General Threats to User Freedom

From Kicksecure
Jump to navigation Jump to search

Tivoization, malicious features, antifeature, tyrant software, treacherous computing, digital restrictions management (DRM), Software as a Service (SaaS), Service as a Software Substitute (SaaSS), non-root enforcement

User Freedom Threats[edit]

Since the inception of the four original essential software freedoms provided by Freedom, other issues have emerged such as:

  • Locked bootloaders: Devices prohibiting the user from installing alternative operating systems which are not certified by the hardware vendor.
  • Non-root enforcement: Denying administrative rights ("root") to users. Thereby device owners are degraded to limited users with limited rights (non-administrators) on their own devices.
  • [1]
  • Malicious features: examples include macOS and Windows
  •; [2] [3]
  • Tyrant
  • Treacherous
    • Device Attestation: The operating system rats out the user and helps applications learn about modifications which are undesired by the operating system vendor such as Google Android. As a result, applications refuse to function.
    • Digital Rights Management (DRM)

      Digital rights management (DRM) tools or technological protection measures (TPM) are a set of access control technologies for restricting the use of proprietary hardware and copyrighted works. DRM technologies try to control the use, modification, and distribution of copyrighted works (such as software and multimedia), as well as systems within devices that enforce these policies.

    • FSF DRM, (Digital Restrictions

Corporate Objectives[edit]

It is important to examine the objectives of the entities backing up a software project even if the code is apparently released under an open license. The impact on users' freedom in the future is at stake as a captive market is a winner takes all scenario. Consider the examples below.


  • Ars Technica: Google’s iron grip on Android: Controlling open source by any means
  • The European Commission: Antitrust: Commission fines Google €4.34 billion for illegal practices regarding Android mobile devices to strengthen dominance of Google's search
    • Commissioner Margrethe Vestager, in charge of competition policy, said: "Today, mobile internet makes up more than half of global internet traffic. It has changed the lives of millions of Europeans. Our case is about three types of restrictions that Google has imposed on Android device manufacturers and network operators to ensure that traffic on Android devices goes to the Google search engine. In this way, Google has used Android as a vehicle to cement the dominance of its search engine. These practices have denied rivals the chance to innovate and compete on the merits. They have denied European consumers the benefits of effective competition in the important mobile sphere. This is illegal under EU antitrust rules."

    • In particular, Google: [...] has prevented manufacturers wishing to pre-install Google apps from selling even a single smart mobile device running on alternative versions of Android that were not approved by Google (so-called "Android forks").

    • In order to be able to pre-install on their devices Google's proprietary apps, including the Play Store and Google Search, manufacturers had to commit not to develop or sell even a single device running on an Android fork.

    • the Commission has found evidence that Google's conduct prevented a number of large manufacturers from developing and selling devices based on Amazon's Android fork called "Fire OS".

  • Reuters: Google loses challenge against EU antitrust decision, other probes
    • "The General Court largely confirms the Commission's decision that Google imposed unlawful restrictions on manufacturers of Android mobile devices and mobile network operators in order to consolidate the dominant position of its search engine," the court said.

Mono: Microsoft's .NET Implementation for Linux[edit]

Mono was released under dubious language concerning patent assertion, allowing Microsoft to arbitrarily enforce them if advantageous. If there had been high adoption of Mono, it would have given Microsoft enormous leverage over the language's ecosystem. Fortunately, the libre community did not take the bait and shunned the framework. Even though the patent situation changed recently, the well had been poisoned. [4] The SCO patent trolling used by Microsoft as an attempt to kill off Linux in the 2000s was not forgotten.

GCC vs Clang-LLVM[edit] [5] was initially heavily funded by Apple in retaliation for the GNU Compiler Collection (GCC) re-licensing under While the permissive licensing is technically libre, it allows companies to close up forks or mandate non-free plugins. This locks in users on hardware platforms which would usher in a new dark age for libre software development and porting, and also lead to significant security and trust issues.

