[mucker]

How, pray tell, does free change the problem except in fantasies? There is plenty of "free" software that contains the same problem.

[mackal]

Free as in freedom, not beer. You can look at the code of the free software, therefore tell if it's phoning home or not. More importantly, changing it.

[morganvachon]

Exactly. This is how the Google Chromium always-on voice recognition payload was discovered, for example. We may never have known about it if it wasn't an open source project, or at least we wouldn't have heard about it until long after it shipped.

[anigbrowl]

How many people have the time or inclination to validate everything that way?

[dripton]

Not many, but the effort is parallelizable. If you find a security problem and report it in public, others can verify it, and still others can benefit from the fix even if they never would have bothered to look for themselves.

[creshal]

It doesn't take many. The problem is making sure that someone is doing it (cf., OpenSSL).

[rbanffy]

At least, with those, you can audit the code and have someone fix it. No such luck with proprietary software.