Open-source software would allow us to see how that published software handles our data, but it would not allow us to see how the cumulative sum of that data is handled after it is passed over to a central body.

Unless, of course: That centralized data store were also open -- perhaps even by using something like DNS -- but then, anyone of sufficient skill would be able to craft an application to see where others' things are.

(Unless... E2E encryption for ___location data, so it can only be understood by those who generate it? Hmm.)

An open source backend that requires end to end encryption on a per-user-storage basis, while not sharing those keys in the open source client (reference implementation) could effectively prevent third parties from seeing the data.

Something like shamir's secret sharing with split up keys effectively making the encrypted data useless, or based on time frames so you can only track the last "epoche" (like the last 24 hours, maybe?) similar to how HOTP/TOTP works could work nicely I'd imagine.

At Tholian (my company) we're using team based keys where at least 2 of x keys (the elected lead and co lead) in the team must co-sign a data changing action. It's peer to peer, meaning those peers can find each other and co-sign this without our servers having to store any transaction queue that could be compromised.

This way we prevent abuse, and if the feds come knocking on our doors, our users stay protected because without those keys we cannot see what's going on in any of the registered teams.

That's how I think it should be like, for any web service that supposedly keeps their privacy promises. If they don't do this, their promises were likely lies and once the root keys or the databases are compromised there's no turning back.

Looking at you, cross-tenant keys at Azure. Everyone knows you were and are still lying about the security aspects.