This unscrupulous conduct by industry players was not possible for the longest time because re-inventing another compiler with the same feature-set and architecture support as GCC was cost prohibitive. The widely cited consensus is that the competition has had a healthy outcome for GCC, leading to improved error codes, performance and features like plugin support - albeit carefully, to prevent closed plugins from piggy-backing on the compiler. However, another aspect is that compiler-specific quirks act as a "network effect" whereby if one component of a project only works with LLVM, the rest of the project follows with no interest from the developers to fix bugs or work on compatibility with GCC. For example, Libreoffice (on Windows) is switching to Clang because the the Skia renderer will only compile with it. [6] Over time, this could drain resources from the copyleft GCC as corporations and distributions conclude it is not cost effective to contribute to a compiler with shrinking market share.


Chromium greatly amplifies Google's influence and ability to impose their custom standards and protocols, including on web standards; the impacts on freedom are unconsidered. [7] Google repeatedly snub and bypass the W3C standard body especially when improvements to user privacy are proposed. [8] The features they design also make performance notably worse in competing browsers. [9] When released, the existing plan for new API limitations will prevent current and even possible future rewrites of adblockers.

No attempt to address these concerns have been made by the Chromium developers. [10] [11] Every Firefox installation provides Mozilla with a bit more leverage and diverts advertisement money from Google. The less people use Firefox, the less website creators will care to invest into developing websites for compatibility, thus killing it off indirectly. If Mozilla's revenue dies and they cease to exist, Tor Browser will also disappear - destroying a key component of the privacy ecosystem. The present Chromium engine is unsuitable for privacy because it cannot provide equivalent Firefox protections, and there is no willingness to change the design to accommodate such initiatives.

War on General Purpose Computing[edit]

There is an ongoing struggle against the unrestricted use of general-purpose computing devices. Increasingly, electronic devices sold today are, in fact, general-purpose computers that come with built-in restrictions that limit user control. Vendors purposely withhold administrative capabilities, also known as "root rights," from users, which can cause problems:

  • It prevents users from fixing problems or adding new features. For example, if a stock Android device fails to start, it is impossible to analyze what is going on without administrative rights, let alone fix it.
  • It perpetuates privacy violations.
  • It forces users to buy more expensive models to get features they could have obtained had they been able to unleash the full potential of their already purchased devices.

Examples of this struggle include:

  • TVs:
  • The PlayStation is a fully functional computer that could run any program in theory, but in practice, which programs or games can be run on it is solely decided by Sony, its producer.
  • Console mod-chippers were busted in nationwide raids in
  • Restrictions in Mobile Devices: (#mobile_devices_restrictions)
    • Many mobile phones have bloatware, unwanted default installed applications, which cannot be easily uninstalled. This is an unreasonable restriction. Even if uninstallable in theory, there is the The Tyranny of the Default that makes it difficult to do so. A lot of users wish to uninstall a bloatware, but they may not have the technical expertise to do it because the process has been intentionally made more difficult than it should be.
    • Most iPhone and Android phones restrict the user's freedom to choose which programs can run on these devices.
      • Another unreasonable restriction is for example is Google's ban in Android Play Store of YouTube downloaders such as TubeMate.
      • Google bans adblockers that block adds in other apps from its Play
      • YouTube was an alternative YouTube player.

        On March 13, 2022, the developers of YouTube Vanced announced that the application would be shut down after they received a cease and desist letter from Google, which forced the developers to stop developing and distributing the app.

      • A YouTube downloader youtube-dl... Quote

        Recording Industry Association of America (RIAA) abused the Digital Millennium Copyright Act’s notice-and-takedown procedure to pressure GitHub to remove it.

