Almost all of this is heavily exaggerated, presenting relatively innocuous features as if they were harmful, or calling out simple bugs as if they were intentional and actively malicious. None of it is flat-out wrong per-se (at least as far as I can tell), and I can certainly see where GNU is coming from, but I think for the average user most of the features they're criticizing actually do a lot more good than harm.
Just a few examples, to demonstrate my point:
- They describe Google's demonstrated ability to remove malware from user's devices as a "backdoor"
- They describe parental controls as "censorship"
- They consider the fact that Android supports DRM "malware"
- They cite the fact that Android malware exists as a security flaw. (Ignoring the fact that there is basically no OS in existence that can't be infected with malware.)
- They consider the ability for users to remotely reset their Android lockscreen combo if they know their Google account password a "back door"
- They describe a bug where Google Assistant incorrectly identified the "Okay Google" hotword as "Google Assistant recording users' conversations"
- They describe the fact that a Google message app doesn't delete conversations until the user asks it to as "surveillance"
Again, I'm not saying this point of view is necessarily wrong. From a certain point of view, all of the claims I described above are actually quite logical. (I even find myself agreeing with some of them.) But from the perspective of the average user, the vast majority of this stuff simply isn't worth worrying about, and I think it's a little extreme to characterize it as "malware". Just something to keep in mind.
If you come at it from the perspective that Google is your friend, as in not like a real friend (who I wouldn't let change my passwords), but a friend that's even better than a real friend, then sure, these points are paranoid. The GNU perspective is very distrustful of the idea that anyone else should be administrating their devices, and refuses to trust any corporation more than they would a friend.
The GNU completely ignores the value that you get from Google. For instance this point:
> Google Chrome contains a key logger that sends Google every URL typed in, one key at a time
They are describing the auto complete feature...
I get that people should be making informed choices about what data they share, but for the FSF to so intentionally mis-describe what is going on does not help inform anyone.
Wait but that's literally what the auto complete feature does. Most users understand the value of the feature (they use it!) but there's a good reason to spell out the cost too.
I agree with the criticism that they should draw a clearer line between the cost and the benefit but there's nothing to be gained by softening the language used to describe the cost.
I'd naively consider a keylogger to be software that captures your keypresses universally.
I use Firefox and have search suggestions disabled there so I am somewhat sympathetic to their point.
That said, calling server-side autocomplete on a field you explicitly are typing in strikes me as about as sensible and forthright as calling an Amazon text field that takes my credit card number a card skimmer.
> calling server-side autocomplete on a field you explicitly are typing in strikes me as about as sensible and forthright as calling an Amazon text field that takes my credit card number a card skimmer
Exactly, and waters down the impact of the termminology. If "card skimmer" is anything that can read a credit card, than the term is meaningless for security.
If "keylogger" is anything connected to the web that responds to a keypress...
GNU is risking turning into the boy who cried wolf here.
> GNU is risking turning into the boy who cried wolf here.
As with a lot of the FSF's messaging, I think the substance of the message may be correct, but the way they convey it just isn't effective.
If this is for a general audience(!), no-one was ever convinced by the 48th item in a list who wasn't already convinced by the 47th. You don't persuade people just by being right, and certainly not by banging on about the very many subtly-different ways in which you're right. Pick few strong examples and prosecute those decisively.
If this is a resource for campaigners, set out the audience and intent before you start. Preface it with something like “Here are various ways that certain aspects of Google's software can be seen as indistinguishable from malware. They may be useful counterarguments if someone suggests Google's software is trustworthy.”
There's a lot to appreciate about Stallman, but as an ideologue, he's never going to prioritize a gentle & incremental articulation of his ideas. We could call it a failure to empathize, but you see ideologues all over undermining their communication by making it as distilled & radical as possible. But that's not what tends to convince other humans they're wrong about something.
How about an Amazon text field that takes your credit card number before you submit the form?
There's no warning that a text field autocompletes, and no reason to assume all users are tech savvy enough to realize that google has to see every character typed to send back recommendations.
No, as a keylogger is the term for a malware to capture ALL your keystrokes in secret (to usually later fish out the interesting ones like passwords). It is misleading, to mix it up with a software, that captures your textinput from a textfield, even though it is not communicated clearly to the average user that his text goes to a server.
The autocomplete provides a valuable service: it shows you suggestions for search terms; it's similar to if the credit card number is sent to the server and the server sends back whether or not the number is a valid credit card number (although this is now done on the client side).
