General Threats to User Freedom

From Kicksecure
Jump to navigation Jump to search

Tivoization, malicious features, antifeature, tyrant software, treacherous computing, digital restrictions management (DRM), Software as a Service (SaaS), Service as a Software Substitute (SaaSS), Administrative Rights Refusal (non-root enforcement).

User Freedom Threats[edit]

Since the inception of the four original essential software freedoms provided by Freedom Softwarearchive.org, other issues have emerged such as:

Corporate Objectives[edit]

It is important to examine the objectives of the entities backing up a software project even if the code is apparently released under an open license. The impact on users' freedom in the future is at stake as a captive market is a winner takes all scenario. Consider the examples below.

Android[edit]

  • Ars Technica: Google’s iron grip on Android: Controlling open source by any means necessaryarchive.org
  • The European Commission: Antitrust: Commission fines Google €4.34 billion for illegal practices regarding Android mobile devices to strengthen dominance of Google's search enginearchive.org
    • Commissioner Margrethe Vestager, in charge of competition policy, said: "Today, mobile internet makes up more than half of global internet traffic. It has changed the lives of millions of Europeans. Our case is about three types of restrictions that Google has imposed on Android device manufacturers and network operators to ensure that traffic on Android devices goes to the Google search engine. In this way, Google has used Android as a vehicle to cement the dominance of its search engine. These practices have denied rivals the chance to innovate and compete on the merits. They have denied European consumers the benefits of effective competition in the important mobile sphere. This is illegal under EU antitrust rules."

    • In particular, Google: [...] has prevented manufacturers wishing to pre-install Google apps from selling even a single smart mobile device running on alternative versions of Android that were not approved by Google (so-called "Android forks").

    • In order to be able to pre-install on their devices Google's proprietary apps, including the Play Store and Google Search, manufacturers had to commit not to develop or sell even a single device running on an Android fork.

    • the Commission has found evidence that Google's conduct prevented a number of large manufacturers from developing and selling devices based on Amazon's Android fork called "Fire OS".

  • Reuters: Google loses challenge against EU antitrust decision, other probes loomarchive.org:
    • "The General Court largely confirms the Commission's decision that Google imposed unlawful restrictions on manufacturers of Android mobile devices and mobile network operators in order to consolidate the dominant position of its search engine," the court said.

Mono: Microsoft's .NET Implementation for Linux[edit]

Mono was released under dubious language concerning patent assertion, allowing Microsoft to arbitrarily enforce them if advantageous. If there had been high adoption of Mono, it would have given Microsoft enormous leverage over the language's ecosystem. Fortunately, the libre community did not take the bait and shunned the framework. Even though the patent situation changed recently, the well had been poisoned. [5] The SCO patent trolling used by Microsoft as an attempt to kill off Linux in the 2000s was not forgotten.

GCC vs Clang-LLVM[edit]

LLVMarchive.org [6] was initially heavily funded by Apple in retaliation for the GNU Compiler Collection (GCC)archive.org re-licensing under GPLv3archive.org. While the permissive licensing is technically libre, it allows companies to close up forks or mandate non-free plugins. This locks in users on hardware platforms which would usher in a new dark age for libre software development and porting, and also lead to significant security and trust issues.

This unscrupulous conduct by industry players was not possible for the longest time because re-inventing another compiler with the same feature-set and architecture support as GCC was cost prohibitive. The widely cited consensus is that the competition has had a healthy outcome for GCC, leading to improved error codes, performance and features like plugin support - albeit carefully, to prevent closed plugins from piggy-backing on the compiler. However, another aspect is that compiler-specific quirks act as a "network effect" whereby if one component of a project only works with LLVM, the rest of the project follows with no interest from the developers to fix bugs or work on compatibility with GCC. For example, Libreoffice (on Windows) is switching to Clang because the the Skia renderer will only compile with it. [7] Over time, this could drain resources from the copyleft GCC as corporations and distributions conclude it is not cost effective to contribute to a compiler with shrinking market share.

