Another reason why all your software must be free software: Carrier IQ

Freedom is participation in power.Marcus Tullius Cicero

Wikipedia’s summary of Carrier IQ rootkit events to date:

In November 2011, researcher Trevor Eckhart claimed that Carrier IQ was logging information such as location without notifying users or allowing them to opt out, and that the information tracked included detailed keystroke logs, potentially violating US Federal law.

Carrier IQ did what proprietors usually do—bully the investigator. But Eckhart was smart, got in touch with the Electronic Frontier Foundation, and defended himself. Now Carrier IQ is backing down.

CNN has an article on this scandal in which they bury the lede. What’s the real solution here? Simple: all your software must be free software, software that respects your freedom to run, share, and modify the program. Freedom (by any reasonable definition, such as Cicero’s above) is denied to you by design under proprietary software.


  • Because free software is the only way to keep programmers, resellers, and anyone else who can program a computer honest and since it’s likely you don’t program (most computer users don’t program) you’ll need to become accustomed to hiring an expert to look out for your interests in the same way you hire a plumber, electrician, doctor, or lawyer to do their expert work. Face it, the computer is a part of your everyday life now. This means you need permission to make all of your computers do what you want them to do, not what some proprietor like Apple, Nokia, or Carrier IQ says they should do.
  • Because apparently you can’t trust proprietors. Consider what Apple told CNN in the aforementioned article: [Apple] says it stopped supporting it in the latest version of iOS and will completely eliminate Carrier IQ from all iPhones and iPads in an upcoming software update. Apple’s claim is entirely unverifiable. Without software freedom nobody has any idea if any Apple update will remove Carrier IQ or replace Carrier IQ with some other program that does the same job. The only way to figure that out is doing the kind of work Eckhart did—reverse engineering—which is time-consuming and runs the risk of facing Apple’s hyper-litigiousness. Apple is no stranger to bullying people who want to take control of their computers (1, 2, 3 to name a few that happen to involve the EFF). Your trust has already been betrayed, so there’s no reason to believe a proprietor is on your side. There’s no reason to believe any proprietor will become as trustworthy as an expert who competes by revealing as much to you as you want to know. If you learn to program, you can become your own expert and diagnose and fix your computers anytime you wish. Deciding for yourself which jobs are too big or just right for you should be your decision to make. Therefore you need software freedom.

This is an ethical and social issue, not really a technological issue. The heart of this issue is not how to increase software development efficiency, it’s how to build a society where all computer users live in freedom. The pursuit of software freedom is what the free software movement is all about.

Continue reading

“Lending” e-books is a DRM scam: More control for publishers means less freedom for readers

The Wall Street Journal reports that is starting a digital book lending service; readers will be able to download a copy of a book and keep it on their reading device for as long as they want before “returning” it (which really means making it unavailable to the reading device, and thus the reader) by “borrowing” another book. How could this possibly hurt you?

