What about the right to use our electronics? Google has been silently pushing their "SafetyNet" APIs into Android, including an "attestation" API[1] that dynamically fetches and runs an opaque binary program[2] served and signed by Google that collects whatever data they deem necessary to verify the "integrity" of a device.
Devices that are rooted will not fail to attest via the API. Devices where the user has chosen to install a custom ROM will fail to attest (even with a locked bootloader and no root). Apps from Google Play can use these APIs to decide whether to work on a user's device.
This is macOS SIP taken to a different level. You can't watch Netflix and whatever other app decides to use these APIs unless Google has complete control over your device, including the ability to remotely collect and transmit opaque and arbitrary data at any time. This is a dishonest attempt to disguise a draconian DRM scheme as pro-user, pro-safety, anti-virus/rootkit. We're at the point where you don't even own your own filesystem anymore on a Linux device. I think this is a step beyond traditional DRM, including traditional hardware content protection.
Yet another reason why we shouldn't accept being sold such proprietary garbage. SafetyNet is another attempt at creating a system similar to Treacherous Boot[1] -- similar to what people feared that UEFI's "Secure Boot" would become (luckily we avoided that fate on x86 systems, but all of the Windows RT devices are by definition "Treacherous Boot").
I would personally _love_ if we could get proprietary software to become illegal (or for there to be some sort of disincentive such as taxing proprietary software, or enforcing and extending warranties on proprietary software). But large proprietary software companies hold such sway in politics that hoping for that doesn't really help. It would be a much better idea to simply stop buying their crap, and helping others around you "break the shackles" (as it were). Digital Restrictions Management is something that I always mention when people talk about Netflix or other such streaming services -- because once you explain the issues with those kinds of services I find that most people are at least intrigued by alternatives (which usually have features that the DRM systems don't, because DRM has always been clunky as they're trying to accomplish something that is effectively not possible).
I feel like taxing proprietary software, or making it illegal would be awful. Many companies big to small run businesses off of proprietary software. You have the big players like Microsoft, Apple, Amazon, and Facebook. Not sure how some of these compare in size, but you also have Github, Shopify, Squarespace, Reddit, Atlassian, Basecamp, robo advisor companies. Then you consider not purely based online companies like banks or retail stores that sell their products online, or give you the ability to trade ETFs. Some of those they could use open stuff instead, as they make money off of trades.
I do agree that making DRM is a losing battle, and they are transferring that cost to legitimate customers. Really though I don't have much other options for streaming. Amazon prime has the same setup, and CraveTV probably does too. Though Crave doesn't have much for content that I'm interested in.
> I feel like taxing proprietary software, or making it illegal would be awful.
Maybe taxing on the distribution of proprietary software would be more palatable? After all, software that is written can only become proprietary if you distribute it to other people under a non-free license. I personally think the warranty idea is much softer on companies (while still giving some more protection for end-users).
I don't think banks should be taxed for having propreitary systems. I do have a problem with SaaS[1] companies, and companies which make money of selling software which is proprietary -- because they are actively creating a monopoly on the expertise in and ability to support their particular software (known more politely as vendor lock-in). Not to mention that proprietary software developers incredibly often mistreat their users through a variety of schemes.
That would then also apply to games. Anything that really runs on a device.
Really I think we just need better regulation around it all. So making sure that you are allowed to hack your own device if you wish. Able to extract your data. SaaS companies being required to give you data exports (unless unsafe to do so).
I'm not understanding why it matters what the software is. Modern games are already being used as a glorified way of getting more money out of their users (micro-transactions, "loot boxes", endless DLCs, multiple tiers, etc). It's not as though they'll stop making money (with "gambling simulators" and micro-transactions alone you can make hundreds of dollars out of any given user).
Taxing proprietary software distribution is a form of regulation. The ideas you propose are too piece-meal and won't actually solve the underlying problems -- namely that proprietary software is used as a tool to abuse its users. This is something that is inherent to the power dynamic between a developer and the users of proprietary software, regulation won't help.
