[newscracker]

This is firstly about the client software. If you have the client program's source and you can confirm that it does encrypt files with a local key and does not transmit the key to the servers, then it's not really a big deal (although it could be) what runs on the server.

If you have the client program's source, you should be able to build it yourself and use it with the service. This could eliminate the need to use precompiled binaries that SpiderOak provides on its website.

Makes sense? Or am I missing anything else?

[phaet0n]

Sure if it's about the client then sure but as soon as SpiderOak open sources their software they start competing on price because anyone can write a backend to use another storage provider.

[newscracker]

Yes, price would be a big factor, but scaling such a backend, providing a stable solution, etc., are not child's play either. Cyphertite has open source clients and I'm sure they have things other than price that they can compete on.

If there's one thing that the open source model has shown, it's that not everyone wants to bother with maintaining the source or adding features or fixing bugs. However, open sourcing will provide a level of confidence on the privacy aspect like nothing else can (assuming there are people interested in examining the code for issues).

I'll stop with this comment. This submission is not going to be prominent on HN anyway, and currently the sole signature on the petition is mine.