Chromium[edit]

Chromium greatly amplifies Google's influence and ability to impose their custom standards and protocols, including on web standards; the impacts on freedom are unconsidered. [8] Google repeatedly snub and bypass the W3C standard body especially when improvements to user privacy are proposed. [9] The features they design also make performance notably worse in competing browsers. [10] When released, the existing plan for new API limitations will prevent current and even possible future rewrites of adblockers.

No attempt to address these concerns have been made by the Chromium developers. [11] [12] Every Firefox installation provides Mozilla with a bit more leverage and diverts advertisement money from Google. The less people use Firefox, the less website creators will care to invest into developing websites for compatibility, thus killing it off indirectly. If Mozilla's revenue dies and they cease to exist, Tor Browser will also disappear - destroying a key component of the privacy ecosystem. The present Chromium engine is unsuitable for privacy projectsarchive.org because it cannot provide equivalent Firefox protections, and there is no willingness to change the design to accommodate such initiatives.

Web Environment Integrity (WEI):

War on General Purpose Computing[edit]

There is an ongoing struggle against the unrestricted use of general-purpose computing devices. Increasingly, electronic devices sold today are, in fact, general-purpose computers that come with built-in restrictions that limit user control. Vendors purposely withhold administrative capabilities, also known as "root rights," from users, which can cause problems:

  • It prevents users from fixing problems or adding new features. For example, if a stock Android device fails to start, it is impossible to analyze what is going on without administrative rights, let alone fix it.
  • It perpetuates privacy violations.
  • It forces users to buy more expensive models to get features they could have obtained had they been able to unleash the full potential of their already purchased devices.

Examples of this struggle include:

  • TVs:
  • The PlayStation is a fully functional computer that could run any program in theory, but in practice, which programs or games can be run on it is solely decided by Sony, its producer.
  • Console mod-chippers were busted in nationwide raids in 2007.archive.org
  • Restrictions in Mobile Devices: (#mobile_devices_restrictions)
    • Many mobile phones have bloatware, unwanted default installed applications, which cannot be easily uninstalled. This is an unreasonable restriction. Even if uninstallable in theory, there is the The Tyranny of the Default that makes it difficult to do so. A lot of users wish to uninstall a bloatware, but they may not have the technical expertise to do it because the process has been intentionally made more difficult than it should be.
    • Most iPhone and Android phones restrict the user's freedom to choose which programs can run on these devices.
      • Another unreasonable restriction is for example is Google's ban in Android Play Store of YouTube downloaders such as TubeMate.
      • Google bans adblockers that block adds in other apps from its Play Store.archive.org
      • YouTube Vancedarchive.org was an alternative YouTube player.

        On March 13, 2022, the developers of YouTube Vanced announced that the application would be shut down after they received a cease and desist letter from Google, which forced the developers to stop developing and distributing the app.

        [13]
      • A YouTube downloader youtube-dl... Quote EFFarchive.org:

        Recording Industry Association of America (RIAA) abused the Digital Millennium Copyright Act’s notice-and-takedown procedure to pressure GitHub to remove it.

