From a security point of view, the trouble with cloud-based applications and closed source software in general is that you can never tell whether there are flaws that will leak your information or even back doors put there deliberately to allow third parties to get at it.
Open source software gives you many advantages.
You can understand exactly what the software will do when run. Strictly speaking you can understand what any software does, but source code written in a high level language serves the purpose of both telling the computer what to do and telling humans what the program is intended to do. This is because classes, functions and variables in the program are given English names. Programmers may even write comments in the source code to annotate it. The names and comments may be misleading but this becomes apparent when you look at what code does as a whole. If you can not personally understand the program, you can be reasonably sure others do. One thing that gives me confidence is that previous flaws have been found and fixed.
You can be sure you are running the same software you have gone to the trouble of understanding because you can compile it yourself. You can compile the user applications, libraries, operating system kernel, drivers and even the compiler yourself if you want. More usually you will entrust most of this work to others such as Linux distributions. Programs downloaded from such sources are cryptographically signed. Becuase the source code is available anyone can check that the source code produces the same program that is provided pre-compiled.
So there is little likelihood of a back door in open source software. Linus’s Law states that many eyes make bugs shallow. This means that bugs in open source software, especially the most important and most widely used open source software, get fixed quickly. In The Cathedral and the Bazaar, Eric Raymond described how the Linux style of development leads to superior code quality. All this means there is less likelihood of accidental leakage of your secret information.
Should they decide they do not like us encrypting our files or obscuring our online activity, it would be very hard for authorites to take open source software away. The nearest they have got is the Consumer Broadband and Digital Television Promotion Act which was intended to protect music companies who wanted to put DRM into music by making trusted computing compulsory. The idea was that computers would be required to have a special chip that would only let them run programs that would be cryptographically signed by some authority. You would not be able to run your own programs.
The bill got nowhere and such laws are unlikely to because open source software is so ubiquitous. It runs the Internet. Samizdata runs on a computer running the Linux kernel using GNU libraries and uses an open source web server, database and blogging software written in languages compiled by open source compilers and interpreted by open source interpreters. So do everyone else’s web sites. Most of the electronic gadgets in the world that have any software at all have open source software in them, including phones and TVs. None of this is going away.
As much as Google and Microsoft have brands to protect, if the government makes laws big companies have to follow them. Governments have no such hold over open source programmers who are geographically, organisationally and ideologically dispersed.
It is possible that certain algorithms have mathematical back doors and that the NSA has hired all the people clever enough to find them. It is possible that the NSA tried this with a cryptographic random number generator and were caught out. We can be somewhat confident that the NSA can not break AES encryption. There are other encryption algorithms available.
Nothing is certain, but open source software gives us some control over our computers and some defense against governments that closed corporate software never can.