General Threats to User Freedom

From Kicksecure
Jump to navigation Jump to search

Threats123123.jpg

User Freedom Threats[edit]

Since the inception of the four original essential software freedoms provided by Freedom Software, other issues have emerged such as:

The Kicksecure ™ project does not currently have a policy prohibiting discussion of any applications with these traits.

Beyond Licensing[edit]

It is important to examine the objectives of the entities backing up a software project even if the code is apparently released under an open license. The impact on users' freedom in the future is at stake as a captive market is a winner takes all scenario. Consider the examples below.

Mono: Microsoft's .NET Implementation for Linux[edit]

Mono was released under dubious language concerning patent assertion, allowing Microsoft to arbitrarily enforce them if advantageous. If there had been high adoption of Mono, it would have given Microsoft enormous leverage over the language's ecosystem. Fortunately, the libre community did not take the bait and shunned the framework. Even though the patent situation changed recently, the well had been poisoned. [5] The SCO patent trolling used by Microsoft as an attempt to kill off Linux in the 2000s was not forgotten.

GCC vs Clang-LLVM[edit]

LLVM [6] was initially heavily funded by Apple in retaliation for the GNU Compiler Collection (GCC) re-licensing under GPLv3. While the permissive licensing is technically libre, it allows companies to close up forks or mandate non-free plugins. This locks in users on hardware platforms which would usher in a new dark age for libre software development and porting, and also lead to significant security and trust issues.

This unscrupulous conduct by industry players was not possible for the longest time because re-inventing another compiler with the same feature-set and architecture support as GCC was cost prohibitive. The widely cited consensus is that the competition has had a healthy outcome for GCC, leading to improved error codes, performance and features like plugin support - albeit carefully, to prevent closed plugins from piggy-backing on the compiler. However, another aspect is that compiler-specific quirks act as a "network effect" whereby if one component of a project only works with LLVM, the rest of the project follows with no interest from the developers to fix bugs or work on compatibility with GCC. For example, Libreoffice (on Windows) is switching to Clang because the the Skia renderer will only compile with it. [7] Over time, this could drain resources from the copyleft GCC as corporations and distributions conclude it is not cost effective to contribute to a compiler with shrinking market share.

Chromium[edit]

Chromium greatly amplifies Google's influence and ability to impose their custom standards and protocols, including on web standards; the impacts on freedom are unconsidered. [8] Google repeatedly snub and bypass the W3C standard body especially when improvements to user privacy are proposed. [9] The features they design also make performance notably worse in competing browsers. [10] When released, the existing plan for new API limitations will prevent current and even possible future rewrites of adblockers.

No attempt to address these concerns have been made by the Chromium developers. [11][12] Every Firefox installation provides Mozilla with a bit more leverage and diverts advertisement money from Google. The less people use Firefox, the less website creators will care to invest into developing websites for compatibility, thus killing it off indirectly. If Mozilla's revenue dies and they cease to exist, Tor Browser will also disappear - destroying a key component of the privacy ecosystem. The present Chromium engine is unsuitable for privacy projects because it cannot provide equivalent Firefox protections, and there is no willingness to change the design to accommodate such initiatives.

War on General Purpose Computing[edit]

There is a war on general purpose computing. More and more electronic devices sold nowadays are actually general purpose computers, but by default come with artificial restrictions that impede user control over the devices, deny the ability to observe/modify what the vendor's code is doing and to perpetuate privacy violations from the said code or force users to buy more expensive models to get features they could have obtained had they been able to unleash the the full potential of the cheaper device.