        It was later re-instated thanks to help by EFF. [14]
      • Installation of apps without using the platforms official app store is sometimes still possible.
        • Google Android: The process of installing an app from sources other than Google Play is still possible for technically advanced users clicking through scary warnings.
        • Apple's iOS: Is even more restricted and does not permit installation of apps without the official iOS App Store.
        • Alternative app stores such as F-Droid are forbidden in Google Play Store as well as in Apple's iOS App Store. At least F-Droid can be installed by technically advanced users on Android but not on iPhone where the user is even more locked out.
      • For example, Apple rejected rejected an endmyopia apparchive.org citing "medical diagnostic" from its App Store. Without App Store however on iOS devices, no applications can be installed. On iOS there is purposely not even a sideloding feature which is at least available on Google Android stock devices. In theory, devices could be jail broken but that harms security and then many other apps would refuse to run due to attestation.
      • Apple also bans torrent clients and emulators.
      • The unrestricted discussion software Telegram downloadable from Google Play Store or Apple App Store censors topics as the corporate overlords see fit. The Freedom Software version of Telegram downloadable from the Telegram website, web version web.telegram.org as well as downloadable from F-Droid, the Free and Open Source Android App Repository does not have these restrictions.
      • Apple bans GPL licensed software from its app store.archive.org
      • Apple banned developers who created software that allowed to disable artificial user freedom restrictions on iPhone devices.archive.org
      • These phones are often packaged with spyware installed by default, which cannot be removed.
  • Most phones that are sold by mobile carriers or manufacturers have locked bootloaders which are prohibiting the user from installing alternative operating systems which are not certified by the hardware vendor. For example:
    • The Microsoft Surface RT/2 tablet comes with Windows 8.1 which is nowadays outdated and a locked bootloader. It cannot be updated to Windows 10 or to alternative operating systems such as Linux. [15] Using a jailbreak and lengthy complicated instructions it might be possible. [16]
    • QZ: Google can still use Bluetooth to track your Android phone when Bluetooth is turned offarchive.org
    • How Google--and everyone else--gets Wi-Fi location dataarchive.org
      • How it works, according to Google, is that the Android Location Services periodically checks on your location using GPS, Cell-ID, and Wi-Fi to locate your device. When it does this, your Android phone will send back publicly broadcast Wi-Fi access points' Service set identifier (SSID) and Media Access Control (MAC) data. Again, this isn't just how Google does it; it's how everyone does it. It's Industry practice for location database vendors.

    • AP Exclusive: Google tracks your movements, like it or notarchive.org
      • Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to. An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you’ve used a privacy setting that says it will prevent Google from doing so. Computer-science researchers at Princeton confirmed these findings at the AP’s request.

    • There may be rare exceptions to this rule, hence "most" and not "all". These exceptions are not the point which shall be made in this comparison. See also Android Privacy Issues and User Freedom Restrictions.
    • In summary, both, restrictions on applications which can/cannot be installed as well as which can/cannot be uninstalled are imposed. People are conditioned into more software freedom restrictions.
  • UEFI SecureBoot is another stumbling stone which makes installation of Freedom Software operating systems as a replacement for Microsoft Windows more difficult on the Intel / AMD64 ("PC") computers.
  • Out-of-band Management Technology can easily subvert user security and control over their machine if running an open alternative is not feasible.
  • Sophisticated civilian accessible drones running software which restricts where it can fly.
  • Cellphone Base-band firmware is not modifiable by the user which prevents updating for security patches once the manufacturer abandons the device.
  • Google banned AGPL licensed software from its code hosting platform.archive.org Google has an anti-AGPL policy.archive.org

People are reduced to vassals in this relationship involving them and the hardware vendor. For more examples consult Chapter User Freedom Threats to see how some technologies are abused to restrict user freedom.

The fact, that highly technical people are sometimes capable of circumventing some of these technical restrictions, if sufficiently motivated, is besides the point as the censor has succeeded in accomplishing their objective of blocking the majority of the population who do not have a sophisticated knowledge of technology. The root issue is, there is a lock and the vendor refuses to give the key to the user. That root issue does not go away by breaking the lock. Big, most hardware vendors locking down devices is a far more important, powerful movement than a few hackers that can sometimes circumvent technical restrictions in a cat and mouse game which would be lost eventually by the hackers. For example Google's SafetyNet hardware attestation is currently unbreakable. Quote GrapheneOS on Banking appsarchive.org:

GrapheneOS doesn't attempt to bypass the checks since it would be very fragile and would repeatedly break as the checks are improved. Devices launched with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities so the era of being able to bypass these checks by spoofing results is coming to an end regardless.

The trend is clearly going into the direction of the general population of loosing access to general computing rather than gaining more freedom. It won't be happening today, tomorrow or next year. It's a gradual long term trend.

For most device classes (phones, tablets, TVs) the freedom of general computing was already lost without an awareness of the war on general computing. The freedom of general computing remains only on some desktop computers and servers.

