The open-source community is amazing and makes software more secure. Millions of coders find backdoors and data collection mechanisms, so they do not make their way into the open-source programs we use every day. Never trust software if you cannot inspect the source code!
We will explain how the community keeps the integrity of open-source software in check and how you yourself can contribute to this. Later, we will talk about what motivates open-source programmers.
Programmers are always interested in learning new things. Open-source software allows them to read source code of a program and step by step understand how it works. This applies to beginners who are just starting out, as well as experienced developers. They might discover code that they did not even think was possible or appreciate how clever a certain problem was solved. It lets them see the program from the perspective of another programmer.
During the journey described above, programmers will often find critical issues, bugs or exploits that the creator of the software did not notice. The original programmer did that by accident and not intentionally, so they are happy if people point such things out to them.
Security issues and backdoors are impossible to hide when you have the source code available. Proprietary software can only be analysed by reverse engineering and observing what the program does. Therefore, proprietary software could be full of security bugs and intentional backdoors without anyone noticing, at least not immediately.
We have given the example of Skype stealing your Firefox passwords before. This should give you a rough idea of how dangerous it can be to use closed-source programs. The bug in Skype, or should we say eavesdropping by design, was only discovered after closely observing how the Skype app requested access to the directory of Firefox browser. That was the exact folder where hashed passwords are saved by Firefox. Microsoft of course does not tell you that on their website. What they are also trying to conceal are the numerous backdoors installed in Skype to allow easy access by law enforcement, wire-tapping and extracting chat protocols. We do not know how much more such malicious code is hidden in the closed-source code of software we use on a daily basis.
In open-source projects, we are free of such issues, most of the time. There are millions of programmers that analyse source code of open-source software in their free time and you can be sure that they would notice. If, for example, LibreOffice tried to steal your passwords or share personal data with companies, we would know that within hours by reading source code and the damage to the developer’s reputation would be enormous.
“Open-source software development literally forces software engineers to be absolutely honest and behave in an ethical manner.” — InvisibleUser
Open-source programmers are subject to public scrutiny, so if they applied any of the data collection, data interception, backdoors or ways for law enforcement to get in (like in Skype), the backlash from the community would be immense.
Instead of only reading the source code, advanced users can compile open-source software themselves. That means turning code into a program that runs on PC or mobile. You are thereby creating an executable. The version you build yourself can then be compared to the one the developer offers for download on their website. Even small details that do not match between the two versions would be obvious immediately.
Performing this task might seem difficult and unrealistic to you, but there are many coders out there that do such things on a daily basis. When thousands of professionals and hobbyist programmers compare the compiled code to the distributed version every day, we would know instantly if an open-source project secretly implemented a nasty backdoor. The developers would then feel the wrath of the free software community and go bankrupt within weeks.
We do not only want to talk about building software yourself. Instead, we encourage you to try it, at least once. There is so much to learn about code, compilers and software. Additionally, the world needs people that can perform the “backdoor check” described above. Only then, we can preserve the integrity of open-source software. Below, you will find a few official and unofficial resources that help you build the Firefox browser:
Learning how to build Firefox is the first step in becoming a Firefox dev. The Linux OS is especially great for this purpose, since it makes compiling easier. You should really learn the steps of building software that is not available for your Linux distro, but open-source. With these skills, you can create it directly from the code and do not have to wait for someone to package it. This increases the amount of available software for Linux.
A good video on building Linux software in general (not only Firefox) can be found here. There is a great guide from HowToGeek. The Ubuntu community documentation offers this article.
In this section, we are going to explore why programmers give away their code. We will take a look at why they publish their hard work for free, instead of protecting it and what motivates coders to contribute to open-source projects.