Actions

General Threats to User Freedom

From Whonix



Threats123123.jpg

User Freedom Threats[edit]

Since the inception of the four original essential software freedoms provided by Freedom Software [archive], other issues have emerged such as:

The Whonix ™ project does not currently have a policy prohibiting discussion of any applications with these traits.

Beyond Licensing[edit]

It is important to examine the objectives of the entities backing up a software project even if the code is apparently released under an open license. The impact on users' freedom in the future is at stake as a captive market is a winner takes all scenario. Consider the examples below.

Mono: Microsoft's .NET Implementation for Linux[edit]

Mono was released under dubious language concerning patent assertion, allowing Microsoft to arbitrarily enforce them if advantageous. If there had been high adoption of Mono, it would have given Microsoft enormous leverage over the language's ecosystem. Fortunately, the libre community did not take the bait and shunned the framework. Even though the patent situation changed recently, the well had been poisoned. [5] The SCO patent trolling used by Microsoft as an attempt to kill off Linux in the 2000s was not forgotten.

GCC vs Clang-LLVM[edit]

LLVM [archive] [6] was initially heavily funded by Apple in retaliation for the GNU Compiler Collection (GCC) [archive] re-licensing under GPLv3 [archive]. While the permissive licensing is technically libre, it allows companies to close up forks or mandate non-free plugins. This locks in users on hardware platforms which would usher in a new dark age for libre software development and porting, and also lead to significant security and trust issues.

This unscrupulous conduct by industry players was not possible for the longest time because re-inventing another compiler with the same feature-set and architecture support as GCC was cost prohibitive. The widely cited consensus is that the competition has had a healthy outcome for GCC, leading to improved error codes, performance and features like plugin support - albeit carefully, to prevent closed plugins from piggy-backing on the compiler. However, another aspect is that compiler-specific quirks act as a "network effect" whereby if one component of a project only works with LLVM, the rest of the project follows with no interest from the developers to fix bugs or work on compatibility with GCC. For example, Libreoffice (on Windows) is switching to Clang because the the Skia renderer will only compile with it. [7] Over time, this could drain resources from the copyleft GCC as corporations and distributions conclude it is not cost effective to contribute to a compiler with shrinking market share.

Chromium[edit]

Chromium greatly amplifies Google's influence and ability to impose their custom standards and protocols, including on web standards; the impacts on freedom are unconsidered. [8] Google repeatedly snub and bypass the W3C standard body especially when improvements to user privacy are proposed. [9] The features they design also make performance notably worse in competing browsers. [10] When released, the existing plan for new API limitations will prevent current and even possible future rewrites of adblockers.

No attempt to address these concerns have been made by the Chromium developers. [11][12] Every Firefox installation provides Mozilla with a bit more leverage and diverts advertisement money from Google. The less people use Firefox, the less website creators will care to invest into developing websites for compatibility, thus killing it off indirectly. If Mozilla's revenue dies and they cease to exist, Tor Browser will also disappear - destroying a key component of the privacy ecosystem. The present Chromium engine is unsuitable for privacy projects because it cannot provide equivalent Firefox protections, and there is no willingness to change the design to accommodate such initiatives.

Freedom vs Tyrant Security[edit]