(#restricted boot)

Desktop computer's are under attack too with Microsoft's Restricted Boot ("Secure Boot")archive.org (summaryarchive.org) feature. Restricted Boot did not prevent booting alternative operating systems yet on the PC (Intel/AMD64 architecture), but novice users must either use operating systems who's bootloaders were permitted by Microsoft (suddenly Microsoft is in control which operating system can run) or click through scary security warnings when disabling the restricted boot feature in the BIOS through a procedure in the BIOS which is complicated for non-technical users. With another option of deploying one's own keys which is even more complicated. The actual security of restricted boot in the real world has turned out to be worthless since centralized keys/signing will always be vulnerable to secrets leaks. [17] With closed source and seldom updated UEFI firmware serving as the TCB for restricted boot, malware has been able to exploit that to bypass it and gain persistence. [18]

But the PC market (Intel/AMD64 architecture) is shrinking and gradually being replaced by locked down devices.

But concentrating on these problems misses the wider point. The x86 market remains one where users are able to run whatever they want, but the x86 market is shrinking. Users are purchasing tablets and other ARM-based ultraportables. Some users are using phones as their primary computing device. In contrast to the x86 market, Microsoft's policies for the ARM market restrict user freedom. Windows Phone and Windows RT devices are required to boot only signed binaries, with no option for the end user to disable the signature validation or install their own keys. While the underlying technology is identical, this differing set of default policies means that Microsoft's ARM implementation is better described as Restricted Boot. The hardware vendors and Microsoft define which software will run on these systems. The owner gets no say.https://mjg59.dreamwidth.org/23817.htmlarchive.org

See also Secure Boot (developers).

Intel/AMD64 (x86) ("PC") Devices some ARM (and other architectures) Devices
Users can disable Secure Boot Yes No
Users can install their own keys Yes No
Freedom to run alternative operating systems Yes No
Control ultimately remains with device owner Yes No
No option to disable boot validation No Yes
Cannot install custom keys No Yes
Hardware vendors and Microsoft control what software can run No Yes
End users have no ability to modify boot settings No Yes

Alternative operating systems such as Linux distributions are going into a similar long term direction with Sigstore and the long term vision on image-based OSes with modernized security properties built around immutabilityarchive.org. While there are probably good intentions and strong technical advantages for going into that direction (recovery mode boot, factory reset, Verified Boot), the result of requiring to enable a developer mode to be able to modify arbitrary files on the disk, would make it trivial to switch from freedom (unlocked) to non-freedom (locked).

Once most devices are locked down, the few remaining libre compatible options could either be pressured to lockdown by economies of scale (corporations requesting digital restrictions management (DRM) in their hardware and would make custom hardware batches exorbitantly expensive and out of reach), or through outright bans by politicians mandating proprietary, surveillance friendly operating systems, citing the Four Horsemen of the Infocalypsearchive.org. Outlawing general computing as been attempted in 2002 in USA through the Consumer Broadband and Digital Television Promotion Actarchive.org, which fortunately failed at the time. These would then effectively control which applications can be run.

See also,

Users should own their hardware as well as their software. Avoid non-freedom software. Avoid locked hardware. Use Freedom Software. When purchasing new devices, the user should check:

  • Will I get full administrative rights ("root rights") yes or no?
    • Or is the device at least rootable?
  • Is the bootloader unlocked?
    • Or is the bootloader at least unlockable?

War on the GNU General Public (Copyleft) License[edit]

The GPLarchive.org has led significant corporations to experience alarm and launch a campaign against it, as it jeopardizes their influence and authority over individuals. You can find confirmation of this perspective from Richard Matthew Stallman (RMS) in a 2004 videoarchive.org.

Examples[edit]

Google[edit]

Google has an anti-AGPL policy.archive.org Google banned AGPL licensed software from its code hosting platform.archive.org

Microsoft[edit]

“Free software,” like free societies, has its enemies. Microsoft has waged a war against the GPL, warning whoever will listen that the GPL is a “dangerous” license.Free Software, Free Society (fsfs3)archive.org page 8

Apple[edit]

Apple bans GPL licensed software from its app store.archive.org

Apple is very hostile to the GNU GPL, Apple is directly and indirectly trying to pressure people not defend the users freedom. Please join us to standing up to apple.Reclaim your freedom with free libre software nowarchive.org 27:23

Promoting Non-Copyleft Licenses[edit]

After big corporations observed an increased adoption of the free software movement, some recognized an opportunity to enter this expanding field. Instead of urging developers to create software using proprietary licenses, they began promoting the utilization of free software licenses, but as non-copyleft license.

