Security decisions and free software

One of the reasons I only use free software is that it gives me more security.

Of course not all libre programs are secure but software freedom gives you more security as you can study the source code and edit/publish it the way you want. So if there’s a security vulnerability, you won’t be forced to wait for the original author to find and fix it.

You may be a programmer or security researcher and fix it yourself or pay someone to do it for you, based on your needs. Anyhow, it’s a perk of using free software.

But, another advantage I get from free software is that I can edit it so it won’t force me to be secure!

For example, I don’t like to change my password on a program running locally. If it wants to force me to do so, then I can modify the program to avoid it. It’s what I’m able to do because I get the four essential freedoms regarding that program.

As much as I appreciate the author of that program wanting to keep people secure, I believe people should also have a say in it. If I want to keep stuff less secure, intentionally, I should be able to.

There are some things to do and some precautions to take to make sure you have base minimum security and the rest is how you choose your actions based on your threat model. I appreciate programs reminding this to people and even taking the first steps in their own hands. It’s so useful for people with less understanding of how cybersecurity works.

Yet I believe there should be hints about threats but the users should be able to take everything, absolutely everything, in their hands if they want to.

Security should be implemented in programs by default. It shouldn’t be a luxury and it shouldn’t take technical skills for one to be secure digitally. Yet it shouldn’t be something that the user has no say in.

I believe free software fixes this problem by giving us the four essential freedoms we deserve. Our rights to use, study, modify, and share the program are there to make sure we own what we have and will be able to make it work the way we want it to work.

Canada to ban Flipper Zero!

On Thursday, the Canadian government said it has intention to “pursue all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with law enforcement agencies.”

Funny, isn’t it? The Canadian government seems to not have any security expert to consult with. They don’t seem to understand how does the device works and don’t even understand how secure cars have been specially those produced since 1990s.

This attack requires a high-power transceiver that’s not capable with the Flipper Zero. These attacks are carried out using pricy off-the-shelf equipment and modifying it using a fair amount of expertise in radio frequency communications.

The Flipper Zero is also incapable of defeating keyless systems that rely on rolling codes, a protection that’s been in place since the 1990s that essentially transmits a different electronic key signal each time a key is pressed to lock or unlock a door.

To ban such device because it can (really can’t) open cars is just like to ban screwdrivers because they can open cars as well. Or ban kitchen knifes because they can kill people. Maybe the next step is to ban computers as whole because they can be used for illegal stuff too!

The Canadian government should address the real issue, which is to pressure car manufacturers into fixing their security flaws. Banning a device like Flipper Zero would only result in harming security enthusiast and taking away learning opportunities from them.

The device could be used to clone a hotel key card or change the TV channel in a bar, or open some garage doors but if a criminal knows how to use it, then the criminal surely knows how to build one from scratch so banning the device wouldn’t improve public security at all. If it does something, it just takes away opportunity from good guys who use it.

But the good news is that almost everything in Flipper Zero is free (as in freedom). So you can study the source code and reproduce the programs in use and build your own thing, thanks to the essential four software freedoms granted to people under a GNU General Public License, which is a copyleft license, meaning it will remain free software.

Apple (and other) VR headsets are proprietary tyrants

Apple recently released a product name Vision Pro. It uses a proprietary firmware named visionOS, developed by Apple. It’s a computer, basically, and has features such as a camera, microphone, and wireless connections.

It can be used in various ways but is not suggested to be used at all. The mixed reality headset seems truly interesting, I also am tempted to use it as it’s very fascinating, but, after all, it’s a proprietary tyrant.

Tivoized products are injustices to users. Specifically regarding to giant companies such as Apple, they can be very harmful to people. These headsets will track users and violate their privacy. As they use proprietary operating systems, they violate people’s right to operate freely. Software used in them is not libre and people won’t have any control over how they use their computers or how they do their computing.

These proprietary tyrants won’t allow people to install a different operating system on them. These devices have measures to block execution of anything other than the “approved” system versions. They won’t allow people to run any program that won’t please the producer of the regarded computers (devices) and will force the users behave as they wish because the user supposedly entered into a “contract” when they started using it.

These computers are hell when it comes to users. They simply violate any basic right of users whenever they can just to make more profit. I’m pretty sure we will hear many news in near future about how the giant corporations producing these computers are imposing various forms of censorship and are interfering with how people are using what they bought.

We will hear news about how these devices helped with putting people under surveillance and how people lost their ability to use them because the producers decided so.

The technology is fascinating, for real, but they are not worthy of privacy and other digital rights. These devices are not just harmful to our digital rights, but are also a danger to us in real life as violations of our digital rights, most of the times, will result in violation of our basic human rights in real world.

These devices are for mixed reality experience, which means one more step towards making us slaves to these giant corporations in real life.

I don’t trust giant companies

Take Proton for example. They advertise themselves as a “privacy by default” company. I used to admire their work and suggest them to people. I still suggest them to people who are in their first steps of reclaiming their privacy rights and moving away from Gmail and other proprietary dis-services.

But I don’t trust them anymore. I don’t know why but when a company grows to be large (relatively), serving hundreds of thousands, or possibly millions, of users, they lose my trust.

Something pokes me from inside and tells me that when they grow, they no longer work for my interest, but they work for their own benefit. When they become a giant, they become blind, they forget their initial mission and goals, and they do whatever they can to remain in business by all means, rather to work hard to protect their users.

Perhaps there are measures and hard work from their side to make sure they can’t violate our privacy even if they want to. The Proton case, for example, claims that they encrypt every inbox (or account) individually with our passwords as keys. Or they have an option to enable a second password on your account that further encrypts the account if I understand it right.

But that still doesn’t change my opinions regarding them. I understand that they perhaps do a lot to ensure that our data never ends up in the wrong hands (or any hands), but it’s still internet we’re talking about and it’s still us vs. a company that works for profit.

