diff --git a/content/posts/2026-open-source/index.md b/content/posts/2026-open-source/index.md deleted file mode 100644 index aa28319..0000000 --- a/content/posts/2026-open-source/index.md +++ /dev/null @@ -1,75 +0,0 @@ -+++ -title = 'Why Open Source?' -date = 2026-05-09T18:00:00-00:00 -lastmod = 2026-05-09T18:00:00-00:00 -draft = true -tags = ['open source'] -[params] - author = 'Iain Learmonth' -+++ - -All of our development efforts at SR2 Communications are released under an open source licence. -This is often a condition of the grants that fund our work but we don't just use the licences to meet contractual -requirements. We strongly believe that open source software is the best way to approach the technical needs of -civil society organisations. - -Kerckhoffs's Principle is one guiding idea in this approach. -The principle holds that a cryptosystem should be secure, even if everything about the system, except the key, is public -knowledge[^1]. -Kerckhoffs's principle was later phrased by the American mathematician Claude Shannon as "the enemy knows the system". - -This principle forces us to build software that would withstand a source code leak because it's already open. -We cannot hide security flaws behind obscurity. -Every algorithm, every protocol decision, every line of networking code must be robust enough for expert scrutiny. -When vulnerabilities are found, and they sometimes are, they're found by friendly researchers who report them, rather -than by adversaries who exploit them silently. - -This auditability also helps us build trust. -When our code is fully auditable, users can verify exactly what our software does, and crucially, what it doesn't do. -They can confirm we're not logging their activity, not inserting backdoors, not collaborating with adversaries. -This trust is foundational. -Without it, users won't risk using our tools, and the tools become useless. - -When we produce censorship circumvention tools, we are building in a context where there is already distrust. -Censorship cannot exist without surveillance. -To block content, authorities must first monitor what users are accessing. -This surveillance creates a chilling effect: even when censorship isn't actively enforced, the threat of being watched -leads to self-censorship. -Users hesitate to search for sensitive topics, search for alternative news sources, or communicate openly. -We must circumvent not only the censorship imposed technically, but the self-censorship imposed by the threat of -surveillence. - -Funding for internet freedom work can be unpredictable. Grant cycles end. Priorities shift. -If a funding gap forces us to halt development, open source ensures continuity is possible. -Other organisations can pick up where we left off without needing any permission from us. -They can maintain the software, apply security patches, and keep services running for users who depend on them. - -Even when funding is stable we cannot be everywhere at once. -Our team has expertise in specific regions and network conditions, but censorship takes different forms across the -world. -Deep packet inspection, for example, may be implemented differently in different regions but if we have an open source -framework for defeating it, we enable others to adapt our tools for their local contexts. -A developer in a region we've never considered can fork our repository, modify protocols to evade their specific regional -environment, and deploy it for use. - -Our open approach invites contributions from a global community of security researchers, computer scientists, and -censorship measurement specialists. -These academics scrutinise our cryptography, suggest protocol improvements, and identify vulnerabilities we might have -missed. -They publish papers that advance the entire field, and we incorporate their findings back into our codebase. -This virtuous cycle makes our tools stronger than any closed-source alternative could be. - -We see open source as a strategic necessity. -It builds user trust in an environment of surveillance and self-censorship. -It multiplies our impact through decentralised adaptation. -It harnesses global expertise for continuous improvement. -It enforces genuine security that withstands scrutiny. -And it ensures our mission endures, regardless of what happens to our organisation. - -The code we write today may outlast us. That's by design. - -[^1]: Kerckhoff described a number of design rules for military ciphers in 1883, and there is another principle that we -also strongly agree with (translated from -[the original French text](https://petitcolas.net/kerckhoffs/crypto_militaire_1.pdf)): "given the circumstances in which -it is to be used, the system must be easy to use and should not be stressful to use or require its users to know and -comply with a long list of rules".