The key distinction between copyleft and non-copyleft licenses can be summarized as follows:

Copyleft licenses such as the GNU GPL insist that modified versions of the program must be free software as well. Non-copyleft licenses do not insist on this.The BSD License Problemarchive.org

Examples of big corporations benefiting from this vulnerability[edit]

Netflix[edit]

Netflix utilizes FreeBSDarchive.org and has closed it to its favor [20].

IBM[edit]

IBM utilizes Apache server (Freedom Software) to create non-freedom IBM HTTP Server (IHS):

IBM HTTP Server is based on Apache HTTP Server 2.4.12, with additional fixes.Key differences from the Apache HTTP Serverarchive.org

Richard Stallman is addressing the issue of using weak licensesarchive.org.

Google[edit]

After profiting from the non-copyleft license of Android (except the kernel) and amassing millions of dollars, Google is currently in the process of moving away from Android. This shift is driven by the fact that Android is built upon the Linux kernel, which employs the GPL license. Google is now developing its own kernel and operating system:

There are rumors about Google waning to change the kernel on android, There is another Google Kernel Project Fuchsiaarchive.orgJohn Sullivan, Executive Director of FSF in an Interview with Bryan Lunduke in 2017archive.org 19:50

So, it's very important to license your software carefully and make wise choices. A Copyleft license is recommended [21].

Device Attestation such as SafetyNet[edit]

Google's SafetyNet is a tool used by many apps to check and refuse to run on user modified devices running custom operating systems that are free from unwanted spyware and bloatware that come pre-installed on most Android devices from mainstream manufacturers.

SafetyNet certification is only granted to devices that comply with Google's "Android compatibility tests". To be eligible for certification, Google Play Services must be installed [22], which leads to massive data snooping by Google. This certification guarantees "security" for the app developer, not the user.

It guarantees "security" not for the user but for the app developer. Many essential applications that do not conform to Google's mandates refuse to run.

Essential applications that do not meet Google's mandates refuse to run, and users are denied the ability to audit or stop what the application is doing, such as inspecting what data it is harvesting and sending back to its servers. This is a severe restriction on user freedom, where apps are allowed to operate on the user's device without any transparency or user control.

Device attestation is a worldview where apps should only be able to operate on the user's device without user or researchers having the ability to audit or stop what the application is doing - such as inspecting what data it is harvesting and phoning home.

Most banking apps, streaming services, transportation apps, and some messengers such as Snapchat are affected. Device Attestation and SafetyNet restrictions are part of the "War on General Purpose Computing," which limits user freedom and restricts users from using their devices in the way they desire.

Conflict of Interest[edit]

There is a conflict of interest in the software industry and undermines the very foundation of user trust. Operating system vendors (stock ROM), custom operating system developers (custom ROM), application developers, and users are in a struggle for power, control, and/or profit.

What many users want to avoid:

Users are often the victims of a web of data harvesting, surveillance, and manipulation. Personal information and user data are collected and used to build a model of the user, which is then used to manipulate the user's behavior, influence their purchase and political decisions, and even control their thoughts. This data is then sold and resold forever, allowing it to be used against the user in immoral ways that violate their privacy and autonomy. Once the data leaves the device, the user loses all control over it and the data can never be fully erased or retrieved.

Many users demand:

  • Privacy:
    • Knowledge, control and minimization of data collection, snooping, espionage and data leaks by the operating system and applications.
    • Prevention of applications camera and/or voice recording them without their knowledge and consent, tracing their location history, exfiltration of contacts, media, messages, and documents.
    • Protection from future data breaches and their personal data being leaked to third parties.
  • Control: A basic understanding of and control over what their devices are doing, including the ability to limit applications to their intended purposes.
  • Audit: The ability to verify that applications are only doing what they claim and what is expected of them.
  • Customization: The ability to modify applications to suit their individual needs, such as patching the YouTube application on Google Android to enable background play.