  • You lose rights compared to physical books—a physical book may be read at any time in any place, lent again and again. E-books with DRM (digital restrictions management, also called “digital rights management” by those using the publisher’s propaganda) are under someone else’s control (publisher, reseller, etc.). No matter where the control originates it is not you, the reader. demonstrated this quite effectively in 2009 when Amazon took back legally obtained copies of George Orwell’s “1984” and “Animal Farm” from Amazon Kindle readers. While this is certainly good enough reason to never do business with, it’s also good enough reason to never deal with DRM-restricted media.
  • You lose publishing and reading opportunities at the whim of a monopolist—businesses frequently change their terms of acceptable behavior. Today one thing is acceptable and tomorrow that same behavior is objectionable. In 2010’s change in behavior meant that Selena Kitt’s erotic novels went from being publishable to no longer published so for her readers, Kitt’s novels became less available and when would-be customers inquired about the missing novels they were chastised about their reading choices. You should not let others choose what you are allowed to read and you should not have to run an acceptability gauntlet to read what you want. When you take on DRM-encumbered works, only the DRM publisher can set that work as free as its non-DRM equivalent, hence the DRM publisher becomes a monopoly for anyone seeking to do business with publishers/resellers yet not suffer the ill effects of DRM.
  • You could be monitored by the reading device—a device that has as little as a GPS unit and a wireless network device could easily figure out where you are and report your coordinates plus information on what you’re doing via the network to someone else (say, a publisher or reseller). That is enough to effectively track your movements and convey some sense of what is on your e-book reader. By contrast, paper books have no inherent means to report information back to anyone else.
  • DRM only works with proprietary software—if users had the freedom to share and modify DRM software, some users could easily delete the privacy-busting code and keep the privacy-respecting code, then share the upgraded software with everyone else. Proprietary software doesn’t respect your freedom to share and modify, so DRM is a virtual guarantee that you’re working with software you cannot trust to do only what you want. Since you don’t need computers or software to read a book, you shouldn’t use proprietary software.
  • Commercial substitutes for libraries do you no good—if “borrowing” books from commercial interests in this way becomes seen as normal, there will be greater ground to ignore benefits from the local public library system. Public libraries, subsidized by taxes, often buy many copies of books and lend them to patrons (thus putting to rest the notion that DRM is a publisher’s way of making more money; DRM is often about the control publishers/resellers can impose on readers). Our libraries can be run locally by local citizens for collective benefit and libraries treat their patrons with respect, in part by destroying lending records after patrons return borrowed items. None of this need be the case for businesses. Profit-seeking businesses will run their organizations anywhere in the world hiring the cheapest labor available which leads to exploitation and abuse. Records of who copied which book will not be deleted. These records will be leaked long after a customer has finished dealing with them, needlessly bringing disastrously embarrassing results for those who do business with them. Public libraries shouldn’t do business with e-book vendors lest they become a bulwark for privacy-busting themselves.

Related Links

  • The Right to Read—Richard Stallman’s famous dystopic short story on where we’re headed with DRM.
  • Defective by Design—learn more about digital restrictions in a variety of devices and take direct political action.

Free software still creating more pressure to release more free software

In or around October 26, 2011, Apple released source code to their software (called “ALAC”) for compressing and decompressing audio without any loss of audio quality. Apple chose the Apache License version 2.0 for this code which includes a patent license. This was a good thing to do because it helps users with ALAC files use free software to maintain those files. But FLOSS users already had this functionality because on March 5, 2005 David Hammerton published a simple decoder written in C under a very permissive FLOSS license based on the reverse engineering Hammerton and Cody Brocious had completed without any documentation of how the codec worked.

Hammerton and Brocious’ decoder has long been incorporated into a widely-used audio/video library (libavcodec). This code has also helped to make an Apple Lossless encoder to make Apple Lossless files. So for years popular audio/video programs based on libavcodec could handle Apple Lossless files; standalone hardware devices one could purchase at electronic shops (like Plex, XBMC, and Boxee) and popular software players like VideoLAN Client and MPlayer all take advantage of libavcodec.

The FLOSS community had achieved a high degree of interoperability without sacrificing software freedom, and done so on its own terms years before Apple contributed anything. I don’t know why Apple chose to release its code as FLOSS but I believe this is another instance where free software created pressure to release proprietary software as free software.
Continue reading

Wealthy, powerful celebrities who get inadequate levels of bad press for their misdeeds

I’m certain this list is incomplete.

Which VPN Providers Really Take Anonymity Seriously? You’ll never know. asks “Which VPN Providers Really Take Anonymity Seriously?” for good reasons: people who share files are being tracked down and sued for high sums of money, far in excess of the commercial value of a copy of the work they’re accused of illicitly sharing.

To avoid being found, some users use a VPN or “virtual private network” that can effectively mask a user’s identity by passing the user’s data through another computer before the data is fed to the file sharing network. VPNs are essentially intermediaries that sit between one network and another or different sets of computers.

