Evaluating your tools: Key questions

Free and Open Source, or proprietary? Who owns the service? What do the Terms of Service say? Has the tool been security audited? By whom?

Last Updated: 04 Mar 2016

When you're evaluating a tool or service, there are some basic questions worth asking:

1. Is it Free and Open Source, or is it proprietary?

If a service, app, operating system or tool is proprietary, the technology behind it - the source code or software - is closed. This means that it can't be independently examined, to check that it does what it claims to do. This is in contrast to free and open source tools, which are available for anyone to view and which can be independently audited.

2. What do you know about the company which owns the service?

Some companies will take better care of your personal data than others. Many companies have a business model that involves collecting and selling at least some of your data.


Things to consider:

  • Who actually owns the product? This can change over time, as companies get bought out by other companies
  • Where is the company based? This determines the jurisdiction within which the company operates, and different countries have different laws with regard to data protection.
  • Is the company known to collaborate with governments?

3. What are the Terms of Service?

Every time you install an app or sign up for a new service, you are asked to agree to the Terms of Service.
But what are you actually agreeing to? (See our Lost in Small Print section for the privacy policies of big commercial services, simplified and visualised)

 

4. Has the tool been security audited?

The only way to know that a tool is secure and not leaking data is to have it reviewed by security experts as part of an audit.
 

5. Who carried out the security audit?

There are different ways of carrying out a security audit. Large technology companies can carry out a security audit internally, or hire a firm which specialises in security audits. Another option is to have it audited by the technical community in an open source format.