General Threats to User Freedom
Tivoization, malicious features, antifeature, tyrant software, treacherous computing, digital restrictions management (DRM), Software as a Service (SaaS), Service as a Software Substitute (SaaSS), non-root enforcement
User Freedom Threats
Since the inception of the four original essential software freedoms provided by Freedom Software, other issues have emerged such as:
- Locked bootloaders: Devices prohibiting the user from installing alternative operating systems which are not certified by the hardware vendor.
- Non-root enforcement: Denying administrative rights ("root") to users. Thereby device owners are degraded to limited users with limited rights (non-administrators) on their own devices.
- Tivoization 
- Malicious features: examples include macOS and Windows
- antifeatures;  
- Tyrant software
- Treacherous computing:
- Device Attestation: The operating system rats out the user and helps applications learn about modifications which are undesired by the operating system vendor such as Google Android. As a result, applications refuse to function.
- Digital Rights Management (DRM):
Digital rights management (DRM) tools or technological protection measures (TPM) are a set of access control technologies for restricting the use of proprietary hardware and copyrighted works. DRM technologies try to control the use, modification, and distribution of copyrighted works (such as software and multimedia), as well as systems within devices that enforce these policies.
- FSF DRM campaign, (Digital Restrictions Management)
- Compilation toolchain issues: example
- SaaS: (Software as a Service) / SaaSS (Service as a Software Substitute)
- Non-freedom servers / APIs: Freedom Software clients requiring the use of non-freedom servers / APIs
- Enforced centralization: centralization being encouraged instead of federation and decentralization. For example Signal Private Messenger having privacy issues Signal broken metadata protection.
- Mobile number requirement insistence upon the provision of a mobile number for sign-up. (Phone Number Validation vs User Privacy) Signal requires this. Session Private Messenger demonstrates that this is technically not required but has other issues.
It is important to examine the objectives of the entities backing up a software project even if the code is apparently released under an open license. The impact on users' freedom in the future is at stake as a captive market is a winner takes all scenario. Consider the examples below.
- Ars Technica: Google’s iron grip on Android: Controlling open source by any means necessary
- The European Commission: Antitrust: Commission fines Google €4.34 billion for illegal practices regarding Android mobile devices to strengthen dominance of Google's search engine
Commissioner Margrethe Vestager, in charge of competition policy, said: "Today, mobile internet makes up more than half of global internet traffic. It has changed the lives of millions of Europeans. Our case is about three types of restrictions that Google has imposed on Android device manufacturers and network operators to ensure that traffic on Android devices goes to the Google search engine. In this way, Google has used Android as a vehicle to cement the dominance of its search engine. These practices have denied rivals the chance to innovate and compete on the merits. They have denied European consumers the benefits of effective competition in the important mobile sphere. This is illegal under EU antitrust rules."
In particular, Google: [...] has prevented manufacturers wishing to pre-install Google apps from selling even a single smart mobile device running on alternative versions of Android that were not approved by Google (so-called "Android forks").
In order to be able to pre-install on their devices Google's proprietary apps, including the Play Store and Google Search, manufacturers had to commit not to develop or sell even a single device running on an Android fork.
the Commission has found evidence that Google's conduct prevented a number of large manufacturers from developing and selling devices based on Amazon's Android fork called "Fire OS".
- Reuters: Google loses challenge against EU antitrust decision, other probes loom:
"The General Court largely confirms the Commission's decision that Google imposed unlawful restrictions on manufacturers of Android mobile devices and mobile network operators in order to consolidate the dominant position of its search engine," the court said.
Mono: Microsoft's .NET Implementation for Linux
Mono was released under dubious language concerning patent assertion, allowing Microsoft to arbitrarily enforce them if advantageous. If there had been high adoption of Mono, it would have given Microsoft enormous leverage over the language's ecosystem. Fortunately, the libre community did not take the bait and shunned the framework. Even though the patent situation changed recently, the well had been poisoned.  The SCO patent trolling used by Microsoft as an attempt to kill off Linux in the 2000s was not forgotten.
