The benefit of open source software (OSS) is that, if you could be bothered to check and read through it, you know with absolute certainty what the code actually does (and often more importantly, what it *doesn’t* do). This has a number of benefits:

* It serves as an example for one way to do something, which can be a useful educational tool.

* It acts as a proof that the code isn’t doing something malicious to you when you run it.

* You can judge if it’s doing its job efficiently enough for your needs.

Notice how “anyone can edit it” isn’t up there. That part is not necessarily a part of OSS. Lots of open source projects accept help, but that’s not required. Many open source projects out there will happily show you what they’ve written, but politely ask you to beat it if you suggest changes. That’s the other thing, too — changes aren’t like Wikipedia where you can just pop in and make an edit, only having it reversed if mods catch it. Changes have to be made by a small set of people with permission to edit the project, or you have to submit a sort of request form (a “pull request”) that needs to be reviewed and approved before it gets merged in.

Also not in that list is “anyone can use it” or “it’s free”. Again, lots of OSS *is* free, both monetarily and legally. But just because a project is showing its code to you does *not* give you the right to download it, put it into your own project, redistribute the modified copy, and use it to generate your own profit. That all depends on the distribution license that the project has. Lots of them use licenses like MIT, GPL2, GPL3, WTFPL, Unlicense, etc, all of which for the purposes of this discussion are effectively different ways to say “do whatever you want”, with each one having some different extra nuances that fine tune the legal definitions for different purposes. These projects DO let you freely download, edit, redistribute, and/or profit from them. But other projects may use other software licenses that prohibit one or more of these freedoms.

Consider an example project, [uBlock Origin](https://github.com/gorhill/uBlock/blob/master/LICENSE.txt), a popular and trusted ad-blocking browser extension. This project itself originally began as a fork of another open source extension called [HTTP Switchboard](https://github.com/gorhill/httpswitchboard). HTTP Switchboard is licensed under the GNU Public License version 3 (GPL3), which what we call a “copyleft” license. Essentially, it’s a viral license — any project you make that includes this project must also use GPL3. It’s intentionally written that way so that anything you declare open source will stay that way forever. Back then, the project was simply known as “uBlock”. The original uBlock project used to accept community pull requests. But the lead developer got sick of dealing with all these pull requests and turned over control of the project to another top contributor. After doing that, he immediately forked the project for himself and started going his own way. He could freely do this because uBlock was GPL3, which gave him the right to take the whole project, make revisions, and redistribute it however he wanted. The original uBlock project slowly started to deviate from the course it set out to achieve by bending over to corporate interests by accepting donations and allowing ad networks to pay to be whitelisted as “acceptable advertising”. Since it was open source, we could all see exactly what it was doing. But the original developer’s fork of the project, renamed “uBlock Origin” to differentiate itself, did not do this, and stayed true to its original goal. Again, we know this because it’s open source and we can check.

Lastly, a word of warning: I did say one of the benefits of OSS is that you can look at it to see what it does. That’s still absolutely true. But there isn’t necessarily a guarantee that what the code says, and what a private service is *actually* running, are the same code. A site like Reddit could, theoretically, make itself open source, but the actual servers that run Reddit could be running a privately modified version of that code that does things we cannot see. There’s no way to check, you just have to trust them. The “you know exactly what it does” benefit only truly applies when you actually download the entire project in raw code form and build the software from scratch all on your end. Even just downloading a packed-up executable package from the source can’t necessarily be trusted, as who’s to say they didn’t swap that executable out with a different version with extra stuff added? The only way to know that for sure would be to compare — download the raw code and build it yourself, and see if the result is identical to the bundled copy. Since doing this involves downloading and building the raw code anyway, most people who take this super seriously just build it themselves every time.