Many application developers prioritize:

  • Copyright protection: The ability to prevent users from retaining or sharing copyrighted media (such as Netflix), even under reasonable fair use assumptions.
  • Data collection: The collection of as much information as possible (including location, call history, browsing history, viewer history, and more) for the purpose of surveillance, market research, advertising, predicting user behavior, user manipulation and maximizing profit.
  • Secrecy: Preventing users from learning the details of what an application is doing.
  • Integrity: Preventing users from making modifications to an application. Examples include:
    • Google Android's YouTube app restriction (for freemium users) on playing audio in the background while the device's screen locker is enabled.
    • Freemium games that prevent users from accessing items or levels that are only available to paying customers.
    • Multiplayer games that prevent cheating in online games.
    • Banking apps that confirm the security model is intact to prevent fraud by checking that no other installed applications can read or write from the banking app's dedicated storage folder, and that no malicious kernel module or other malware is running that could steal the user's login credentials or make unauthorized transactions.

Most operating system vendors for mobile devices (stock ROM) prioritize:

  • Adoption: Attracting as many users as possible to increase profit.
  • Attractiveness for application developers: Providing an environment that encourages application developers to create apps for their platform, thereby attracting more users.
  • Security: Preventing any malicious or unapproved party from establishing a foothold in their ecosystem.

Some custom operating system vendors for mobile devices (custom ROM) prioritize:

Some custom operating system vendors for mobile devices (custom ROM) want:

  • Similar to most operating system vendors.
  • Hardware deals: Obtaining recognition from a hardware producer that would pay for continued development and adjustment for their custom operating system, often at the expense of users.

Sigstore[edit]

Sigstore [23] [24] [25] [26] is an industry-led initiative to create a chain of trust for software with the objective of accomplishing something similar to what Let's Encrypt had done for website TLS certificates. At face value, having a curated transparency log for all Linux software and enforcing that only digital signature signed processes run (as part of Verified Boot) seems good, but the devil is in the details. A developer would need to authenticate with an OpenID Connect (OIDC) provider such as Google or GitHub to verify ownership of their email address and possession of previously generated keys. This centralizes trust and would make it trivial for these corporations to censor publishing code they find disagreeable as they are the self-appointed gatekeepers of verification.

An example of software banned by github includes yt-dlp (called youtube-dl at the time) The Web Archive Onion Version , a YouTube The Web Archive Onion Version video download utility (homepagearchive.org, wikipediaarchive.org). As torrentfreak reported, GitHub Warns Users Reposting YouTube-DL They Could Be Bannedarchive.org. As mentionedarchive.org in Wikipedia, this was due to a request by the Recording Industry Association of America (RIAA). Fast forward, youtube-dl is now available again on github but this just one of many examples that there are issues.

Publisher anonymity may become impossible as most of the aforementioned entities require invasive proof of identity to allow signing up to their services. While the governance structure allows for multiple developers from different companies to play key roles in a rotating fashion, it is questionable how independent they can really be if pressure comes to bear on following certain orders or risk losing employment or promotion.

Hence it is reasonable to conclude that Sigstore will play a role in the War on General Purpose Computing and further limit which devices laymen users can run programs on without restrictions imposed by the operating system vendor. It might result in as a subversive attempt by corporate interests to create a walled garden that allows only certain "approved code" to run on Freedom Software systems as opposed to the decentralized distribution repository system that all Linux desktop distributions are using nowadays.

Such a design also raises questions about the integrity of the transparency log should one of the OpenID providers become compromised. Freedom Software developers and operating system maintainers would do well to steer clear from Sigstore.

Freedom vs Tyrant Security[edit]

The only difference between a fortress and a jail is who holds the keys.

