> FSF proponents here would argue that through trust (in so called community)
you get the necessary certainty. But as I have said on other occasions -
trust is a belief. It creates more uncertainty as it is not based on direct
observation but on an idea. When you look a the tree outside your house -
there is nothing to trust or believe. The tree is there, you can see it,
touch it. You don't need a community of experts to provide certifications and
endorsements that there is a tree.
Well you do have to trust your senses. That you aren't having an
hallucination or a dream, for instance.
But more importantly there are plenty of things you can "trust" (in a
qualified sense) that you don't interact with directly. I haven't directly
seen an electron or the dwarf planet Pluto. I haven't been to Thailand or
Angola. Nor have I touched the original Rosetta Stone or Terracotta Army. Nor
have That doesn't mean that I am "wrong" to trust that those things are real.
All of those things can be verified by a community of scientists,
cartographers, historians, and archeologists because they are by their nature
open to peer review, in both its formal and informal sense. One does not need
to fall into the trap of solipsism, instead we can have various degrees of
trust.
To bring it back to software, I have not read the millions of lines of code
in the software I use. But I "trust" in the free/libre community of
programmers to find flaws in them. Is it perfect? Of course not. Can it be
improved? Yes, auditing software for security flaws should be an extremely
important part of software design. (Just like replicability should have an
even more important role in science) Is it the best we have? It appears that
way.
In fact your test of various browsers for leaking information is a great
example of this. You, a member of the free/libre community even as an
amateur, found a problem, reported it, and it appears is being taken
seriously. Thank you for that.