[robflynn]

You shouldn't just automatically trust it, but it allows you to examine what its doing and make your own informed decision about whether or not you can trust it. If you discover your data is being collected in an open source project you can, at the least, make an informed decision and give consent to it.

And while everyone won't be able to understand what they're looking at, the community as a whole would benefit from people looking at it an announcing/discussing problematic things they see in the code base.

If an open source project is syphoning data, someone's going to see it and talk about it.

If a closed project is doing it, it's harder / more complicated for that act to be discovered.

[isykt]

But how can I trust “the community”? I don’t know them. I don’t know their capabilities, nor do I have any say in what they check: whether it’s complete, or accurate; whether the software has been compromised since the last time the community checked; or whether they did the checking they said at all.

[fragmede]

and on Github too, or some other public build mechanism. The thing of it is, is that if it's open source, but the binaries are built privately, there's no guarantee that the binary actually came from the source that's been presented.