Table: Freedom (Open Source) Security [27]

Category Description
Disk Encryption Disk encryption keys are under the sole control of the user.
End-to-end (E2E) Encryption End-to-end encryption keys are under the sole control of the user.
Security Features Security features are available which do not intentionally restrict user customization.
User Freedoms User freedom restrictions are intentionally minimized.
Synonyms Cypherpunk Security, User-Controlled Security

Table: Tyrant Security / Enterprise Security

Category Description
Default Privacy, Security and Customization Settings
  • These devices have privacy-intrusive default settings that most users are unaware of and which cannot be disabled.
  • In most cases the user cannot choose the vendor they wish to install (security) upgrades from.
  • Customization of these devices is also limited. For example, many pre-installed applications (often referred to as "bloatware") cannot be uninstalled or at least be hidden from view.
Definitions
  • Tyrant: The Free Software Foundation (FSF) uses the word "tyrant" and has defined it in this articlearchive.org. It refers to devices that refuse to allow the user to modify the software or run what they please. This definition approximates the way it is used in this entry.
  • Anti-features: A feature that a fully aware user would rather not have. The F-Droid project has a nice catalog of undesirable software behaviorsarchive.org, however a few items might be pushing the boundaries of a true anti-feature.
Operating System Selection
  • The freedom to modify the underlying operating system is restricted.
  • Vendors force users who want greater system control to run exploits or jail-breaking suites from untrusted origins, which endangers the integrity of personal devices.
  • While the security provided by unauthorized third parties might be good, security from the vendor itself is poor. This is further elaborated here: Android Privacy Issues and User Freedom Restrictions.
Security Technologies
  • Many popular device operating systems utilize security technologies which undermine the security of the user against meddling and surveillance by the vendor, while suppressing user freedoms. A classic example is most Android phones and iPhone devices.
  • Although an over-simplified argument, users of forks based on the Android Open Source Project (AOSParchive.org) and security/privacy-focused Android forks (like GrapheneOSarchive.org), are exempt from the criticisms in this section. [28] These operating systems include many security features to keep users safe from unauthorized third parties outside the ecosystem of the vendor.
Synonyms Vendor-Controlled Security

Administrative Rights[edit]

The user on most mobile devices has only user rights. Administrative rights (often called root rights or sometimes superuser) are refused. These are required to circumvent anti features.

Without root access, it's not really Free Software (as in freedom).

The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.GNU Project: Definition of Free Software, What is Free Software?archive.org

Having "root" or "administrator" access means you have full control over a system. You can install, modify, or remove software; change system settings; and access all files, processes and network traffic. If you don't have full control over the environment in which the software runs, then the freedoms given by the software license are somewhat moot. Android forks might meet the legal threshold of being Free Software but not in spirit.

Sometimes is being argued:

If an application refused to run on a rooted device, then users are free to not use these applications.

Issues with non-root enforcement (denial of administrative rights):

  • Cannot backup
  • While technically true, this is impractical and counter the lived reality of many people.
    • More and more businesses communicate over proprietary messengers such as WhatsApp and WhatsApp cannot be used on rooted devices or with custom ROMs. [29]
    • More and more government services require the same. For example, an Android or iPhone with Google maps location history enabled and Skype is mandatory for entering Japan. [30] Google maps is produced by Google and Skype produced by Microsoft are among the worst privacy-intrusive companies.
    • Many people would lose their job if they decided not to use for example WhatsApp since many companies internally use WhatsApp.
    • Three are still 2 billion unbanked people. [31] People who do not even have access to the most basic financial services such as a bank account. For unbanked people it would be unreasonable and should not be expected of them to refuse their first chance to use a mobile banking app with such restrictions. Browser based online banking login methods are often also no feasible alternative. [32] There's a list of Banking Applications Compatibility with GrapheneOSarchive.org (that might also work for other forks of Android).
    • In conclusion, the recommendation to simply not use such applications is impractical and counter the lived reality of many people.

Counterarguments[edit]

do not buy[edit]

The common counterargument to these concerns is "users are free to not purchase such devices."

While theoretically sound, this notion often doesn't align with the lived experiences of most people. Conducting a survey of 100 laypeople outside of the tech-savvy community would likely reveal a significant lack of awareness and understanding of terms like Open Source, locked bootloaders, rooting, and how to install alternative mobile operating systems that are free from bloatware and spyware. As such, the argument that users can simply choose not to purchase devices with these restrictions overlooks the complex reality: most people don't have the knowledge, skills, or resources to navigate these issues effectively.