A big part of proprietary software, especially when it comes to enterprise software, is support. When it comes to something like a bank, If I'm doing business with them I'd much rather they pay for proprietary software that comes with some level of support than leave them to their own devices with open source software.
"But what if the bank just hires their own staff to become experts at that open source software instead?" That could work, up until they need to make specific changes to the software for their business. So they fork the open source project and create their own variation of it.
Some of the banks profits now went into paying developers for the changes in the fork. Do you think the bank's executives will just want the money they put into the fork to potentially benefit all of their competitors by having them make a pull request to the original software? Probably not...and then you end up with proprietary software again. Only in this case it's worse than the proprietary software we started with, because every bank has their own fork of the original open project.
> Some of the banks profits now went into paying developers for the changes in the fork. Do you think the bank's executives will just want the money they put into the fork to potentially benefit all of their competitors by having them make a pull request to the original software?
Given that that is how they can avoid having to maintain a fork indefinitely, and that that is the fair thing to do after you profited from the gift of others who did the same: Erm, yes, they absolutely should want that, and most likely it is in their own best interest.
DRM is by far the bigger problem than proprietary software in general. There is nothing inherently problematic about paying money for software -- better to be the customer than the product.
The problem comes when rapacious companies decide it's a good idea to make people pay for the privilege of being the product, and use the law to restrict what people can do with the software, which is what DRM is really all about.
I think if that were the case, they would stop selling the software on devices you can purchase. That is, devices would be something you rent but never own.
When you use such a device (with a 'custom' distribution) you need to go 'all the way' with regard to shunning software which depends on this 'verification'. This is the most logical course to take anyway as the assumption is that you want to use a device which only runs such software you know about, not things pushed by vendors with their own agendas. So, sad as it might be for some, the likes of Netflix (et al) will not run on devices which refuse to listen to their master's voice (i.e. to Google, Netflix, etc) but only do the bidding of the device owner.
I have no problems with this as I don't want to use such 'services' anyway. I keep my own digital library, on my own server, using free software. I have no problems foregoing the latest H*llywood 'blockbuster' to keep a semblance of control over what I consider to be my private sphere.
But as long as we still can do the things we want, I do not see it as a problem ... but well, yes, since we have to struggle hard to just controll our devices a bit, because the rest does not care and so they can allmost implement whatever spware they want - it is a problem .
Situations like these do arise, it is only with great care and some sacrifice you get to walk this path. Losing out on the discourse between those who use different messenger protocols or who communicate through the likes of Facebook or G+ is one of those sacrifices. You can try to convince them to join you on some other channel but the chance of this succeeding depends on those friends' attitude towards both the subject of personal privacy as well as your reputation - if you cry 'wolf' at every opportunity they'll soon consider you to be a tin-foil-hat wearing loonie.
Fortunately the evidence against just those actors - Facebook, Google and others - is getting more and more visible and palpable to all. Between Facebook's blatant censorship of content and Youtube 'demonitising' [1] 'controversial' videos and actors, it is getting hard to avoid noticing that they are flexing their opinion-influencing muscles. This should make it a bit easier to convince people to jump ship [2] but you won't get all of those people to forego on the delights of Spies'r'Us or CatVideoCentral. Still, once a few of them join you you'll no longer be out of the loop and that is what matters here.
[1] a good word in this context as it almost reads as 'demonising'
[1] ...and please tell them that moving from Facebook to VKontakte is not an effective move in this respect
If some pass laws that make my choice to go outside FBook, Google or whatever-Internet-monster, then I'm screwed.
That my current nightmare. But I have not the faintest idea if this is close to reality or not. EFF zealots would probably very close while the very existence of ubiquitous free software says the opposite. Dunno...
Well, I don't think, there will be a law soon that requires an FB account or alike. But there have been cases, that people had to show their FB account at the border, or need it for school/University (or for job interviews )- so if there will be a structural disadvantage for people out if the corporate chain, then it will be a de facto law.