        It was later re-instated thanks to help by EFF. [13]
      • Installation of apps without using the platforms official app store is sometimes still possible.
        • Google Android: The process of installing an app from sources other than Google Play is still possible for technically advanced users clicking through scary warnings.
        • Apple's iOS: Is even more restricted and does not permit installation of apps without the official iOS App Store.
        • Alternative app stores such as F-Droid are forbidden in Google Play Store as well as in Apple's iOS App Store. At least F-Droid can be installed by technically advanced users on Android but not on iPhone where the user is even more locked out.
      • For example, Apple rejected rejected an endmyopia citing "medical diagnostic" from its App Store. Without App Store however on iOS devices, no applications can be installed. On iOS there is purposely not even a sideloding feature which is at least available on Google Android stock devices. In theory, devices could be jail broken but that harms security and then many other apps would refuse to run due to attestation.
      • Apple also bans torrent clients and emulators.
      • The unrestricted discussion software Telegram downloadable from Google Play Store or Apple App Store censors topics as the corporate overlords see fit. The Freedom Software version of Telegram downloadable from the Telegram website, web version as well as downloadable from F-Droid, the Free and Open Source Android App Repository does not have these restrictions.
      • Apple bans GPL licensed software from its app
      • Apple banned developers who created software that allowed to disable artificial user freedom restrictions on iPhone
      • These phones are often packaged with spyware installed by default, which cannot be removed.
  • Most phones that are sold by mobile carriers or manufacturers have locked bootloaders which are prohibiting the user from installing alternative operating systems which are not certified by the hardware vendor. For example:
    • The Microsoft Surface RT/2 tablet comes with Windows 8.1 which is nowadays outdated and a locked bootloader. It cannot be updated to Windows 10 or to alternative operating systems such as Linux. [14] Using a jailbreak and lengthy complicated instructions it might be possible. [15]
    • QZ: Google can still use Bluetooth to track your Android phone when Bluetooth is turned
    • How Google--and everyone else--gets Wi-Fi location
      • How it works, according to Google, is that the Android Location Services periodically checks on your location using GPS, Cell-ID, and Wi-Fi to locate your device. When it does this, your Android phone will send back publicly broadcast Wi-Fi access points' Service set identifier (SSID) and Media Access Control (MAC) data. Again, this isn't just how Google does it; it's how everyone does it. It's Industry practice for location database vendors.

    • AP Exclusive: Google tracks your movements, like it or
      • Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to. An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you’ve used a privacy setting that says it will prevent Google from doing so. Computer-science researchers at Princeton confirmed these findings at the AP’s request.

    • There may be rare exceptions to this rule, hence "most" and not "all". These exceptions are not the point which shall be made in this comparison. See also Android Privacy Issues and User Freedom Restrictions.
    • In summary, both, restrictions on applications which can/cannot be installed as well as which can/cannot be uninstalled are imposed. People are conditioned into more software freedom restrictions.
  • UEFI SecureBoot is another stumbling stone which makes installation of Freedom Software operating systems as a replacement for Microsoft Windows more difficult on the Intel / AMD64 ("PC") computers.
  • Out-of-band Management Technology can easily subvert user security and control over their machine if running an open alternative is not feasible.
  • Sophisticated civilian accessible drones running software which restricts where it can fly.
  • Cellphone Base-band firmware is not modifiable by the user which prevents updating for security patches once the manufacturer abandons the device.
  • Google banned AGPL licensed software from its code hosting Google has an anti-AGPL

People are reduced to vassals in this relationship involving them and the hardware vendor. For more examples consult Chapter User Freedom Threats to see how some technologies are abused to restrict user freedom.

The fact, that highly technical people are sometimes capable of circumventing some of these technical restrictions, if sufficiently motivated, is besides the point as the censor has succeeded in accomplishing their objective of blocking the majority of the population who do not have a sophisticated knowledge of technology. The root issue is, there is a lock and the vendor refuses to give the key to the user. That root issue does not go away by breaking the lock. Big, most hardware vendors locking down devices is a far more important, powerful movement than a few hackers that can sometimes circumvent technical restrictions in a cat and mouse game which would be lost eventually by the hackers. For example Google's SafetyNet hardware attestation is currently unbreakable. Quote GrapheneOS on Banking

GrapheneOS doesn't attempt to bypass the checks since it would be very fragile and would repeatedly break as the checks are improved. Devices launched with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities so the era of being able to bypass these checks by spoofing results is coming to an end regardless.