Examples:

  • TVs:
  • PlayStation is actually a fully functional computer that could in theory run any program but in practice which programs or games can be run on it is solely decided by Sony, its producer.
  • Restrictions in Mobile Devices:
    • An unreasonable restriction is all the bloatware (unwanted default installed applications) which is running on most people's phones nowadays which cannot many users would like to uninstall but lack the technical skill to do so due to great artificially introduced technically difficulties in doing so. Even if uninstallable in theory, there's the The Tyranny of the Default.
    • Another unreasonable restriction is for example is Google's ban in Android Play Store of YouTube downloaders such as TubeMate.
    • Most iPhone / Android phones restrict the freedom of the user to choose which programs can run on these devices. These phones are often packaged with spyware installed by default, which cannot be removed.
  • Most phones that are sold by mobile carriers or manufacturers have locked bootloaders which are prohibiting the user from installing alternative operating systems which are not certified by the hardware vendor.
    • QZ: Google can still use Bluetooth to track your Android phone when Bluetooth is turned off
    • How Google--and everyone else--gets Wi-Fi location data
      • How it works, according to Google, is that the Android Location Services periodically checks on your location using GPS, Cell-ID, and Wi-Fi to locate your device. When it does this, your Android phone will send back publicly broadcast Wi-Fi access points' Service set identifier (SSID) and Media Access Control (MAC) data. Again, this isn't just how Google does it; it's how everyone does it. It's Industry practice for location database vendors.

    • AP Exclusive: Google tracks your movements, like it or not
      • Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to. An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you’ve used a privacy setting that says it will prevent Google from doing so. Computer-science researchers at Princeton confirmed these findings at the AP’s request.

    • There may be rare exceptions to this rule, hence "most" and not "all". These exceptions are not the point which shall be made in this comparison. See also Android Privacy Issues and User Freedom Restrictions.
    • In summary, both, restrictions on applications which can/cannot be installed as well as which can/cannot be uninstalled are imposed. People are conditioned into more software freedom restrictions.
  • UEFI SecureBoot is another stumbling stone which makes installation of Freedom Software operating systems as a replacement for Microsoft Windows more difficult on the Intel / AMD64 ("PC") computers.
  • Out-of-band Management Technology can easily subvert user security and control over their machine if running an open alternative is not feasible.
  • Sophisticated civilian accessible drones running software which restricts where it can fly.
  • Cellphone Base-band firmware is not modifiable by the user which prevents updating for security patches once the manufacturer abandons the device.

People are reduced to vassals in this relationship involving them and the hardware vendor. For more examples consult Chapter User Freedom Threats to see how some technologies are abused to restrict user freedom.

The fact, that highly technical people are often capable of circumventing some of these technical restrictions, if sufficiently motivated, is besides the point as the censor has succeeded in accomplishing their objective of blocking the majority of the population who do not have a sophisticated knowledge of technology.

The trend is clearly going into the direction of the general population of loosing access to general computing rather than more freedom. It won't be happening today, tomorrow or next year. It's a gradual long term trend.

See also the presentation The Coming Century of War Against Your Computer by Cory Doctorow hosted by Stewart Brand (EFF founding member) [13], The Long Now Foundation / 28c3: The coming war on general computation.

Conflict of Interest[edit]

There is a conflict of interest between operating system vendors (stock ROM), custom operating system developers (custom ROM), application developers and users. This is a non-comprehensive list of interest of various parties.

What many users want to avoid:

Harvested personal information and user data is used to build a model of the user. That model is then used to manipulate the user such as to influence purchase and political decisions. That data is then sold and resold forever. The stolen data is then used against the user in many immoral ways. Once the data leaves the device, the user looses all control over it and the user will never be able to reign it again. Once leaked, never deleted.

Many users want:

  • Privacy:
    • Knowledge, control and minimization of data collection, snooping, espionage and data leaks the operating system and applications.
    • Prevent applications camera and/or voice recording them without their knowledge and consent, tracing their location history, exfiltration of contacts, media, messages and documents.
    • Prevent future data breach and their personal data leaked to third-parties.
  • Control: Have a basic understanding of and control what their devices are doing and limit applications to their purposes.
  • Audit: Verify that applications are only doing what they say and what is expected from them.
  • Customization: Application modifications such as for example patching the YouTube application on Google Android to enable background play.