GCC vs Clang-LLVM
LLVM  was initially heavily funded by Apple in retaliation for the GNU Compiler Collection (GCC) re-licensing under GPLv3. While the permissive licensing is technically libre, it allows companies to close up forks or mandate non-free plugins. This locks in users on hardware platforms which would usher in a new dark age for libre software development and porting, and also lead to significant security and trust issues.
This unscrupulous conduct by industry players was not possible for the longest time because re-inventing another compiler with the same feature-set and architecture support as GCC was cost prohibitive. The widely cited consensus is that the competition has had a healthy outcome for GCC, leading to improved error codes, performance and features like plugin support - albeit carefully, to prevent closed plugins from piggy-backing on the compiler. However, another aspect is that compiler-specific quirks act as a "network effect" whereby if one component of a project only works with LLVM, the rest of the project follows with no interest from the developers to fix bugs or work on compatibility with GCC. For example, Libreoffice (on Windows) is switching to Clang because the the Skia renderer will only compile with it.  Over time, this could drain resources from the copyleft GCC as corporations and distributions conclude it is not cost effective to contribute to a compiler with shrinking market share.
Chromium greatly amplifies Google's influence and ability to impose their custom standards and protocols, including on web standards; the impacts on freedom are unconsidered.  Google repeatedly snub and bypass the W3C standard body especially when improvements to user privacy are proposed.  The features they design also make performance notably worse in competing browsers.  When released, the existing plan for new API limitations will prevent current and even possible future rewrites of adblockers.
No attempt to address these concerns have been made by the Chromium developers.   Every Firefox installation provides Mozilla with a bit more leverage and diverts advertisement money from Google. The less people use Firefox, the less website creators will care to invest into developing websites for compatibility, thus killing it off indirectly. If Mozilla's revenue dies and they cease to exist, Tor Browser will also disappear - destroying a key component of the privacy ecosystem. The present Chromium engine is unsuitable for privacy projects because it cannot provide equivalent Firefox protections, and there is no willingness to change the design to accommodate such initiatives.
War on General Purpose Computing
There is an ongoing struggle against the unrestricted use of general-purpose computing devices. Increasingly, electronic devices sold today are, in fact, general-purpose computers that come with built-in restrictions that limit user control. Vendors purposely withhold administrative capabilities, also known as "root rights," from users, which can cause problems:
- It prevents users from fixing problems or adding new features. For example, if a stock Android device fails to start, it is impossible to analyze what is going on without administrative rights, let alone fix it.
- It perpetuates privacy violations.
- It forces users to buy more expensive models to get features they could have obtained had they been able to unleash the full potential of their already purchased devices.
Examples of this struggle include:
- The Guardian: Samsung admits its smart TVs are forcing pop-up ads into video apps (underline added):
- Almost 100,000 upvotes on reddit post Unremovable ads on my $2,500 Samsung Smart TV.
- Given that TVs are in most people's living rooms and even bedrooms and that the newer generation of Smart TVs come with built-in cameras, microphones and are internet-connected, it is crucial to ensure that the software running on them serves the user and not the producer. See also The Washington Post: WikiLeaks: The CIA is using popular TVs, smartphones and cars to spy on their owners / Vault 7: CIA Hacking Tools Revealed.
- The Guardian: Samsung admits its smart TVs are forcing pop-up ads into video apps (underline added):
- The PlayStation is a fully functional computer that could run any program in theory, but in practice, which programs or games can be run on it is solely decided by Sony, its producer.
- Console mod-chippers were busted in nationwide raids in 2007.
- Restrictions in Mobile Devices: (#mobile_devices_restrictions)
- Many mobile phones have bloatware, unwanted default installed applications, which cannot be easily uninstalled. This is an unreasonable restriction. Even if uninstallable in theory, there is the The Tyranny of the Default that makes it difficult to do so. A lot of users wish to uninstall a bloatware, but they may not have the technical expertise to do it because the process has been intentionally made more difficult than it should be.
- Most iPhone and Android phones restrict the user's freedom to choose which programs can run on these devices.
- Another unreasonable restriction is for example is Google's ban in Android Play Store of YouTube downloaders such as TubeMate.
- Google bans adblockers that block adds in other apps from its Play Store.
- YouTube Vanced was an alternative YouTube player.