Of course that I may be wrong, but that’s how I feel about giant companies. I love this paranoia as it reminds me how much I still value my privacy and I haven’t get tired of protecting myself.

Clickbait, clickbait everywhere

I’ve been too annoyed with clickbait titles recently that I have stopped visiting certain web sites. Particularly, my favorite sports news web site is now blocked on my computers since they started using clickbait titles. Titles that are designer or written to force you to click on the article.

Titles such as “I’ll leave football” are appearing on that web site and they are specifically designed to make you interested or psychologically manipulate you to click on the link. That’s hurtful. That web site is full of this crap, some like “Qataris printed photo of this defender!” will make you enthusiastic about what is happening.

This should stop. i know it’s hard or even impossible to regulate the Web or force publications, specially digital ones, to follow any instruction regarding how they should write or title their work but we got to do something about this. It’s been annoying me so much and I know I’m not the only one.

The problem is that many of these web sites are monetized using advertisements and more clicks and traffic they get, more money they make. Authors are now forced by their employers to write articles that make visitors stay longer and surf more. That will get them money. More we visit their web sites, more personal data they collect from us. Our Internet behavior, our interests, how we use web sites, and many more identifying information about us can be collected when we surf a web site and spend enough time on them.

When I see a title like “promise that calmed down this coach”, I get interested to see what was that promise and why this coach wasn’t calm, and will be distracted from my original intention of visiting the web site, to get an specific score or watch specific video. At least that’s why I visit sports web sites.

The main problem is how we monetize or commercialize web sites. Our data is so valuable to them that they try anything to get them. For us, it’s a matter of privacy and human rights but for them it’s how they make money and get rich. They don’t care about how you feel or how much you value your human right of privacy. They lobby for more freedom to violate your rights and they even pay billions to smooth the way because they make billions more by selling your private information.

The clickbait matter is just a way to force you spend more time on their web sites and surf more and more you do that, more data they can collect about you and it’ll result in more accurate advertisements towards you which will happen when they have enough personal information of you that they can use to train their machines.

The web site owners may not realize that. Most of them are just simple people who found a way to make money by placing ads on their web sites but it doesn’t matter to users like me, it’ll result in same old privacy violations we’ve been facing for years.

I’ve blocked and disabled some web sites on my computers and I won’t visit them even if I type their address out of old habits. Less privacy violation is always a win. I encourage you to do the same with web sites you know.

Stop building web with JavaScript apps

A not-so-new trend in building web sites is to use JavaScript and force users to launch applications in their browsers in order to be able to access a page. A benefit of that would be that a user who wants to surf different pages on a web site would spend less resources doing so but that’s not always the case.

Most of the times, a user simply wants to receive certain information from a web page. Sometimes we need some questions answered, see a photo, read an article, or download some media. That should be an easy task to do but since the web is now filled with this kind of web sites, that seems to be impossible.

Internet is now filled with web sites that are not simple HTML pages but annoying web programs. They particularly have endless scrolls, fail to show the real material while the program itself is loaded, are stuck on loading animations, fail to give you a universal or accurate URL to the page, and fail to deliver you the material you intended to receive and instead give you unwanted material you never asked for.

From my own experience, these web sites always prioritize their own interests and benefits above yours. You most-probably have visited these kind of web sites and if you ever disable your tracker-blocker, you’ll notice that the advertisements load alongside the program itself, using your computing power and resources, yet the material you wanted keep hiding behind the loading animations.

Quora, a so-called social network of questions and answers, loads a web program on your browser which the material will be loaded inside it. When, sometimes, I visit it to get an answer to a question someones asked it fails to load the full question and answer yet it never failed to show ads or useless parts of its web site.

One other annoying thing is those endless scrolls. Most annoying part of these web sites for me is that they always seem to have a footer where there are “about” and “contact” or “privacy policy” links on them but you can never reach to that. You always scroll until you see the footer but exactly when you want to click on those links, more material will load then you have to scroll down, again, to reach to the footer. Why bother with a footer if you’re not gonna let us use it?

Web is already gone to hell. With all the privacy violations, advertisements, misinformation, censorship, made-up useless standards, and forced designs onto it, it has already become a hell for many users. What we need right now is less programs and more plain polished web pages that simply deliver their material. There’s no need for us to load an entire program in our browser just to find out whether eating an apple is better when peeled or not.

Not a browser war but a Web war

Today’s invite to use Firefox and Firefox-based browsers is not about the browser war the Internet and Web community is typically involved in, but a war for open and free (as in freedom) Web. Since Google is trying to take away our freedom in Web browsing, it is now our duty to fight against Google and its plans.

One of Google’s power arms in this battle is Chrome. Through Chrome (and its base, Chromium), Google is enforcing new made-up standards that nobody wants except Google itself. Standards forced on users that are solely there to benefit Google and its partners. It’s now our duty to fight against them. It has always been our duty.

Any Chromium-based browser should be avoided. Doesn’t matter how the company behind your browser is removing Google’s DRM or how they advertise themselves to you, they should be avoided. I saw companies like Brave and Vivaldi protesting Google’s new war on Web but I think that’s ridiculous. They are some of the companies that are helping Google dominate in the Web browser war.

Using Chromium, which only results in Google winning the Web war, is a betrayal to the Internet and Web community and to all of us. There’s no excuse, there’s not “but”, there’s no good reason, it’s all false and hopeless justification of helping Google take away our precious Web.

Of course, I’m not saying Firefox and Mozilla are perfect but they’re now our only tools and power to fight Google. Our best shot is now Firefox and the cooperation of webmasters and sysadmins and an online civil disobedience against the Google’s efforts to impose its dictatorship on us.