Many application developers want:

  • Copyright protection: Allow the user to stream/watch media (such as Netflix), but prohibit retaining or sharing the media with others under reasonable fair use assumptions.
  • Data collection: As much information as possible is extracted (location, call history, browsing history, viewer history and much more) for the purpose of surveillance, market research, advertising, better prediction of user behavior and profit maximization.
  • Secrecy: Prevent the user from learning details on what exactly the application is doing.
  • Integrity: Prevent the user from making modifications to the application. Examples include
    • Google Android's YouTube app restriction (for freemium users) on playing audio in the background while the device's screen locker is enabled.
    • Freemium games want to prevent users getting items or playing levels which would otherwise only be accessible to paying customers.
    • Multi-player games want to to prevent cheating in online games.
    • Banking apps want to confirm that the security model is intact to prevent fraud. It desires to check that no other installed applications can read to or write from the banking app's dedicated storage folder as well as that no malicious kernel module or other malware is running that could steal the user's login credentials or make unauthorized transactions.

Most operating system vendors for mobile devices (stock ROM) want:

  • Adoption: Many users as possible to increase profit.
  • Attractiveness for application developers: Many application developers to provide applications for their platform to attract more users.
  • Security: Prevent any malicious and unapproved party from establishing a foothold in their ecosystem.

Some custom operating system vendors for mobile devices (custom ROM) want:

  • Similar to most operating system vendors.
  • Hardware deals: Getting recognition by a hardware producer that would pay for continued development and adjustment for their custom operating system.

Sigstore[edit]

Sigstore [14] [15] [16] [17] is an industry-led initiative to create a chain of trust for software with the objective of accomplishing something similar to what Let's Encrypt had done for website TLS certificates. On face value, having a curated transparency log for all Linux software and enforcing that only digital signature signed processes run (as part of Verified Boot) seems good, but the devil is in the details. A developer would need to authenticate with an OpenID Connect (OIDC) provider such as Google or GitHub to verify ownership of their email address and possession of previously generated keys. This centralizes trust and would make it trivial for these corporations to censor publishing code they find disagreeable as they are the self-appointed gatekeepers of verification.

An example of software banned by github includes youtube-dl, a YouTube video download utility (homepage, wikipedia). As torrentfreak reported, GitHub Warns Users Reposting YouTube-DL They Could Be Banned. As mentioned in Wikipedia, this was due to a request by the Recording Industry Association of America (RIAA). Fast forward, youtube-dl is now available again on github but this just one of many examples that there are issues.

Publisher anonymity may become impossible as most of the aforementioned entities require invasive proof of identity to allow signing up to their services. While the governance structure allows for multiple developers from different companies to play key roles in a rotating fashion, it is questionable how independent they can really be if pressure comes to bear on following certain orders or risk losing employment or promotion.

Hence it is reasonable to conclude that Sigstore will play a role in the War on General Purpose Computing and further limit which devices laymen users can run programs on without restrictions imposed by the operating system vendor. It might result in as a subversive attempt by corporate interests to create a walled garden that allows only certain "approved code" to run on Freedom Software systems as opposed to the decentralized distribution repository system that all Linux desktop distributions are using nowadays.

Such a design also raises questions about the integrity of the transparency log should one of the OpenID providers become compromised. Freedom Software developers and operating system maintainers would do well to steer clear from Sigstore.

Freedom vs Tyrant Security[edit]

Table: Freedom (Open Source) Security [18]

Category Description
Disk Encryption Disk encryption keys are under the sole control of the user.
End-to-end (E2E) Encryption End-to-end encryption keys are under the sole control of the user.
Security Features Security features are available which do not intentionally restrict user customization.
User Freedoms User freedom restrictions are intentionally minimized.

