Key questions for anonymization tools
Is the product Open Source?
Open Source means that the code of a programme is publicly available. Everybody can review it, search for vulnerabilities and develop it further. The opposite is "Closed Source", so that no one but the developer – e.g. a company developing an app – can review it. Especially if a service is popular, Open Source is a real benefit. A lot of experts review the code and constantly improve it. Journalists do not have to trust a service that it really does what it claims to do – they can see in the code how the system works.
The most secure data is the one that does not even exist. Therefore, it is important that an anonymisation tool does not store users’ data, for example in log files. Some (mostly free) VPN providers store and analyse that data to make money out of it. This can compromise anonymity.
Although the service itself may not have access to the content or metadata of users' online activity, it might have to hand over certain information about its users. For example, metadata about communication – who sent what to whom, when and where – might be stored. Journalists and their sources should check whether a service is legally bound to cooperate with a government that they identified as a potential adversary in their threat model. This is especially important for VPN providers.