But at least it's harder to hide it, and at some point you know it's going to be found out. If we found out about the proprietary solutions spying on us, I think we'll find out even sooner about the open source ones.
Security vulnerabilities are found in OSS programs all the time, how do you tell the difference between negligence/incompetence/mistakes and malicious activity?