So posed some questions to some VPN service providers who ostensibly provide some anonymity for their customers, and reported the answers. But there are a few things you should know when you interpret these answers (or any other claim of online anonymity):

  • All of their claims are unverifiable. No service provider verifiably gives all comers access to all of their logs. Some providers claims to log nothing. But how would you determine whether they’re telling you the truth? How much trust can you put in a service provider with no real information about them? We face this challenge all the time: how would you know if that restaurant’s dishes are clean enough to eat from? Will your therapist really keep the details of your session a secret? It’s another gamble you’ll have to decide on your own using whatever information you choose to trust.
  • One-time verification attempts are useless without complete source code under a free license. If a service provider attempts to prove their trustworthiness by releasing some of their alleged source code, there’s no way to know if they use that code at all. Even a one-time dump of complete corresponding source code under a non-free license (such as one that allows inspection but not making derivative works) is insufficient to prove anything because code rewrites are easy enough that one could put in new code not listed before.
  • Even if you get great service today, will the service provider deliver that level of service in the future? Terms of service change. Seemingly small obscure technical decisions made by system administrators have a dramatic effect on your service. People steal equipment: is sensitive information stored anywhere such that stealing the server hardware would reveal what’s really going on? Service providers can sound promising until there’s real pressure on them from bullying nations like the United States.

Also consider the problems you’ll face with intermediaries you don’t directly do business with: the Internet is a network of networks and your VPN is only one host in the chain of computers that route your data between your computer and your intended destination. What about all of those computers that aren’t run by your trusted VPN provider? Do they log information? If so, what is logged? Who would report data in those logs to others?

It’s not easy to securely anonymize data and determine whom to trust.

Richard Stallman on Steve Jobs’ death: respectful, well-written, concise


On October 6, 2011, one day after Steve Jobs died, Richard Stallman (rms) posted his reaction to Jobs’ death:

Steve Jobs, the pioneer of the computer as a jail made cool, designed to sever fools from their freedom, has died.

As Chicago Mayor Harold Washington said of the corrupt former Mayor Daley, “I’m not glad he’s dead, but I’m glad he’s gone.” Nobody deserves to have to die – not Jobs, not Mr. Bill, not even people guilty of bigger evils than theirs. But we all deserve the end of Jobs’ malign influence on people’s computing.

Unfortunately, that influence continues despite his absence. We can only hope his successors, as they attempt to carry on his legacy, will be less effective.Richard Stallman, October 6, 2011
an update on the Washington quote and more on Stallman’s views of Jobs

My thoughts

I find Stallman’s reaction to be very well written: clear, respectful, concise, but most importantly it has its priorities straight:

  • Nobody deserves to have to die. No matter what people do, the dead cannot learn and become better people. Stallman’s words brought to my mind the death penalty, not because it applies here (Jobs died as a result of his pancreatic cancer) but because America has many states which do kill “people guilty of bigger evils than theirs” and Stallman’s phrasing somehow reminded me of recent state-sponsored murders (a topic which strikes me as far more important than Jobs’ death).
  • Everyone deserves software freedom. Whether Apple was building proprietary derivatives from FLOSS, supporting patent pools that threaten FLOSS users (Apple contributes patents to MPEG-LA which spreads FUD about Theora and VP8, Apple wants to patent spyware), trying to dissuade people from controlling their own computers (see also FUD), or setting up services aimed at locking users in (iTunes service has many titles with DRM): Jobs’ life work was proprietary computing. A less effective proprietor means a chance that more users will enjoy software freedom.

I feel compelled to consider death as Peter Tosh said: (but Tosh was talking about matters far more important than consumer electronics)

Let the dead bury the dead now
And who is to be fed, be fed
I ain’t got no time to waste on you, no, no
I am a livin’ man, I’ve got work to do, right nowPeter Tosh, “Burial”

I think it’s unfortunate Jobs died, but the US kills a lot of people who lived lives filled with struggle. We don’t know their names, we are encouraged by corporate media to think of them as collateral damage and not-quite-people. Jobs’ life was too short but I think it’s safe to assume he wanted for nothing and got as much treatment for his cancer as anyone can.