The trend is clearly going into the direction of the general population of loosing access to general computing rather than gaining more freedom. It won't be happening today, tomorrow or next year. It's a gradual long term trend.

For most device classes (phones, tablets, TVs) the freedom of general computing was already lost without an awareness of the war on general computing. The freedom of general computing remains only on some desktop computers and servers.

Desktop computer's are under attack too with Microsoft's Restricted Boot ("Secure Boot") feature. Restricted Boot did not prevent booting alternative operating systems yet but novice users must either use operating systems who's bootloaders were permitted by Microsoft (suddenly Microsoft is in control which operating system can run) or click through scary security warnings when disabling the restricted boot feature in the BIOS through a procedure in the BIOS which is complicated for non-technical users. With another option of deploying one's own keys which is even more complicated. The actual security of restricted boot in the real world has turned out to be worthless since centralized keys/signing will always be vulnerable to secrets leaks.[16] With closed source and seldom updated UEFI firmware serving as the TCB for restricted boot, malware has been able to exploit that to bypass it and gain persistence.[17]

Alternative operating systems such as Linux distributions are going into a similar long term direction with Sigstore and the long term vision on image-based OSes with modernized security properties built around While there are probably good intentions and strong technical advantages for going into that direction (recovery mode boot, factory reset, Verified Boot), the result of requiring to enable a developer mode to be able to modify arbitrary files on the disk, would make it trivial to switch from freedom (unlocked) to non-freedom (locked).

Once most devices are locked down, the few remaining libre compatible options could either be pressured to lockdown by economies of scale (corporations requesting digital restrictions management (DRM) in their hardware and would make custom hardware batches exorbitantly expensive and out of reach), or through outright bans by politicians mandating proprietary, surveillance friendly operating systems, citing the Four Horsemen of the Outlawing general computing as been attempted in 2002 in USA through the Consumer Broadband and Digital Television Promotion, which unfortunately failed at the time. These would then effectively control which applications can be run.

See also,

Users should own your hardware as well as their software. Avoid non-freedom software. Avoid locked hardware. Use Freedom Software. When purchasing new devices, the user should check:

  • Will I get full administrative rights ("root rights") yes or no?
    • Or is the device at least rootable?
  • Is the bootloader unlocked?
    • Or is the bootloader at least unlockable?

Device Attestation such as SafetyNet[edit]

Google's SafetyNet is a tool used by many apps to check and refuse to run on user modified devices running custom operating systems that are free from unwanted spyware and bloatware that come pre-installed on most Android devices from mainstream manufacturers.

SafetyNet certification is only granted to devices that comply with Google's "Android compatibility tests". To be eligible for certification, Google Play Services must be installed [19], which leads to massive data snooping by Google. This certification guarantees "security" for the app developer, not the user.

It guarantees "security" not for the user but for the app developer. Many essential applications that does not exactly conform to Google's mandates refuse to run.

Essential applications that do not meet Google's mandates refuse to run, and users are denied the ability to audit or stop what the application is doing, such as inspecting what data it is harvesting and sending back to its servers. This is a severe restriction on user freedom, where apps are allowed to operate on the user's device without any transparency or user control.

Device attestation is a worldview where apps should only be able to operate on the user's device without user or researchers having the ability to audit or stop what the application is doing - such as inspecting what data it is harvesting and phoning home.

Most banking apps, streaming services, transportation apps, and some messengers such as Snapchat are affected. Device Attestation and SafetyNet restrictions are part of the "War on General Purpose Computing," which limits user freedom and restricts users from using their devices in the way they desire.

