I was bored, so I compiled a list of 77 of my favorite open-source privacy-focused software. This ranges from Android apps to desktop apps to websites to operating systems. I scraped the programming languages used for each one from their respective repositories, and created a simple scoring system to score each programming language.
Obviously there is some bias, since Kotlin is very popular for Android apps and not much else, and it's not an exhaustive list, so some data might be off, but it was still fun to make! Just wanted to share it with all of you, in case anyone else finds it interesting.
The full ranking
Full ranking
- C++
- C
- Kotlin
- Java
- JavaScript
- TypeScript
- Python
- Shell
- C#
- Dart
- PHP
- Ruby
- HTML
- Makefile
- Go
- QML
- Pascal
- CSS
- Clojure
- Blade
- Crystal
- Batchfile
- Swift
- Emacs Lisp
- Svelte
- Rust
- CMake
- Haskell
- Lua
- Vue
- Roff
- XSLT
- Assembly
- NSIS
- Objective-C
- SCSS
- Less
- PLpgSQL
- Objective-C++
- Inno Setup
- Meson
- WebAssembly
- ASL
- PowerShell
- Rich Text Format
- GLSL
- Common Lisp
- Haml
- Scheme
- Dockerfile
- Perl
- AIDL
- M4
- Mustache
- D
- MDX
- SourcePawn
- M
- Pug
- Lex
- EJS
Scores for each programming language
Language scores
C++: 13070
C: 11734
Kotlin: 7195
Java: 6727
JavaScript: 5356
TypeScript: 5002
Python: 4250
Shell: 1903
C#: 1873
Dart: 1872
PHP: 1844
Ruby: 1499
HTML: 1389
Makefile: 990
Go: 975
QML: 955
Pascal: 917
CSS: 888
Clojure: 878
Blade: 832
Crystal: 738
Batchfile: 708
Swift: 577
Emacs Lisp: 556
Svelte: 366
Rust: 351
CMake: 342
Haskell: 326
Lua: 300
Vue: 288
Roff: 268
XSLT: 176
Assembly: 167
NSIS: 130
Objective-C: 128
SCSS: 90
Less: 77
PLpgSQL: 66
Objective-C++: 61
Inno Setup: 59
Meson: 41
WebAssembly: 25
ASL: 22
PowerShell: 21
Rich Text Format: 21
GLSL: 18
Common Lisp: 16
Haml: 14
Scheme: 13
Dockerfile: 12
Perl: 12
AIDL: 11
M4: 7
Mustache: 7
D: 5
MDX: 5
SourcePawn: 2
M: 2
Pug: 2
Lex: 1
EJS: 1
The original data
(NOTE: I am NOT looking for criticism on any choices made here)
Original data
HuggingChat
TypeScript 62.1%
Svelte 36.6%
Dockerfile 0.4%
JavaScript 0.4%
HTML 0.2%
Shell 0.1%
Other 0.2%
GPT4ALL
C++ 48.2%
QML 32.3%
Python 8.5%
CMake 5.4%
JavaScript 3.9%
C 1.0%
Other 0.7%
Audacity
C 37.6%
C++ 35.3%
Python 18.1%
Shell 2.8%
Common Lisp 1.6%
QML 1.3%
Other 3.3%
Duplicati
C# 87.3%
JavaScript 5.7%
HTML 3.2%
Less 1.8%
Python 1.2%
Shell 0.4%
Other 0.4%
Vorta
Python 99.2%
Other 0.8%
Filen (Desktop)
TypeScript 96.3%
JavaScript 2.1%
HTML 1.2%
NSIS 0.4%
Monero
C++ 81.7%
C 11.7%
Python 3.2%
CMake 2.0%
Makefile 0.5%
Shell 0.4%
Other 0.5%
Ivy Wallet
Kotlin 99.7%
Other 0.3%
Brasero
C 98.1%
Makefile 1.5%
Other 0.4%
VSCodium
Shell 83.8%
XSLT 16.0%
PowerShell 0.2%
GNU Emacs
Emacs Lisp 55.6%
Roff 23.8%
C 16.4%
M4 0.7%
Objective-C 0.6%
C++ 0.5%
Other 2.4%
GitLab
Ruby 69.2%
JavaScript 17.3%
Vue 6.8%
PLpgSQL 2.9%
Haml 1.4%
HTML 0.9%
Other 1.5%
Codeberg
Clojure 87.8%
Shell 3.9%
CSS 2.3%
HTML 2.2%
Batchfile 2.2%
PowerShell 1.0%
Other 0.6%
Wikipedia (MediaWiki)
PHP 82.7%
JavaScript 15.3%
Less 1.1%
CSS 0.8%
HTML 0.1%
Vue 0.0%
7-Zip
C++ 79.3%
C 17.6%
Assembly 1.6%
Makefile 1.5%
PeaZip
Pascal 91.7%
Inno Setup 5.9%
Batchfile 1.8%
C++ 0.4%
Shell 0.1%
C 0.1%
qBittorrent
C++ 71.0%
JavaScript 14.1%
HTML 11.5%
Python 1.1%
CSS 0.8%
CMake 0.7%
Other 0.8%
osu!