On March 13, 2022, the developers of YouTube Vanced announced that the application would be shut down after they received a cease and desist letter from Google, which forced the developers to stop developing and distributing the app.
- A YouTube downloader
youtube-dl... Quote EFF:
It was later re-instated thanks to help by EFF. 
Recording Industry Association of America (RIAA) abused the Digital Millennium Copyright Act’s notice-and-takedown procedure to pressure GitHub to remove it.
- Installation of apps without using the platforms official app store is sometimes still possible.
- Google Android: The process of installing an app from sources other than Google Play is still possible for technically advanced users clicking through scary warnings.
- Apple's iOS: Is even more restricted and does not permit installation of apps without the official iOS App Store.
- Alternative app stores such as F-Droid are forbidden in Google Play Store as well as in Apple's iOS App Store. At least F-Droid can be installed by technically advanced users on Android but not on iPhone where the user is even more locked out.
- For example, Apple rejected rejected an endmyopia app citing "medical diagnostic" from its App Store. Without App Store however on iOS devices, no applications can be installed. On iOS there is purposely not even a sideloding feature which is at least available on Google Android stock devices. In theory, devices could be jail broken but that harms security and then many other apps would refuse to run due to attestation.
- Apple also bans torrent clients and emulators.
- The unrestricted discussion software Telegram downloadable from Google Play Store or Apple App Store censors topics as the corporate overlords see fit. The Freedom Software version of Telegram downloadable from the Telegram website, web version web.telegram.org as well as downloadable from F-Droid, the Free and Open Source Android App Repository does not have these restrictions.
- Apple bans GPL licensed software from its app store.
- Apple banned developers who created software that allowed to disable artificial user freedom restrictions on iPhone devices.
- These phones are often packaged with spyware installed by default, which cannot be removed.
- Most phones that are sold by mobile carriers or manufacturers have locked bootloaders which are prohibiting the user from installing alternative operating systems which are not certified by the hardware vendor. For example:
- The Microsoft Surface RT/2 tablet comes with Windows 8.1 which is nowadays outdated and a locked bootloader. It cannot be updated to Windows 10 or to alternative operating systems such as Linux.  Using a jailbreak and lengthy complicated instructions it might be possible. 
- QZ: Google can still use Bluetooth to track your Android phone when Bluetooth is turned off
- How Google--and everyone else--gets Wi-Fi location data
How it works, according to Google, is that the Android Location Services periodically checks on your location using GPS, Cell-ID, and Wi-Fi to locate your device. When it does this, your Android phone will send back publicly broadcast Wi-Fi access points' Service set identifier (SSID) and Media Access Control (MAC) data. Again, this isn't just how Google does it; it's how everyone does it. It's Industry practice for location database vendors.
- AP Exclusive: Google tracks your movements, like it or not
Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to. An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you’ve used a privacy setting that says it will prevent Google from doing so. Computer-science researchers at Princeton confirmed these findings at the AP’s request.
- There may be rare exceptions to this rule, hence "most" and not "all". These exceptions are not the point which shall be made in this comparison. See also Android Privacy Issues and User Freedom Restrictions.
- In summary, both, restrictions on applications which can/cannot be installed as well as which can/cannot be uninstalled are imposed. People are conditioned into more software freedom restrictions.
- UEFI SecureBoot is another stumbling stone which makes installation of Freedom Software operating systems as a replacement for Microsoft Windows more difficult on the Intel / AMD64 ("PC") computers.
- Out-of-band Management Technology can easily subvert user security and control over their machine if running an open alternative is not feasible.
- Sophisticated civilian accessible drones running software which restricts where it can fly.
- Cellphone Base-band firmware is not modifiable by the user which prevents updating for security patches once the manufacturer abandons the device.
- Google banned AGPL licensed software from its code hosting platform. Google has an anti-AGPL policy.
People are reduced to vassals in this relationship involving them and the hardware vendor. For more examples consult Chapter User Freedom Threats to see how some technologies are abused to restrict user freedom.
