All Kee Vault security software is open source because this is the only safe way to develop security software. You, or technically capable friends and family, can review the code that will interact with your secret passwords to verify that it really does what we claim it does; there’s no need to implicitly trust any companies or individuals, in contrast to most other commercial password managers and web browsers like Google Chrome.
Open source software is well known to be more secure than closed source (proprietary) software so for something that you have to trust to safely store your passwords to your online and financial accounts, open source is the only sensible choice.
There are countless studies that prove this but many companies still hope that you don’t know about them. For a recent example, in 2018, critical flaws in the security of many widely used Samsung, Crucial and other disk drives were exposed, with the security researchers proving that proprietary and closed-source cryptography is “often shown to be much weaker in practice” than open source cryptography.
The core principle actually dates back over 125 years and boils down to “security through obscurity is no security at all”, i.e. if your security relies on keeping the inner workings of your application secret it is likely that your security is already broken. You can read more on this topic in the fountain of all knowledge (and its associated scientific paper references).
Where’s the source?
- Kee Vault browser app: https://github.com/kee-org/keevault
- Kee browser extension: https://github.com/kee-org/browser-addon
- All components, libraries and tools: https://github.com/kee-org/
Whilst we hope to eventually release all code Kee Vault Ltd creates, we have for the time being omitted the code that runs on machines that are not owned by you. There are two reasons which justify this decision:
- You can never have a guarantee that the code we claim is running on servers that Kee Vault connects to is in fact the same as that which is actually running there. This applies to all services hosted on the internet, not just ours, and is why we ensure that you can see from the client code that executes on your machine that no unexpected data is transmitted and that all transmission is performed in a secure manner.
- The absence of the server code in a public location slightly increases the cost of the technical effort to clone the entire Kee Vault service. This allows us to continue focussing on improving the service rather than spending time and money pursuing legal enforcement, as well as reducing the dilution of funding that would occur if multiple near-identical services were to be launched in a short space of time.
This decision allows us to keep your subscription fees very low without detracting from the benefits you gain from the security-critical client components being open source.