They open source all of their clients (when not in beta). They maintain multiple open source cryptographic libraries, in multiple languages, which a lot of developers and companies go on to use. They have a yearly fundraiser for open source and digital rights groups, which they contribute a $100,000 to each year.
Just because their server code is not open source, doesn’t mean they don’t support open source. It’s not an all or nothing situation. Binary thinking and classification is a very dangerous and naïve way to look at things.
Proton’s server code is not Open Source because it contains filter and anti spam detection which if released, would severely hamper their ability to detect spam and keep their users safe + detect abuse for their service.
Proton has had extensive security audits done and their claims have been backed up by independent third parties.
The definition should be further modified to include legitimate reasons for not open sourcing some code + having audits to back up claims.
It might be a good idea to do the exact opposite I.e. make a OSS whitelist. It will be much easier to maintain given the scale of applications/services/products.
OSS-Blacklist: A blacklist for keeping track of OSS hostile companies/organizations (codeberg.org)
Just saw the discussion around the Haier Home Assistant takedown and thought it would be good to materialize the metaphorical blacklist.