[russdpale]

Personally, if they cant prove it, it shouldn't be trusted. And in talking about proving it with the source code. The days of granting benefit of the doubt to these companies should be over. The onus of security should be on the providers proving it, not misplaced trust.

[delroth]

How does providing the source code help with proving trust? You don't know that the service is actually running the source code that was published.

If you're willing to believe that the service matches the published source code, why wouldn't you also be willing to believe that the service matches the published "specifications" (e.g. privacy policy)?

[jkaplowitz]

Do any providers you use meet this standard? A few bits of open source software have been subjected to credible public audits, but not most of those. For proprietary services, the detailed results of any audits are typically nonpublic.

This is nice in theory but would prevent you from sharing your data with any third-party services in practice beyond your personal circle of trusted acquaintances.