Table: Tyrant Security

Category Description
Default Privacy, Security and Customization Settings
  • These devices have privacy-intrusive default settings that most users are unaware of and which cannot be disabled.
  • In most cases the user cannot choose the vendor they wish to install (security) upgrades from.
  • Customization of these devices is also limited. For example, many pre-installed applications (often referred to as "bloatware") cannot be uninstalled or at least be hidden from view.
Definitions
  • Tyrant: The Free Software Foundation (FSF) uses the word "tyrant" and has defined it in this article. It refers to devices that refuse to allow the user to modify the software or run what they please. This definition approximates the way it is used in this entry.
  • Anti-features: A feature that a fully aware user would rather not have. The F-Droid project has a nice catalog of undesirable software behaviors, however a few items might be pushing the boundaries of a true anti-feature.
Operating System Selection
  • The freedom to modify the underlying operating system is restricted.
  • Vendors force users who want greater system control to run exploits or jail-breaking suites from untrusted origins, which endangers the integrity of personal devices.
  • While the security provided by unauthorized third parties might be good, security from the vendor itself is poor. This is further elaborated here: Android Privacy Issues and User Freedom Restrictions.
Security Technologies
  • Many popular device operating systems utilize security technologies which undermine the security of the user against meddling and surveillance by the vendor, while suppressing user freedoms. A classic example is most Android phones and iPhone devices.
  • Although an over-simplified argument, users of forks based on the Android Open Source Project (AOSP) and security/privacy-focused Android forks (like GrapheneOS), are exempt from the criticisms in this section. [19] These operating systems include many security features to keep users safe from unauthorized third parties outside the ecosystem of the vendor.

See Also[edit]

Footnotes[edit]

  1. Tivoization is the creation of a system that incorporates software under the terms of a copyleft software license (like the GPL), but uses hardware restrictions or digital rights management to prevent users from running modified versions of the software on that hardware. Richard Stallman coined the term in reference to TiVo's use of GNU GPL licensed software on the TiVo brand digital video recorders (DVR), which actively blocks users from running modified software on its hardware by design.

  2. Antifeatures are flags applied to applications to warn of issues that may be undesirable from the user's perspective. Frequently it is behavior that benefits the developer, but that the end user of the software would prefer not to be there.

  3. https://f-droid.org/en/docs/Anti-Features/
  4. Digital rights management (DRM) tools or technological protection measures (TPM) are a set of access control technologies for restricting the use of proprietary hardware and copyrighted works. DRM technologies try to control the use, modification, and distribution of copyrighted works (such as software and multimedia), as well as systems within devices that enforce these policies.

  5. https://en.wikipedia.org/wiki/Mono_%28software%29#Mono_and_Microsoft's_patents
  6. The LLVM compiler infrastructure project is a collection of modular, reusable compiler and toolchain technologies.
  7. https://www.phoronix.com/scan.php?page=news_item&px=LibreOffice-Needs-Windows-Clang
  8. http://robert.ocallahan.org/2014/08/choose-firefox-now-or-later-you-wont.html
  9. https://www.bloomberg.com/news/articles/2019-09-24/google-blocks-privacy-push-at-the-group-that-sets-web-standards
  10. https://arstechnica.com/gadgets/2018/12/the-web-now-belongs-to-google-and-that-should-worry-us-all/
  11. https://mspoweruser.com/google-may-make-adblocking-impossible-on-edge-and-chrome/
  12. https://bugs.chromium.org/p/chromium/issues/detail?id=896897&desc=2#c23
  13. Quote eff.org:

    The initial Board of Directors included John Perry, Mitch, John, Steve and Stewart Brand.

  14. https://www.sigstore.dev
  15. https://martinheinz.dev/blog/55
  16. https://martinheinz.dev/blog/56
  17. https://forums.whonix.org/t/sigstore-for-improving-verification-of-downloads/11536
  18. Freedom Software / Open Source.
  19. Unfortunately, perhaps 99% of laymen utilize stock operating systems with their phone.


Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.