The fact, that highly technical people are sometimes capable of circumventing some of these technical restrictions, if sufficiently motivated, is besides the point as the censor has succeeded in accomplishing their objective of blocking the majority of the population who do not have a sophisticated knowledge of technology. The root issue is, there is a lock and the vendor refuses to give the key to the user. That root issue does not go away by breaking the lock. Big, most hardware vendors locking down devices is a far more important, powerful movement than a few hackers that can sometimes circumvent technical restrictions in a cat and mouse game which would be lost eventually by the hackers. For example Google's SafetyNet hardware attestation is currently unbreakable. Quote GrapheneOS on Banking apps:
GrapheneOS doesn't attempt to bypass the checks since it would be very fragile and would repeatedly break as the checks are improved. Devices launched with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities so the era of being able to bypass these checks by spoofing results is coming to an end regardless.
The trend is clearly going into the direction of the general population of loosing access to general computing rather than gaining more freedom. It won't be happening today, tomorrow or next year. It's a gradual long term trend.
For most device classes (phones, tablets, TVs) the freedom of general computing was already lost without an awareness of the war on general computing. The freedom of general computing remains only on some desktop computers and servers.
Desktop computer's are under attack too with Microsoft's Restricted Boot ("Secure Boot") feature. Restricted Boot did not prevent booting alternative operating systems yet but novice users must either use operating systems who's bootloaders were permitted by Microsoft (suddenly Microsoft is in control which operating system can run) or click through scary security warnings when disabling the restricted boot feature in the BIOS through a procedure in the BIOS which is complicated for non-technical users. With another option of deploying one's own keys which is even more complicated. The actual security of restricted boot in the real world has turned out to be worthless since centralized keys/signing will always be vulnerable to secrets leaks. With closed source and seldom updated UEFI firmware serving as the TCB for restricted boot, malware has been able to exploit that to bypass it and gain persistence.
Alternative operating systems such as Linux distributions are going into a similar long term direction with Sigstore and the long term vision on image-based OSes with modernized security properties built around immutability. While there are probably good intentions and strong technical advantages for going into that direction (recovery mode boot, factory reset, Verified Boot), the result of requiring to enable a developer mode to be able to modify arbitrary files on the disk, would make it trivial to switch from freedom (unlocked) to non-freedom (locked).
Once most devices are locked down, the few remaining libre compatible options could either be pressured to lockdown by economies of scale (corporations requesting digital restrictions management (DRM) in their hardware and would make custom hardware batches exorbitantly expensive and out of reach), or through outright bans by politicians mandating proprietary, surveillance friendly operating systems, citing the Four Horsemen of the Infocalypse. Outlawing general computing as been attempted in 2002 in USA through the Consumer Broadband and Digital Television Promotion Act, which unfortunately failed at the time. These would then effectively control which applications can be run.
- the presentation The Coming Century of War Against Your Computer by Cory Doctorow hosted by Stewart Brand (EFF founding member) , The Long Now Foundation / 28c3: The coming war on general computation.
- Taking a Stand in the War on General-Purpose Computing
- Against TCPA
Users should own your hardware as well as their software. Avoid non-freedom software. Avoid locked hardware. Use Freedom Software. When purchasing new devices, the user should check:
- Will I get full administrative rights ("root rights") yes or no?
- Or is the device at least rootable?
- Is the bootloader unlocked?
- Or is the bootloader at least unlockable?
Device Attestation such as SafetyNet
Google's SafetyNet is a tool used by many apps to check and refuse to run on user modified devices running custom operating systems that are free from unwanted spyware and bloatware that come pre-installed on most Android devices from mainstream manufacturers.
SafetyNet certification is only granted to devices that comply with Google's "Android compatibility tests". To be eligible for certification, Google Play Services must be installed , which leads to massive data snooping by Google. This certification guarantees "security" for the app developer, not the user.
It guarantees "security" not for the user but for the app developer. Many essential applications that does not exactly conform to Google's mandates refuse to run.
Essential applications that do not meet Google's mandates refuse to run, and users are denied the ability to audit or stop what the application is doing, such as inspecting what data it is harvesting and sending back to its servers. This is a severe restriction on user freedom, where apps are allowed to operate on the user's device without any transparency or user control.
Device attestation is a worldview where apps should only be able to operate on the user's device without user or researchers having the ability to audit or stop what the application is doing - such as inspecting what data it is harvesting and phoning home.