See Also[edit]

Footnotes[edit]

  1. Tivoization is the creation of a system that incorporates software under the terms of a copyleft software license (like the GPL), but uses hardware restrictions or digital rights management to prevent users from running modified versions of the software on that hardware. Richard Stallman coined the term in reference to TiVo's use of GNU GPL licensed software on the TiVo brand digital video recorders (DVR), which actively blocks users from running modified software on its hardware by design.

  2. Antifeatures are flags applied to applications to warn of issues that may be undesirable from the user's perspective. Frequently it is behavior that benefits the developer, but that the end user of the software would prefer not to be there.

  3. https://f-droid.org/en/docs/Anti-Features/archive.org
  4. 4.0 4.1 4.2 4.3 The term "nonfree network service" is not coherentarchive.org
  5. https://en.wikipedia.org/wiki/Mono_%28software%29#Mono_and_Microsoft's_patentsarchive.org
  6. The LLVM compiler infrastructure project is a collection of modular, reusable compiler and toolchain technologies.
  7. https://www.phoronix.com/news/LibreOffice-Needs-Windows-Clangarchive.org
  8. https://robert.ocallahan.org/2014/08/choose-firefox-now-or-later-you-wont.htmlarchive.org
  9. https://www.bloomberg.com/news/articles/2019-09-24/google-blocks-privacy-push-at-the-group-that-sets-web-standardsarchive.org
  10. https://arstechnica.com/gadgets/2018/12/the-web-now-belongs-to-google-and-that-should-worry-us-all/archive.org
  11. https://mspoweruser.com/google-may-make-adblocking-impossible-on-edge-and-chrome/archive.org
  12. https://bugs.chromium.org/p/chromium/issues/detail?id=896897&desc=2#c23archive.org
  13. https://github.blog/2020-11-16-standing-up-for-developers-youtube-dl-is-back/archive.org
  14. https://www.schneier.com/blog/archives/2023/03/blacklotus-malware-hijacks-windows-secure-boot-process.htmlarchive.org
  15. Quote eff.orgarchive.org:

    The initial Board of Directors included John Perry, Mitch, John, Steve and Stewart Brand.

  16. "The BSD License Problem 15"archive.org if you wish to understand how this is achievable)
  17. Why it's recommendedarchive.org
  18. Quote https://developer.android.com/training/safetynet/attestationarchive.org

    The SafetyNet Attestation API provides services for determining whether a device running your app satisfies Android compatibility tests.

  19. https://www.sigstore.devarchive.org
  20. https://martinheinz.dev/blog/55archive.org
  21. https://martinheinz.dev/blog/56archive.org
  22. https://forums.whonix.org/t/sigstore-for-improving-verification-of-downloads/11536archive.org
  23. Freedom Softwarearchive.org / Open Source.
  24. Unfortunately, perhaps 99% of laymen utilize stock operating systems with their phone.
  25. https://faq.whatsapp.com/649203676836357/archive.org
  26. https://www.businessinsider.com/the-worlds-unbanked-population-in-6-charts-2017-8archive.org
  27. Browser based online banking login methods are often either being deprecated, not mobile friendly or never invented by many banks. For example,
    • Revolut at time of writing offers only a mobile app. No browser based login at all. Neither for desktop nor mobile.
    • M-Pesaarchive.org, a popular mobile payment service. Looking at the M-Pesa websitearchive.org, it's a mobile app only. No mention of a web interface based login.
    • Online web interfaces are available but painful to use since these are not responsive / mobile optimized. Most of these have been developed with desktop users in mind. For mobile users, banks provide banking apps. If using online banking web interfaces from a mobile phone is possible at all, the experience is often painful. Quotearchive.org:

      You may find you can still use mobile banking via the web browser with your bank. I can do this with Santander, although it always serves up the desktop site rather than the mobile site which is a bit of a pain.

    • Popular, modern mobile banking functionality such as scan to pay, contactless payments, fingerprint or face based login are unsupported when using browser based login.
    • The large number of online discussions (such as on reddit) found on search engines (such as Google) on how to use banking apps on rooted mobile devices and/or devices using custom ROMs indicates that a large number of users would prefer to use the mobile app instead less comfortable, less feature-rich browser based login methods.

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!