Miscellaneous Threats to User Freedom
User Freedom Threats
- tivoization [archive] 
- malicious features (examples: macOS and Windows)
- antifeatures [archive]  
- tyrant software [archive]
- treacherous computing [archive], a.k.a. Digital Rights Management (DRM) [archive]  (Digital Restrictions Management [archive])
- compilation toolchain issues (example)
- SaaS (Software as a Service) / SaaSS (Service as a Software Substitute)
- Freedom Software clients requiring the use of non-freedom servers / APIs
- non-root enforcement
- centralization being encouraged instead of federation and decentralization (such as Signal)
- insistence upon the provision of a mobile number for sign-up (Phone Number Validation vs User Privacy)
The Whonix ™ project does not currently have a policy prohibiting discussion of any applications with these traits.
It is important to examine the objectives of the entities backing up a software project even if the code is apparently released under an open license. The impact on users' freedom in the future is at stake as a captive market is a winner takes all scenario. Examples:
- Mono (Microsoft's .NET implementation for Linux) was released under dubious language concerning patent assertion, allowing Microsoft to arbitrarily enforce them if advantageous. Had there been high adoption of Mono, it would have given Microsoft enormous leverage over the language's ecosystem. The libre community did not take the bait and shunned the framework. Even though the patent situation changed recently, the well had been poisoned. The SCO patent trolling used by Microsoft as an attempt to kill off Linux in the 2000s, was not forgotten.
- GCC vs Clang-LLVM: LLVM was initially heavily funded by Apple in retaliation for GCC re-licensing under GPLv3. The permissive licensing, while technically libre, allows companies to close up forks or mandate non-free plugins, locking users in on hardware platforms which would usher a new dark age for libre software development and porting along with the security and trust issues that that would also cause. Industry players couldn't pull off these shenanigans for the longest time because re-inventing another compiler with the same feature-set and architecture support as GCC was cost prohibitive. The widely cited consensus is that the competition has had a healthy outcome for GCC, leading to improved error codes, performance and features like plugin support - albeit carefully, to prevent closed plugins from piggy-backing on the compiler. However another aspect is that compiler specific quirks act as a "network effect" where if one component of a project only works with LLVM, the rest of the project follows with no interest from the developers to fix bugs or work on compatibility with GCC, for example Libreoffice (on Windows) is switching to Clang because the the Skia renderer will only compile with it. Over time, this could drain resources from the copyleft GCC as corporations and distros conclude it is not cost effective to contribute to a compiler with shrinking market share.
- Chromium greatly amplifies Google's influence and ability to impose their custom standards and protocols, web standards and freedom be damned. They repeatedly snub and bypass the W3C standard body especially when improvements to user privacy are proposed. The features they design makes performance notably worse in competing browsers. As currently planned, when released, new API limitations will prevent current and even possible future rewrites of adblockers. No attempt to address these concerns have been made by the Chromium devs. Every Firefox install gives Mozilla a bit more leverage and ad money from Google. The less people use Firefox, the less website creators will care to invest into developing websites for compatibility, thus killing it off indirectly. If Mozilla's revenue dies and they close shop, Tor Browser goes with it, destroying a key component of the privacy ecosystem. The Chromium engine as is now, is not usable by privacy projects to give equivalent protections as Firefox nor are they willing to change their design to accommodate such initiatives.
Tyrant Security vs Freedom Security
- Freedom Security:
- Freedom Software [archive] / Open Source.
- These are security features which do not intentionally restrict user customization.
- End-to-end encryption keys are under the sole control of the user.
- Disk encryption keys are under the sole control of the user.
- User freedom restrictions are intentionally minimized.
- Tyrant Security:
- Many popular device operating systems utilize security technologies which undermine the security of the user against meddling and surveillance by the vendor while suppressing user freedom. Most Android phones and iPhone devices are a great example. For the sake of simplification of this argument, users of forks based on Android AOSP and security/privacy focused Android forks, such as GrapheneOS, are exempt from this chapter. This is about the 99% of phones which most laymen use. These operating systems include many security features to keep users safe from unauthorized third parties outside the ecosystem of the vendor.
- These devices have privacy intrusive default settings which users are often unaware off nor can be disabled. In most cases the user cannot choose from which vendor the user wishes to install (security) upgrades from. Customization of these devices is also limited. For example many pre-installed applications often called bloatware cannot be uninstalled or at least hidden from view.
- By restricting freedom to modify the underlying operating system, vendors leave users who want to take control of their system no other options than running exploits or jail-breaking suites from untrusted origins which endangers the integrity of their personal devices. While security from unauthorized third parties might be good, security from the vendor itself is low. This is elaborated in chapter Android Privacy Issues and User Freedom Restrictions.
- Word definitions:
- tyrant: The Free Software Foundation (FSF) used the word "tyrant" and defined it in this article [archive] to refer to devices that refuse to allow the user to modify the software or run what they please. It approximates the definition in which the word tyrant is used context of usage here.
- anti-features: A feature that a fully aware user would rather not have. The F-Droid project has a nice catalog of undesirable software behaviors [archive] (however a few items might be pushing the definition of anti-feature).
- Policy on Non-Freedom Software
- Unsubstantiated Conclusions
- Avoid Non-Freedom Software
- Why Whonix ™ is Freedom Software
Tivoization is the creation of a system that incorporates software under the terms of a copyleft software license (like the GPL), but uses hardware restrictions or digital rights management to prevent users from running modified versions of the software on that hardware. Richard Stallman coined the term in reference to TiVo's use of GNU GPL licensed software on the TiVo brand digital video recorders (DVR), which actively blocks users from running modified software on its hardware by design.
Antifeatures are flags applied to applications to warn of issues that may be undesirable from the user's perspective. Frequently it is behavior that benefits the developer, but that the end user of the software would prefer not to be there.
- https://f-droid.org/en/docs/Anti-Features/ [archive]
Digital rights management (DRM) tools or technological protection measures (TPM) are a set of access control technologies for restricting the use of proprietary hardware and copyrighted works. DRM technologies try to control the use, modification, and distribution of copyrighted works (such as software and multimedia content), as well as systems within devices that enforce these policies.
- https://en.wikipedia.org/wiki/Mono_%28software%29#Mono_and_Microsoft's_patents [archive]
- https://www.phoronix.com/scan.php?page=news_item&px=LibreOffice-Needs-Windows-Clang [archive]
- http://robert.ocallahan.org/2014/08/choose-firefox-now-or-later-you-wont.html [archive]
- https://www.bloomberg.com/news/articles/2019-09-24/google-blocks-privacy-push-at-the-group-that-sets-web-standards [archive]
- https://arstechnica.com/gadgets/2018/12/the-web-now-belongs-to-google-and-that-should-worry-us-all/ [archive]
- https://mspoweruser.com/google-may-make-adblocking-impossible-on-edge-and-chrome/ [archive]
- https://bugs.chromium.org/p/chromium/issues/detail?id=896897&desc=2#c23 [archive]
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.