Which open-source keyboard projects have undergone independent third‑party network/telemetry audits?

1. Why the question matters: telemetry, keyboards and risk

Telemetry collects runtime data that can reveal usage patterns and network behavior, and that same category of data is what privacy‑minded users worry about when they install keyboard software that captures keystrokes or suggestions; the role and design of telemetry in open‑source projects is discussed at length in the “Transparent Telemetry” overview, which frames sample rates, opt‑out models, and the value of telemetry for debugging and product quality ^[1]. OpenTelemetry provides a widely adopted, open framework to gather and forward metrics, logs and traces—exactly the kind of stack an independent auditor would inspect when evaluating network and telemetry behavior ^[2]. That establishes the technical context in which an audit would operate ^{[1] [2]}.

2. What the sources actually report about keyboard projects

The compiled sources list many well‑known open‑source keyboard and firmware projects—FlorisBoard for Android (source code on GitHub), QMK/ZMK/KMK firmware for mechanical and wireless projects, and hardware initiatives from System76 and Keychron—but those items are presented as project pages or curated lists and do not include citations showing independent telemetry audits or third‑party network assessments for those projects ^{[3] [4] [5] [6] [7] [8]}. A privacy‑focused review article praises an unnamed open‑source Android keyboard for storing data locally and being auditable in principle, but that article’s claim is a product recommendation and not documentation of a third‑party telemetry audit ^[9].

3. Where the reporting is explicit about telemetry practices, and what it does not show

Russ Cox’s “Transparent Telemetry” framing and the OpenTelemetry project provide blueprints and tooling for transparent, auditable telemetry collection and export, including recommended sampling approaches and opt‑out considerations ^{[1] [2]}. Those sources are prescriptive about how projects can behave and be audited, yet neither source documents that any specific keyboard project completed an independent network/telemetry audit; they explain methods and standards, not completed audits of particular keyboard codebases ^{[1] [2]}.

4. Third‑party audit ecosystem and how evidence would look

Commercial and specialist firms such as FossID advertise open source audit services that include software composition analysis and formal reporting—types of vendors that could perform or validate telemetry and network audits ^[10]. The provided sources show that audit services exist and that audits produce formal reports, but none of the keyboard projects in the reporting are linked to such vendor reports or public independent assessments in the material supplied ^{[10] [3] [4]}.

5. Alternative possibilities and limitations of the reporting

It remains possible that some keyboard projects have undergone private or public third‑party telemetry or network audits outside the captured sources; the current reporting simply lacks that evidence, and therefore this analysis cannot assert audits occurred. The sources do indicate that many keyboard projects are open source—thus theoretically auditable by third parties or community reviewers—and some projects advertise privacy‑friendly behavior or an auditable codebase, but advertising or community review is not the same as a documented independent telemetry audit carried out by a named third‑party auditor ^{[3] [9] [8]}.

Conclusion: current, sourced position

Based on the material provided, no open‑source keyboard project can be identified as having published or undergone an independent third‑party network/telemetry audit; the sources explain telemetry best practices and list keyboard projects and audit vendors, but they do not connect any keyboard project to a completed independent telemetry audit report ^{[1] [2] [3] [4] [10] [5] [6]}.