Open Source Privacy: Why AGPL-3.0 Matters

How do you trust privacy software? You cannot verify closed-source claims. The company says they do not log your data. You just have to believe them.

Privacy policies are legal documents, not technical guarantees. They can be changed, reinterpreted, or quietly ignored. The only way to truly verify a privacy claim is to read the code that implements it.

With open source, anyone can read the code. Security researchers can audit the cryptographic implementation. Developers can verify the server-side logic. Users can compile from source and run a binary they built themselves.

This is not about trust — it is about verification. We do not ask you to trust us. We ask you to read the code.

The AGPL (Affero General Public License) has a key provision that MIT and Apache licences lack: if you modify the code and run it as a network service, you must publish your modifications.

This prevents a company from taking sTELgano, adding backdoors, and offering it as a closed-source service. With MIT or Apache, they could do exactly that — take the code, modify it silently, and deploy it without anyone knowing what changed.

The AGPL closes the “SaaS loophole” that makes other open-source licences insufficient for privacy-critical software.

You can always run your own instance. The AGPL ensures that any improvements made to self-hosted versions benefit everyone. If someone fixes a bug or adds a feature to their self-hosted deployment, the community gets access to that improvement.