts. Easy-to-understand (and administrate) rules help us do this. :slight_smile:


Oof! That’s tight for such a busy sub.