Reactions to rms’ post

Of all the disagreements with rms’ post I’ve read, none were written well. The best of the lot is Steven J. Vaughan-Nichols’ criticism, to which this post is mostly a response.

Regarding Vaughan-Nichols’ grandmother’s aphorism If you don’t have anything good to say, then don’t say anything at all.: Apparently she was a fan of censorship (though her rule seems to apply only selectively as Vaughan-Nichols apparently feels quite free to violate the rule by criticizing rms). I am not a fan of censorship. One of the followups to Vaughan-Nichols’ article mentions Voltaire’s quote which is far better:

To the living we owe respect, but to the dead we owe only the truth.

It’s more important to put Jobs’ life work in its proper place; Stallman did that far better and more concisely than anyone else I’ve seen.

Vaughan-Nichols says I’m glad to say that the vast majority of open-source developers don’t agree with Stallman’s myopic views: Stallman was never and is not now an open-source developer. His movement is the free software movement which is older, philosophically different, and at heart a social movement. Stallman talks about this distinction at every talk he gives as well as writing about it in multiple essays. Vaughan-Nichols isn’t alone in trying to co-opt Stallman into the open source movement but no matter how many people do it, it’s still wrong.

Vaughan-Nichols favorably compares Jobs to Walt Disney and Henry Ford: Disney is widely known for proprietary derivatives of works in the public domain. The Disney corporation is known for following suit by backing copyright extension efforts to disallow the public from doing to Disney’s movies what Disney did with the Brothers Grimm stories. Apple is currently switching compilers from GCC (licensed under the GNU GPL) to LLVM (licensed under a permissive FLOSS license). If Bradley Kuhn of “Free as in Freedom” is correct—Apple will be making their own proprietary LLVM derivative when that compiler gets to a point where it’s more useful (local copy). Apple’s entire compiler switch to LLVM is part of a larger strategy to get away from GPL’d programs. This strategy probably has roots in Apple’s GPL hatred after NeXT got caught committing copyright infringement illicitly distributing their GCC derivative years ago. Apple would later make copyright infringement against free software a habit with their app store (1, 2).

I don’t recall what Jobs did that would make him comparable to Henry Ford. The article Vaughan-Nichols links to compares Jobs and Disney. One of those points is “Disney knew about land grabs” well so did Ford—Fordlândia—Ford’s billion-dollar Brazilian rubber plantation where he could more efficiently exploit the natives through what Greg Grandin described as a combination of intense paternalism and intense surveillance. Intense surveillance is one thing that would fit Apple as proprietary software gives any proprietor an opportunity to closely track what their users do. But Ford was a nastier man than people commonly credit: he mistreated his workers and he sympathized with nazis, nazi sympathizing is something I don’t associate with Jobs. As for Ford’s chief invention, the assembly line, I can’t imagine how Jobs’ computers or his animation company are an apt comparison. The assembly-line was far more culture-changing than anything Jobs’ companies ever made.

Lots of people are poor at critical thought when they’re feeling sad. It should be an adults responsibility to see things as they really are and keep perspective, not maintain an atmosphere where people are too afraid to speak freely (like how Apple treats app store users by keeping so many things out of that store). The limits Apple and proprietary software impose will adversely affect people far longer than any malaise brought on by Jobs’ death. As people get some more time to let this pass they’ll be more willing to part with their indignation. In so doing perhaps they’ll re-read Stallman’s words and come to see how reasonable, well-worded, and appropriately respectful Stallman’s assessment was while simultaneously keeping his eye on the prize: all users deserve software freedom.

Related Links

See labor issues at Apple and Apple’s suppliers.

The FSF does hard work and you can help with more suggestions!