So if I want to keep watching Netflix I'll have to stick with the outdated and severely insecure Android version my manufacturer is shipping? The one where anyone in Bluetooth range has full access to my digital identity? And they're calling this feature SafetyNet?
Yup — and this is the same Google who have conspired to prevent you from installing your own SSL certs, so that you can see what data that module is sending to them.
Specifically: User-installed TLS certificates are now in a separate keystore from system CAs, users can not disable system CAs, and apps can choose which keystore to trust, but the default is that user CAs are not trusted unless apps explicitly opt-in.
I am totally ignorant of Android, but they could be pinning, and do so in such a way that it fails silently without sending data. As root you could probably detect this but you'd really have to know what you were looking for.
As root you could probably detect this but you'd really have to know what you were looking for.
I can think of two relatively easy and probably-not-secure (you were asking for freedom, not security...) ways to not only detect but also bypass this:
- Hook certificate verification APIs to always return true.
- Scan for certificates embedded in the binary and overwrite them dynamically. This will work if the app decides to use its own crypto but standard certificate formats.
Care to explain what you mean by that? As far as I can tell, vendors ship crapware as software installed on Windows, and you can always remove it by reinstalling Windows or often just uninstalling the bundled software.
Lenovo used the UEFI/BIOS tables to load crapware back into a fresh retail user-installed windows setup. The bios table was named Window Platform Binary Table
Lenovo? That sucks. I was considering a Thinkpad to get out of Apple's stranglehold. I'd put Linux on it of course, but I'm still not happy buying from a company that pulls crap like that.
I’m not defending the shit Lenovo‘s been pulling these last few years, but it’s worth noting that none of it (neither the Superfish fiasco nor this) affected ThinkPads. Apparently their consumer line and ThinkPads are run quite separately. I hope that keeps them from messing up the ThinkPads...
That mechanism only works through cooperation of the OS installation process. It's actually the OS that asks the device whether there is any crapware it is supposed to ingest and then goes on to ingest it.
As long as you consent to that, everything is fine I guess. The software is doing its job as an agent of its users.
Devices that are rooted will not fail to attest via the API.
Will not, as in you can theoretically get it to "say the right answers" if you have root? It seems like the best way to "crack" this protection would be something like virtualisation, where the binary is run in an environment that "looks good" to it. (This also reminds me of a lot of malware, which actively tries to determine if it's being run in a VM or otherwise being analysed.)
Currently you can use Magisk to get around this, which roots without changing the filesystem.
But Google is moving towards reading hardware fuses, and has been working together with OEMs to use secure enclaves to securely attest the status of the system in the future.
By requiring the attestation results to be signed by a key burnt into the CPU, they also prevent virtualisation.
And yet having a hardware enclave is necessary to secure private keys for device encryption and user privacy.
I'm not against, non-network, hardware-based security features. In fact, I think we need them. I would certainly desire a phone where someone can't simply access my private key with a soldering iron and flash programmer.
And I wouldn't mind a bootloader that is locked to prevent tampering with the device, as long as I can unlock it, and unlocking it wipes the device or something. I wouldn't mind using Android as intended without root access. But, I want control over the decision. I want to control the OS I run on my device. I want the freedom to increase its lifespan beyond whenever the manufacturer stops provided security updates. I want to have the ability to enable root to inspect my data on my device using my storage, without sacrificing my ability to watch movies on the $600 device I paid for that somehow has a better quality display than my monitor. And also, I want the ability to block ads that gulp down my expensive mobile data so that I can instead pay for a service like Netflix.
The problem with android on the whole is that it got good enough, quick enough that it prevented any meaningfully open and consumer friendly alternatives to emerge. Safety net is a part of the play services, which on the whole is opaque and binary. So not much is new there.
Also it wore the skin of a free, open platform pretty well for quite a long while. It was only after it got popular that Google started subverting that and turning it into the creature it currently is.
> Devices that are rooted will not fail to attest via the API.