Table: Freedom vs Tyrant Security

Category Description
Freedom (Open Source) Security [13]
Disk Encryption Disk encryption keys are under the sole control of the user.
End-to-end (E2E) Encryption End-to-end encryption keys are under the sole control of the user.
Security Features Security features are available which do not intentionally restrict user customization.
User Freedoms User freedom restrictions are intentionally minimized.
Tyrant Security
Default Privacy, Security and Customization Settings
  • These devices have privacy-intrusive default settings that most users are unaware of and which cannot be disabled.
  • In most cases the user cannot choose the vendor they wish to install (security) upgrades from.
  • Customization of these devices is also limited. For example, many pre-installed applications (often referred to as "bloatware") cannot be uninstalled or at least be hidden from view.
Definitions
  • Tyrant: The Free Software Foundation (FSF) uses the word "tyrant" and has defined it in this article [archive]. It refers to devices that refuse to allow the user to modify the software or run what they please. This definition approximates the way it is used in this entry.
  • Anti-features: A feature that a fully aware user would rather not have. The F-Droid project has a nice catalog of undesirable software behaviors [archive], however a few items might be pushing the boundaries of a true anti-feature.
Operating System Selection
  • The freedom to modify the underlying operating system is restricted.
  • Vendors force users who want greater system control to run exploits or jail-breaking suites from untrusted origins, which endangers the integrity of personal devices.
  • While the security provided by unauthorized third parties might be good, security from the vendor itself is poor. This is further elaborated here: Android Privacy Issues and User Freedom Restrictions.
Security Technologies
  • Many popular device operating systems utilize security technologies which undermine the security of the user against meddling and surveillance by the vendor, while suppressing user freedoms. A classic example is most Android phones and iPhone devices.
  • Although an over-simplified argument, users of forks based on the Android Open Source Project (AOSP [archive]) and security/privacy-focused Android forks (like GrapheneOS [archive]), are exempt from the criticisms in this section. [14] These operating systems include many security features to keep users safe from unauthorized third parties outside the ecosystem of the vendor.

See Also[edit]

Footnotes[edit]

  1. Tivoization is the creation of a system that incorporates software under the terms of a copyleft software license (like the GPL), but uses hardware restrictions or digital rights management to prevent users from running modified versions of the software on that hardware. Richard Stallman coined the term in reference to TiVo's use of GNU GPL licensed software on the TiVo brand digital video recorders (DVR), which actively blocks users from running modified software on its hardware by design.

  2. Antifeatures are flags applied to applications to warn of issues that may be undesirable from the user's perspective. Frequently it is behavior that benefits the developer, but that the end user of the software would prefer not to be there.

  3. https://f-droid.org/en/docs/Anti-Features/ [archive]
  4. Digital rights management (DRM) tools or technological protection measures (TPM) are a set of access control technologies for restricting the use of proprietary hardware and copyrighted works. DRM technologies try to control the use, modification, and distribution of copyrighted works (such as software and multimedia content), as well as systems within devices that enforce these policies.

  5. https://en.wikipedia.org/wiki/Mono_%28software%29#Mono_and_Microsoft's_patents [archive]
  6. The LLVM compiler infrastructure project is a collection of modular, reusable compiler and toolchain technologies.
  7. https://www.phoronix.com/scan.php?page=news_item&px=LibreOffice-Needs-Windows-Clang [archive]
  8. http://robert.ocallahan.org/2014/08/choose-firefox-now-or-later-you-wont.html [archive]
  9. https://www.bloomberg.com/news/articles/2019-09-24/google-blocks-privacy-push-at-the-group-that-sets-web-standards [archive]
  10. https://arstechnica.com/gadgets/2018/12/the-web-now-belongs-to-google-and-that-should-worry-us-all/ [archive]
  11. https://mspoweruser.com/google-may-make-adblocking-impossible-on-edge-and-chrome/ [archive]
  12. https://bugs.chromium.org/p/chromium/issues/detail?id=896897&desc=2#c23 [archive]
  13. Freedom Software [archive] / Open Source.
  14. Unfortunately, perhaps 99% of laymen utilize stock operating systems with their phone.


Fosshost is sponsors Kicksecure ™ stage server Whonix old logo.png
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Miscellaneous Threats to User Freedom&body=https://www.whonix.org/wiki/Miscellaneous_Threats_to_User_Freedom link=https://reddit.com/submit?url=https://www.whonix.org/wiki/Miscellaneous_Threats_to_User_Freedom&title=Miscellaneous Threats to User Freedom link=https://news.ycombinator.com/submitlink?u=https://www.whonix.org/wiki/Miscellaneous_Threats_to_User_Freedom&t=Miscellaneous Threats to User Freedom link=https://mastodon.technology/share?message=Miscellaneous Threats to User Freedom%20https://www.whonix.org/wiki/Miscellaneous_Threats_to_User_Freedom&t=Miscellaneous Threats to User Freedom

Check out the Whonix ™ News Blog. Rss.png

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.