Cyph is fully open source. Our public GitHub repository includes all client and server code.
This is critical to the trust and security of the service, because it ensures that independent security researchers are able to review it freely, and notify the public in the event that a critical vulnerability or intentional backdoor is discovered. In the future, we’ll also add an automated way for third parties to independently build our public source code and verify that it corresponds to the the live production package (you could actually do this now without too much trouble, but the steps aren’t documented and wouldn’t be particularly user-friendly).
That being said, Cyph isn’t considered free software. In addition to the patents, our source code is licensed under Ms-RSL, which is effectively a read-only license, so third parties can’t fork and modify our code or deploy their own instances of Cyph without our permission. We thought this was a fair compromise to allow us to develop this as a startup without ignoring a necessary aspect of its security.