C# 100.0%
2048
CSS 54.9%
JavaScript 38.1%
HTML 6.5%
Ruby 0.5%
Wireshark
C 95.2%
C++ 2.4%
Python 1.1%
Perl 0.3%
CMake 0.3%
SourcePawn 0.2%
Other 0.5%
nmap
C 38.0%
Lua 29.0%
C++ 17.3%
Shell 4.6%
Python 4.3%
Makefile 1.9%
Other 4.9%
VirtualBox
C 67.2%
C++ 25.2%
Python 2.8%
Objective-C 1.7%
Assembly 1.4%
D 0.5%
Other 1.2%
Docker
Go 97.5%
Shell 1.5%
Dockerfile 0.5%
PowerShell 0.3%
Makefile 0.1%
Python 0.1%
calibre
Python 79.2%
C 17.1%
C++ 2.8%
HTML 0.3%
Shell 0.2%
XSLT 0.1%
Other 0.3%
Thunderbird
JavaScript 60.5%
C++ 21.5%
HTML 6.6%
CSS 3.8%
C 1.8%
Java 1.7%
Other 4.1%
Betterbird
Batchfile 66.5%
C 18.3%
C++ 10.1%
Shell 5.1%
draw.io (Desktop)
JavaScript 96.0%
Shell 4.0%
Joplin
TypeScript 71.4%
JavaScript 22.3%
HTML 1.9%
CSS 1.3%
Java 1.2%
Mustache 0.7%
Other 1.2%
LibreOffice
C++ 86.6%
Java 5.5%
Python 1.8%
Makefile 1.6%
XSLT 1.5%
Rich Text Format 1.4%
Other 1.6%
Proton Mail (Web)
TypeScript 92.1%
JavaScript 5.2%
SCSS 1.5%
MDX 0.5%
Swift 0.4%
CSS 0.1%
Other 0.2%
F-Droid
Java 65.3%
Kotlin 33.1%
Other 1.6%
Aurora Store
Kotlin 96.8%
Java 2.8%
AIDL 0.4%
Neo-Store
Kotlin 100.0%
Obtainium
Dart 98.7%
Other 1.3%
Droid-ify
Kotlin 99.6%
Shell 0.4%
IzzyOnDroid
PHP 97.2%
Python 2.5%
Shell 0.3%
Accrescent
Kotlin 100.0%
GNOME Software
C 97.0%
Meson 1.2%
Python 1.1%
Other 0.7%
Flathub
TypeScript 74.0%
Python 24.2%
JavaScript 1.1%
Shell 0.4%
SCSS 0.2%
Dockerfile 0.1%
SearXNG
Python 74.7%
Shell 9.9%
HTML 6.1%
Less 4.8%
JavaScript 2.7%
CSS 0.9%
Other 0.9%
GrapheneOS
Makefile 87.1%
C++ 11.3%
Shell 1.6%
GNOME
C 97.3%
Meson 2.3%
Python 0.4%
KDE Plasma
C++ 45.6%
QML 41.2%
C 5.5%
CMake 2.3%
Python 2.2%
JavaScript 1.9%
Other 1.3%
Arch Linux
C 98.4%
Assembly 0.7%
Shell 0.4%
Python 0.2%
Makefile 0.2%
Perl 0.1%
HeliBoard
Java 45.4%
C++ 34.7%
Kotlin 19.2%
Other 0.7%
Blender
C++ 76.3%
Python 14.6%
C 5.0%
GLSL 1.8%
CMake 1.2%
Objective-C++ 1.0%
Other 0.1%
FreeCAD
C++ 52.7%
Python 44.5%
C 1.5%
CMake 0.8%
NSIS 0.2%
Lex 0.1%
Other 0.2%
Krita
C++ 90.2%
Python 3.0%
C 2.3%
CMake 1.6%
HTML 0.7%
Rich Text Format 0.7%
Other 1.5%
GIMP
C 95.5%
Scheme 1.3%
Python 1.1%
C++ 0.7%
Meson 0.6%
Perl 0.4%
Other 0.4%
Flameshot
C++ 87.8%
CMake 5.8%
Shell 3.3%
Python 1.7%
Roff 1.1%
C 0.2%
Other 0.1%
Inkscape
C++ 94.1%
C 1.7%
CMake 1.5%
HTML 1.4%
Python 0.3%
Aegis
Java 96.0%
HTML 2.1%
Roff 1.9%
VeraCrypt
C 68.8%
C++ 19.0%
Assembly 10.0%
Shell 1.1%
Makefile 0.5%
Batchfile 0.3%
Other 0.3%
KeePassXC
C++ 95.1%
CMake 2.2%
Shell 1.5%
PowerShell 0.6%
Objective-C++ 0.4%
Python 0.1%
Other 0.1%
KeePassDX
Kotlin 79.0%
C 14.0%
Java 4.1%
Assembly 2.6%
C++ 0.2%
Ruby 0.1%
addy.io
Blade 83.2%
JavaScript 5.2%
Vue 4.8%
PHP 4.5%
CSS 2.3%
Mullvad VPN
Rust 35.1%
Swift 26.2%
Kotlin 19.5%
TypeScript 13.2%
C++ 2.8%
Shell 1.8%
Other 1.4%
Alovoa
Java 82.7%
HTML 9.8%
JavaScript 3.6%
CSS 2.8%
Other 1.1%
Briar
Java 98.0%
Kotlin 1.9%
Other 0.1%
SimpleX Chat
Haskell 32.6%
Kotlin 32.3%
Swift 26.9%
HTML 2.2%
TypeScript 1.4%
JavaScript 1.1%
Other 3.5%
Medito
Dart 88.5%
Kotlin 8.0%
Ruby 2.0%
Swift 0.7%
CMake 0.2%
C++ 0.2%
Other 0.4%
coreboot
C 94.4%
ASL 2.2%
Makefile 1.0%
C++ 0.7%
Assembly 0.4%
Perl 0.4%
Other 0.9%
Libreboot
Shell 51.5%
Python 25.1%
C 22.2%
Makefile 1.2%
OpenStreetMap
Ruby 78.1%
HTML 8.7%
JavaScript 6.9%
PLpgSQL 3.7%
SCSS 1.2%
C++ 0.7%
Other 0.7%