Most banking apps, streaming services, transportation apps, and some messengers such as Snapchat are affected. Device Attestation and SafetyNet restrictions are part of the "War on General Purpose Computing," which limits user freedom and restricts users from using their devices in the way they desire.
Conflict of Interest
There is a conflict of interest in the software industry and undermines the very foundation of user trust. Operating system vendors (stock ROM), custom operating system developers (custom ROM), application developers, and users are in a struggle for power, control, and/or profit.
What many users want to avoid:
Users are often the victims of a web of data harvesting, surveillance, and manipulation. Personal information and user data are collected and used to build a model of the user, which is then used to manipulate the user's behavior, influence their purchase and political decisions, and even control their thoughts. This data is then sold and resold forever, allowing it to be used against the user in immoral ways that violate their privacy and autonomy. Once the data leaves the device, the user loses all control over it and the data can never be fully erased or retrieved.
Many users demand:
- Knowledge, control and minimization of data collection, snooping, espionage and data leaks by the operating system and applications.
- Prevention of applications camera and/or voice recording them without their knowledge and consent, tracing their location history, exfiltration of contacts, media, messages, and documents.
- Protection from future data breaches and their personal data being leaked to third parties.
- Control: A basic understanding of and control over what their devices are doing, including the ability to limit applications to their intended purposes.
- Audit: The ability to verify that applications are only doing what they claim and what is expected of them.
- Customization: The ability to modify applications to suit their individual needs, such as patching the YouTube application on Google Android to enable background play.
Many application developers prioritize:
- Copyright protection: The ability to prevent users from retaining or sharing copyrighted media (such as Netflix), even under reasonable fair use assumptions.
- Data collection: The collection of as much information as possible (including location, call history, browsing history, viewer history, and more) for the purpose of surveillance, market research, advertising, predicting user behavior, user manipulation and maximizing profit.
- Secrecy: Preventing users from learning the details of what an application is doing.
- Integrity: Preventing users from making modifications to an application. Examples include:
- Google Android's YouTube app restriction (for freemium users) on playing audio in the background while the device's screen locker is enabled.
- Freemium games that prevent users from accessing items or levels that are only available to paying customers.
- Multiplayer games that prevent cheating in online games.
- Banking apps that confirm the security model is intact to prevent fraud by checking that no other installed applications can read or write from the banking app's dedicated storage folder, and that no malicious kernel module or other malware is running that could steal the user's login credentials or make unauthorized transactions.
Most operating system vendors for mobile devices (stock ROM) prioritize:
- Adoption: Attracting as many users as possible to increase profit.
- Attractiveness for application developers: Providing an environment that encourages application developers to create apps for their platform, thereby attracting more users.
- Security: Preventing any malicious or unapproved party from establishing a foothold in their ecosystem.
Some custom operating system vendors for mobile devices (custom ROM) prioritize:
Some custom operating system vendors for mobile devices (custom ROM) want:
- Similar to most operating system vendors.
- Hardware deals: Obtaining recognition from a hardware producer that would pay for continued development and adjustment for their custom operating system, often at the expense of users.
Sigstore     is an industry-led initiative to create a chain of trust for software with the objective of accomplishing something similar to what Let's Encrypt had done for website TLS certificates. At face value, having a curated transparency log for all Linux software and enforcing that only digital signature signed processes run (as part of Verified Boot) seems good, but the devil is in the details. A developer would need to authenticate with an OpenID Connect (OIDC) provider such as Google or GitHub to verify ownership of their email address and possession of previously generated keys. This centralizes trust and would make it trivial for these corporations to censor publishing code they find disagreeable as they are the self-appointed gatekeepers of verification.
An example of software banned by github includes
youtube-dl, a YouTube video download utility (homepage, wikipedia). As torrentfreak reported, GitHub Warns Users Reposting YouTube-DL They Could Be Banned. As mentioned in Wikipedia, this was due to a request by the Recording Industry Association of America (RIAA). Fast forward,
youtube-dl is now available again on github but this just one of many examples that there are issues.