Juan Rodriguez posted his dissatisfaction with the Free Software Foundation’s tactics in recent free software campaigns. This is a response to that post, but I thought it a good opportunity to raise awareness of various FSF posts and positions for a wider audience at the same time.

The FSF asks people to use more free software (naming specific programs such as The GIMP), but some of Rodriguez’s alternatives are against FSF’s ethics and therefore cannot be done. If anyone has suggestions for the FSF, don’t forget to send the suggestions to FSF Executive Director John Sullivan as well. He has solicited your thoughts on what the FSF should do.

On recommending Fedora GNU/Linux: The FSF defines guidelines for free system distributions but Fedora GNU/Linux does not qualify. The FSF lists completely free OSes which qualify. As I write this there are 9 such systems (including one based on Fedora — BLAG Linux and GNU).

On starting a free tablet system, perhaps based in Android: Richard Stallman, head and founder of the FSF, recently wrote an essay for the Guardian which describes that Android is not really free software. I believe anything based on Linus Torvalds’ fork of the Linux kernel is non-free in the same way because Torvalds includes proprietary software in his fork of Linux. In his essay, Stallman includes a valuable explanation of a principle free software activists take seriously: the power of doing without; where can free software activists (including himself and the FSF) do without features in the pursuit of freedom:

Important firmware or drivers are generally proprietary also. These handle the phone network radio, Wi-Fi, bluetooth, GPS, 3D graphics, the camera, the speaker, and in some cases the microphone too. On some models, a few of these drivers are free, and there are some that you can do without ”“ but you can’t do without the microphone or the phone network radio.Richard Stallman, September 19, 2011

Reading e-books: In one of the followups to his post, Rodriguez said he desired to read recently-published e-books. One can certainly do with reading a paper copy of the book instead. In the US there is an added incentive for readers to prefer a paper book over some e-books: right of first sale is all too easily taken away from people via DRM. Ask George Hoteling about this with regard to audio tracks, for instance (more on this from EFF). The same is true for any electronic media, it doesn’t matter whether we’re talking about a book, audio track, movie, or anything else. When people give in to DRM the fight against DRM is made that much more difficult because their money ends up being used to fight against them.

One does oneself a disservice by calling people names (“PETA nuts”, “Green Peace crazies”) without facts to back up what one is saying. Such language is certainly not forbidden, this is a practical concession to readers who are eager to dismiss what one says. Sadly, people give one another permission to use name-calling as an excuse to ignore what you’re really trying to say (think of the conversational consequences to Godwin’s Law); some readers will not choose to ask for details to justify the language. Instead you should ask the FSF why they don’t “create a store of their own” and go from there. Perhaps there is a recent recording of an FSF representative giving a talk where an audience member asks this question. I don’t represent the FSF but I’d bet their answer is remarkably practical and focused, something like: starting such a store is for billionaire multinationals which can sustain the unprofitable early years. Furthermore, stores in no clear way address the reality that the suppliers can simply opt-out of selling through an ostensibly DRM-free FSF store. I think that in time more people will come to see how defending the interests of proprietors was and is unwise but this realization will take time and more disasters.

Fortunately for DRM objectors, every DRM story is ultimately a loser for the DRM proponent. What the customer loser is minor enough (music tracks, a few books, and the like) where people can learn the lesson the hard way without risking something truly important like their health and civil liberties. As DRM enters health equipment (like heart monitors) and adversely affects our civil liberties, we may have to learn these lessons regardless of our wishes.

Wal-Mart closes their DRM-riddled music store: paying for temporary music?

Ars Technica reports that on August 28, 2011 Wal-Mart will close its online music store where Wal-Mart sold many DRM-encumbered music tracks.

DRM is properly defined as “Digital Restrictions Management” because of its effect on the user, as you’ll see. Publishers like to defend the notion of restricting how users use digital media so they define the acronym as “Digital Rights Management” emphasizing their power over the user as their right.