That should be "will fail", right?
> We're at the point where you don't even own your own filesystem anymore on a Linux device.
Is this really true? It seems to be of the form "if you decide to own your file system, then you are not given access to certain proprietary media resources or applications". That's a shame, and I'm not happy about it, but my access to Netflix is a convenience, not a fundamental right.
With regard to your second comment, that was one perspective that I do consider. There are still plenty of media sources that do not use device attestation. But the trends are not showing in the right direction. Also, as you say, you could decide that maintaining root is more important than being able to consume movies or whatever other DRMd media on your device, but you are sacrificing some of the main features that were marketed to you during your purchase, while still paying full price.
Also, it's not just content-delivery apps that take advantage of the APIs, utility apps like Android Pay require their availability. Multiplayer mobile games are also beginning to implement them to "combat cheating" (correction: preserve the viability of microtransactions, but I'm just a cynic). I think the Android Pay case is a bit more understandable, but still, why not implement it as an optional feature a user can enable? If it is designed to save money from fraud, then why not give users a small financial incentive to enable it? Taking the choice away from the user is the enemy here.
Don't forget that the lockdown of software on mobile devices goes beyond these new attestation APIs. For 5+ years, phone manufacturers been shipping bootloaders that cannot be unlocked, devices that cannot be rooted, and firmware/OS that cannot be flashed. There is an attempt to ultimately control all the freedom a user has to install their own software. The technology to prevent user freedom is only going to get better and better, as exploits are covered up and manufacturers become smarter about code signing and secure hardware design.
So there is much more to the issue than I think is present at first glance. It affects everything, and it is only getting worse. Forget the closed-source firmware that can be delivered and installed at any time over the air and has unrestricted access to your device's unencrypted RAM... that's been going on forever. But now even Wi-Fi routers are being shipped with locked down bootloaders, killing any chance of upgrading or fixing security issues in your device once a manufacturer decides to stop supporting a device. Guess you'll just have to buy a one in two years. That new AC-2300! 802.11AC is going to be so much faster than that old measly AC-1900. Don't forget the crystal oscillators wear out over time, anyway. /s
Sorry to go on such a wild rant, but I'm pissed. I'll go on over to the AMD profits thread, and feel a little bit more optimistic about the future of freedom.
> Sorry to go on such a wild rant, but I'm pissed.
Not at all. You make a good point. I was reacting to your comment about Netflix as if that were the main issue, but your reply makes it clear that you meant it as just the easiest illustration of a fundamental shift in dynamic. Thank you for clarifying (civilly rather than angrily, despite your obvious passion on the subject!).
They had a link here about running Linux within a container on Android. Can they control processes in such a container? (they could ban this trick, couldn't they)
Wow, I was not aware of those things and I thank you for bringing them to my attention. It sounds like we had better get busy busting that apart before the exemptions the SCOTUS gave to DMCA 1201 for fair use expire in a couple years.
On the one hand, this is kind of sad for device owners. On the other, it sounds really nice if you're making a game on Android with clientside aspects and want to stop cheaters.
It's proven pretty ineffective at that. Ingress and pokemon go use it to try to avoid cheating through spoofing your location and they're both still riddled with such cheaters.
Devices that are rooted will not fail to attest via the API. Devices where the user has chosen to install a custom ROM will fail to attest (even with a locked bootloader and no root). Apps from Google Play can use these APIs to decide whether to work on a user's device.
This is macOS SIP taken to a different level. You can't watch Netflix and whatever other app decides to use these APIs unless Google has complete control over your device, including the ability to remotely collect and transmit opaque and arbitrary data at any time. This is a dishonest attempt to disguise a draconian DRM scheme as pro-user, pro-safety, anti-virus/rootkit. We're at the point where you don't even own your own filesystem anymore on a Linux device. I think this is a step beyond traditional DRM, including traditional hardware content protection.
[1] https://developer.android.com/training/safetynet/attestation... [2] https://koz.io/inside-safetynet/