Publisher anonymity may become impossible as most of the aforementioned entities require invasive proof of identity to allow signing up to their services. While the governance structure allows for multiple developers from different companies to play key roles in a rotating fashion, it is questionable how independent they can really be if pressure comes to bear on following certain orders or risk losing employment or promotion.
Hence it is reasonable to conclude that Sigstore will play a role in the War on General Purpose Computing and further limit which devices laymen users can run programs on without restrictions imposed by the operating system vendor. It might result in as a subversive attempt by corporate interests to create a walled garden that allows only certain "approved code" to run on Freedom Software systems as opposed to the decentralized distribution repository system that all Linux desktop distributions are using nowadays.
Such a design also raises questions about the integrity of the transparency log should one of the OpenID providers become compromised. Freedom Software developers and operating system maintainers would do well to steer clear from Sigstore.
Freedom vs Tyrant Security
Table: Freedom (Open Source) Security 
|Disk Encryption||Disk encryption keys are under the sole control of the user.|
|End-to-end (E2E) Encryption||End-to-end encryption keys are under the sole control of the user.|
|Security Features||Security features are available which do not intentionally restrict user customization.|
|User Freedoms||User freedom restrictions are intentionally minimized.|
|Synonyms||Cypherpunk Security, User-Controlled Security|
Table: Tyrant Security / Enterprise Security
|Default Privacy, Security and Customization Settings||
|Operating System Selection||
- Verified Boot
- Policy on Non-Freedom Software
- Policy of the Kicksecure ™ Website and Chat
- Unsubstantiated Conclusions
- Avoid Non-Freedom Software
- Why Kicksecure ™ is Freedom Software
- Mobile Phone Security
- Mobile Operating System Comparison
Tivoization is the creation of a system that incorporates software under the terms of a copyleft software license (like the GPL), but uses hardware restrictions or digital rights management to prevent users from running modified versions of the software on that hardware. Richard Stallman coined the term in reference to TiVo's use of GNU GPL licensed software on the TiVo brand digital video recorders (DVR), which actively blocks users from running modified software on its hardware by design.
Antifeatures are flags applied to applications to warn of issues that may be undesirable from the user's perspective. Frequently it is behavior that benefits the developer, but that the end user of the software would prefer not to be there.
- ↑ https://f-droid.org/en/docs/Anti-Features/
- ↑ https://en.wikipedia.org/wiki/Mono_%28software%29#Mono_and_Microsoft's_patents
- ↑ The LLVM compiler infrastructure project is a collection of modular, reusable compiler and toolchain technologies.
- ↑ https://www.phoronix.com/news/LibreOffice-Needs-Windows-Clang
- ↑ https://robert.ocallahan.org/2014/08/choose-firefox-now-or-later-you-wont.html
- ↑ https://www.bloomberg.com/news/articles/2019-09-24/google-blocks-privacy-push-at-the-group-that-sets-web-standards
- ↑ https://arstechnica.com/gadgets/2018/12/the-web-now-belongs-to-google-and-that-should-worry-us-all/
- ↑ https://mspoweruser.com/google-may-make-adblocking-impossible-on-edge-and-chrome/
- ↑ https://bugs.chromium.org/p/chromium/issues/detail?id=896897&desc=2#c23
- ↑ https://github.blog/2020-11-16-standing-up-for-developers-youtube-dl-is-back/
- ↑ https://www.schneier.com/blog/archives/2022/12/leaked-signing-keys-are-being-used-to-sign-malware.html
- ↑ https://www.schneier.com/blog/archives/2023/03/blacklotus-malware-hijacks-windows-secure-boot-process.html
The initial Board of Directors included John Perry, Mitch, John, Steve and Stewart Brand.
The SafetyNet Attestation API provides services for determining whether a device running your app satisfies Android compatibility tests.
- ↑ https://www.sigstore.dev
- ↑ https://martinheinz.dev/blog/55
- ↑ https://martinheinz.dev/blog/56
- ↑ https://forums.whonix.org/t/sigstore-for-improving-verification-of-downloads/11536
- ↑ Freedom Software / Open Source.
- ↑ Unfortunately, perhaps 99% of laymen utilize stock operating systems with their phone.
Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.
We believe security software like Kicksecure needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!