Conflict of Interest[edit]

There is a conflict of interest in the software industry and undermines the very foundation of user trust. Operating system vendors (stock ROM), custom operating system developers (custom ROM), application developers, and users are in a struggle for power, control, and/or profit.

What many users want to avoid:

Users are often the victims of a web of data harvesting, surveillance, and manipulation. Personal information and user data are collected and used to build a model of the user, which is then used to manipulate the user's behavior, influence their purchase and political decisions, and even control their thoughts. This data is then sold and resold forever, allowing it to be used against the user in immoral ways that violate their privacy and autonomy. Once the data leaves the device, the user loses all control over it and the data can never be fully erased or retrieved.

Many users demand:

  • Privacy:
    • Knowledge, control and minimization of data collection, snooping, espionage and data leaks by the operating system and applications.
    • Prevention of applications camera and/or voice recording them without their knowledge and consent, tracing their location history, exfiltration of contacts, media, messages, and documents.
    • Protection from future data breaches and their personal data being leaked to third parties.
  • Control: A basic understanding of and control over what their devices are doing, including the ability to limit applications to their intended purposes.
  • Audit: The ability to verify that applications are only doing what they claim and what is expected of them.
  • Customization: The ability to modify applications to suit their individual needs, such as patching the YouTube application on Google Android to enable background play.

Many application developers prioritize:

  • Copyright protection: The ability to prevent users from retaining or sharing copyrighted media (such as Netflix), even under reasonable fair use assumptions.
  • Data collection: The collection of as much information as possible (including location, call history, browsing history, viewer history, and more) for the purpose of surveillance, market research, advertising, predicting user behavior, user manipulation and maximizing profit.
  • Secrecy: Preventing users from learning the details of what an application is doing.
  • Integrity: Preventing users from making modifications to an application. Examples include:
    • Google Android's YouTube app restriction (for freemium users) on playing audio in the background while the device's screen locker is enabled.
    • Freemium games that prevent users from accessing items or levels that are only available to paying customers.
    • Multiplayer games that prevent cheating in online games.
    • Banking apps that confirm the security model is intact to prevent fraud by checking that no other installed applications can read or write from the banking app's dedicated storage folder, and that no malicious kernel module or other malware is running that could steal the user's login credentials or make unauthorized transactions.

Most operating system vendors for mobile devices (stock ROM) prioritize:

  • Adoption: Attracting as many users as possible to increase profit.
  • Attractiveness for application developers: Providing an environment that encourages application developers to create apps for their platform, thereby attracting more users.
  • Security: Preventing any malicious or unapproved party from establishing a foothold in their ecosystem.

Some custom operating system vendors for mobile devices (custom ROM) prioritize:

Some custom operating system vendors for mobile devices (custom ROM) want:

  • Similar to most operating system vendors.
  • Hardware deals: Obtaining recognition from a hardware producer that would pay for continued development and adjustment for their custom operating system, often at the expense of users.


Sigstore [20] [21] [22] [23] is an industry-led initiative to create a chain of trust for software with the objective of accomplishing something similar to what Let's Encrypt had done for website TLS certificates. At face value, having a curated transparency log for all Linux software and enforcing that only digital signature signed processes run (as part of Verified Boot) seems good, but the devil is in the details. A developer would need to authenticate with an OpenID Connect (OIDC) provider such as Google or GitHub to verify ownership of their email address and possession of previously generated keys. This centralizes trust and would make it trivial for these corporations to censor publishing code they find disagreeable as they are the self-appointed gatekeepers of verification.

An example of software banned by github includes youtube-dl, a YouTube video download utility (, As torrentfreak reported, GitHub Warns Users Reposting YouTube-DL They Could Be As in Wikipedia, this was due to a request by the Recording Industry Association of America (RIAA). Fast forward, youtube-dl is now available again on github but this just one of many examples that there are issues.