OsmAnd
Java 95.3%
Kotlin 3.9%
AIDL 0.7%
CSS 0.1%
Shell 0.0%
XSLT 0.0%
Organic Maps
C++ 71.0%
C 7.5%
Java 6.1%
Swift 3.5%
Objective-C++ 3.1%
Python 2.9%
Other 5.9%
VLC Media Player
C 62.6%
C++ 18.9%
Objective-C 8.3%
QML 3.1%
Makefile 1.6%
Lua 1.0%
Other 4.5%
Stremio (Desktop)
C++ 36.7%
QML 17.6%
NSIS 12.4%
JavaScript 10.7%
Shell 9.1%
CMake 4.1%
Other 9.4%
OBS Studio
C 54.6%
C++ 34.7%
CMake 6.1%
Objective-C 2.2%
Objective-C++ 1.6%
M 0.2%
Other 0.6%
NewPipe
Java 84.0%
Kotlin 13.5%
HTML 2.5%
FreeTube
JavaScript 68.5%
Vue 17.2%
CSS 11.2%
SCSS 3.0%
EJS 0.1%
Invidious
Crystal 73.8%
HTML 13.9%
JavaScript 8.2%
CSS 2.6%
Shell 1.1%
Makefile 0.2%
Dockerfile 0.2%
PeerTube
TypeScript 89.7%
HTML 6.5%
SCSS 3.1%
Shell 0.4%
Pug 0.2%
JavaScript 0.1%
Tubular
Java 84.6%
Kotlin 13.0%
HTML 2.4%
Mullvad Browser
JavaScript 28.1%
C++ 25.7%
HTML 22.3%
C 12.4%
Python 2.8%
Tor Browser
JavaScript 28.2%
C++ 25.6%
HTML 22.3%
C 12.4%
Python 2.9%
uBlock Origin
JavaScript 88.4%
CSS 4.9%
HTML 3.4%
WebAssembly 2.5%
Shell 0.6%
Python 0.1%
Makefile 0.1%
Fantastic questions! Thank you for asking.
The answer to this is a bit complicated: I had a list of sources, but many of them were not primary sources, and so I am currently in the process of recollecting sources and better categorizing them. I'm currently collecting as many different types of sources as I can, and I will find out what is actually useful later.
CVE databases will be some of the primary sources I will use in the article, and I may even try to get in touch with the individuals who documented some of the CVEs. I can't make any promises about that, though.
I am not familiar with these yet, so I will look into them.
For the sake of clarity in this post I used "Chromium" and "Firefox" to simplify what I am doing for users who aren't as aware of the fine details. I will be comparing a wide variety of projects, such as Chromium, Vanadium, Brave, ungoogled-chromium, whatever hardened Chromium Secureblue uses, etc. to a variety of Gecko-based projects such as Firefox, the Tor Browser, Mullvad Browser, and other varieties I may be unfamiliar with. These will be compared on their various platforms, such as Windows, macOS, various Linux distros (where available), iOS, Android, and special cases such as Qubes, Tails, and Firejail. Essentially, I want to compare what the most and least secure varieties of each browser pose, and make observations from there.
As far as I currently know (and please note I am still in the early research stages), Google Safe Browsing is a feature that primarily affects privacy and is more of a failsafe. For one, it warns you about malicious websites. This is a failsafe for users who are not aware of which websites are malicious. This isn't directly a security protection, but rather a security "suggestion" for non-advanced users. It also sends data to Google to report websites, which mainly affects privacy. I'm pulling most of this from my head, and so I may be off base with this. Either way, it will not be the main focus of this, as it doesn't matter if Google Safe Browsing is safe or not if it can simply be disabled. I plan to mainly focus on sandboxing issues with Firefox and any related topics that sprout up from that.