In 2004 Wal-Mart started selling music tracks encumbered with DRM. Thus any of these tracks are unplayable without using a special proprietary player program that communicates with a Wal-Mart DRM server; the player program essentially asks the DRM server ‘is it okay for this user to play this track now?’ and the server either responds ‘yes’ (and the player plays the media) or ‘no’ (and the player doesn’t play the media). Ostensibly if there is no response at all, that is treated as a ‘no’. This keeps the user dependent on Wal-Mart for playing the tracks they purchased and allows Wal-Mart to closely track who plays what when.

So one might wonder what will happen when Wal-Mart shuts down its DRM servers? Unless Wal-Mart publishes a means to free the music from the DRM, their earliest music customers will have purchased something they can no longer play; music purchases were effectively highly-supervised rentals.

It’s reasonable to expect a CD to play years after purchase. Many people have CDs older than 2004 which still work. One should expect no different from any other digital media. But thanks to a freedom-robbing scheme designed to track and restrict the user’s activity, this won’t be true for Wal-Mart’s earliest digital music shoppers.


There should be consumer protection legislation making it illegal to publish DRM-encumbered media without providing a means for everyone to break the DRM. It should not matter if you were the original purchaser or not.

Wal-Mart’s DRM story is just another in a long and growing line of stories about DRM where the general public are harmed in the end (1, 2, 3, and more).

Your investment and use of in the media is more important than any DRM-supporting publisher will tell you. DRM schemes rely on proprietary software: if DRM enforcement programs were instead written to respect your freedoms to share and modify the program, thus revealing to programmers how the DRM scheme worked, programmers could figure out how to break the scheme and release a program that all users could use to free their encumbered media. Then the DRM scheme wouldn’t restrict the users. Your privacy and computer security are at risk when you use proprietary software because you can’t determine everything that the program will do (even if you get a skilled programmer to work on your behalf). This means you can’t tell if the program is monitoring your keystrokes and mouse clicks, or sending a image of what’s on your screen to another computer over the network thus allowing someone to monitor what’s on your screen.

Your first sale right, which allows you to resell the tracks, is at risk because DRM restricts your ability to exercise first sale right. DRM schemes require the DRM owner to release the track to someone else, therefore you cannot effectively resell the tracks without DRM owner cooperation. What if the DRM owner doesn’t want you to resell the tracks at all? What if resale is only allowed to a particular person or at a particular time?

Never get involved with DRMed media. To protect your own interests, you should avoid any media with copy-prevention schemes you personally cannot crack.

Why didn’t Obama’s strike team bring Osama bin Laden to justice?

As Democracy Now! headlines described today: A trial is underway in Cambodia for the four most senior surviving members of the Khmer Rouge. The former officials face charges that include crimes against humanity, war crimes, genocide, religious persecution, homicide and torture. The Khmer Rouge is believed to have killed at least 1.7 million Cambodians during the late 1970s. All four of the accused have plead “not guilty” to the charges against them. Stephen Rapp is the U.S. ambassador at large for war crime.

This is such a traumatic event in the history of this country that touched every single person here, a quarter of the population murdered and a country that was turned back to the year zero. An understanding of why it happened and how it happened is really critical to going forward, and that is why there is such an outpouring of interest here and why it is so important that the international community support this trial to the end.Stephen Rapp, U.S. Ambassador at Large for War Crime Issues

There is “an outpouring of interest” in the crime of 9/11 as well and “it is so important that the international community support [a] trial to the end” for what happened then too. But instead of a trial for Osama bin Ladin, who we’re told is one of the masterminds of 9/11, President Obama had bin Ladin killed. One must wonder why murder is a preferable outcome to bringing him in alive and trying him in open court with evidence presented against him.

Update 2011-10-02: President Obama’s CIA claims to have 52 separate photos and videos of Osama bin Laden’s body, the U.S. raid that killed him, and his burial at sea, but refuses to release them because publication might inspire terror attacks on U.S. targets according to ABC news.