Publisher anonymity may become impossible as most of the aforementioned entities require invasive proof of identity to allow signing up to their services. While the governance structure allows for multiple developers from different companies to play key roles in a rotating fashion, it is questionable how independent they can really be if pressure comes to bear on following certain orders or risk losing employment or promotion.

Hence it is reasonable to conclude that Sigstore will play a role in the War on General Purpose Computing and further limit which devices laymen users can run programs on without restrictions imposed by the operating system vendor. It might result in as a subversive attempt by corporate interests to create a walled garden that allows only certain "approved code" to run on Freedom Software systems as opposed to the decentralized distribution repository system that all Linux desktop distributions are using nowadays.

Such a design also raises questions about the integrity of the transparency log should one of the OpenID providers become compromised. Freedom Software developers and operating system maintainers would do well to steer clear from Sigstore.

Freedom vs Tyrant Security[edit]

Table: Freedom (Open Source) Security [24]

Category Description
Disk Encryption Disk encryption keys are under the sole control of the user.
End-to-end (E2E) Encryption End-to-end encryption keys are under the sole control of the user.
Security Features Security features are available which do not intentionally restrict user customization.
User Freedoms User freedom restrictions are intentionally minimized.
Synonyms Cypherpunk Security, User-Controlled Security

Table: Tyrant Security / Enterprise Security

Category Description
Default Privacy, Security and Customization Settings
  • These devices have privacy-intrusive default settings that most users are unaware of and which cannot be disabled.
  • In most cases the user cannot choose the vendor they wish to install (security) upgrades from.
  • Customization of these devices is also limited. For example, many pre-installed applications (often referred to as "bloatware") cannot be uninstalled or at least be hidden from view.
  • Tyrant: The Free Software Foundation (FSF) uses the word "tyrant" and has defined it in this It refers to devices that refuse to allow the user to modify the software or run what they please. This definition approximates the way it is used in this entry.
  • Anti-features: A feature that a fully aware user would rather not have. The F-Droid project has a nice catalog of undesirable software, however a few items might be pushing the boundaries of a true anti-feature.
Operating System Selection
  • The freedom to modify the underlying operating system is restricted.
  • Vendors force users who want greater system control to run exploits or jail-breaking suites from untrusted origins, which endangers the integrity of personal devices.
  • While the security provided by unauthorized third parties might be good, security from the vendor itself is poor. This is further elaborated here: Android Privacy Issues and User Freedom Restrictions.
Security Technologies
  • Many popular device operating systems utilize security technologies which undermine the security of the user against meddling and surveillance by the vendor, while suppressing user freedoms. A classic example is most Android phones and iPhone devices.
  • Although an over-simplified argument, users of forks based on the Android Open Source Project ( and security/privacy-focused Android forks (like, are exempt from the criticisms in this section. [25] These operating systems include many security features to keep users safe from unauthorized third parties outside the ecosystem of the vendor.
Synonyms Vendor-Controlled Security

See Also[edit]


  1. Tivoization is the creation of a system that incorporates software under the terms of a copyleft software license (like the GPL), but uses hardware restrictions or digital rights management to prevent users from running modified versions of the software on that hardware. Richard Stallman coined the term in reference to TiVo's use of GNU GPL licensed software on the TiVo brand digital video recorders (DVR), which actively blocks users from running modified software on its hardware by design.

  2. Antifeatures are flags applied to applications to warn of issues that may be undesirable from the user's perspective. Frequently it is behavior that benefits the developer, but that the end user of the software would prefer not to be there.

  5. The LLVM compiler infrastructure project is a collection of modular, reusable compiler and toolchain technologies.
  15. Quote

    The initial Board of Directors included John Perry, Mitch, John, Steve and Stewart Brand.

  16. Quote

    The SafetyNet Attestation API provides services for determining whether a device running your app satisfies Android compatibility tests.

  21. Freedom / Open Source.
  22. Unfortunately, perhaps 99% of laymen utilize stock operating systems with their phone.

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

We believe security software like Kicksecure needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!