It can also be turned off extremely easy, not exactly what we know as "malware" if it allows you to turn off its "malicious" activities.
The costs? Are you joking? Of to the 2 Billion people using Chrome, point out just one for whom the privacy implications around autocomplete have imposed a non-theoretical cost. There's the cost you impose on yourself for paranoia, but lay THAT at the feet of the FSF.
And if you say bandwidth you're fired. It's privacy the FSF is grumbling about. And for that it's been rhetoric and theoretical suffering, but no actual real-world damage. And not for lack of adoption.
If your browsing history is of value, than giving it (or even just the portions of it that are manually typed into the url bar) away is a cost to you. You can't point to a dollar amount on an invoice, so in that sense it's not "non-theoretical." But if you believe that personal information can be valuable -- and it's pretty clear that it can, especially in the aggregate -- then calling this a "cost" is not a joke.
Google already stores your browsing history in the cloud if you're signed in, which most users are. The "keylogging" wouldn't really add any value to the data, and thus I don't really buy that cost.
If you're not logged in, as I'm sure FSF people are, then this is a much bigger deal, but it doesn't apply to the vast majority of people.
All that said, the keylogger would take a good deal of interpretation to get a complete or even partial history, since autocomplete choices would likely be chosen anyways, not fully typed out URL's. If they send that history anyways on any time you press enter, the autocomplete feature again doesn't matter because they have it with our with.
Your browsing history, as a rule, is not actually valuable in any meaningful sense. If it were, then your cost would then have to be an opportunity cost, the lost opportunity to sell which you didn't take. Except if that's the case, it's not the autocomplete that stopped you; you could sell your history still anyway, autocomplete or no.
Also, your aggregate value argument is quite apt: It's valuable to know what percentage of a city speaks English, but the fact that you personally do or don't is of no real value at all, specifically because it's "your" individual data, not despite the fact. And insisting that you've been hypothetically robbed of your entitled half penny for disclosing your language preference to the McDonalds cashier is precisely as sensible as complaining about the value of your half-typed URLs.
Your thermometer is only a good indicator if it provides a comparison of the current temperature to the average temperature for that moment plus windowed samples over the last one hundred years. Otherwise, it just tells you the current temperature. </s>
And again, you're talking hypothetical. Anything is harmful in theory. I can think of a thousand ways in which privacy itself is harmful in theory, it's not even hard. But unless it actually happens somewhere to someone it's quite likely my assumptions are faulty.
> Of to the 2 Billion people using Chrome, point out just one for whom the privacy implications around autocomplete have imposed a non-theoretical cost.
You've never accidentally typed a password in a URL bar? You've never accidentally focussed the browser window when typing something you don't want Google or anyone else to know?
Yes, this is a keylogger. Autocomplete with a remote backend is too.
The Overton window has moved so far in the last ten years.
A while back we (and by we I don't mean me, I mean hackers collectively) would consider a piece of software that opened a TCP socket unless it had a real reason to malware.
Now? It's fairly common for like, webpages to send back every keystroke you might accidentally make whilst a tab is focused.
The fact that this is frequent, possibly even 'normal' behaviour does not make it sane.
The Overton window describes what the public will accept as "sane" (to use your term).
You're free to disagree with the rest of the world, of course. But you might want to focus on trying to shift the Overton window. What you're doing in this comment is simply asserting that you disagree with everyone else.
The disagreement is not that autocomplete with a remote backend is a keylogger, that's factual. It's about calling it malware right?
Because you seem to be asserting what "everyone else" thinks.
If I ask non-technical people about this autocomplete feature and whether they would like to disable it (assuming they have this option), after explaining it sends every keystroke to Google, they (generally) will reluctantly agree to have it enabled, why?
It's not because they believe sending every keystroke to Google is a super reasonable sacrifice for having the benefit of autocomplete on search queries.
No, ask them, they will invariably sigh "Well, Google knows everything about me already, anyway, so ...".
That's NOT the reasoning of someone making a well thought-out decision, it's the reasoning of someone beaten into submission. And we know this is true, because we feel it too, every time you read a comment about somebody trying to escape the Google Ecosystem, but not yet having a satisfying replacement for this one service .. You don't get to make a fair choice about it.
That is why they say Google mistreats their users, because they made them give up, not just giving up their privacy, but giving up on their belief they even have a choice about it.
You can choose many competitors to their products. Google wins because in many cases they are superior. Stop peddling this myth that consumers are forced to use a free thing.
If only there were some middle ground between "not having autocomplete" and "ruthlessly data mining the everliving fuck out of everything I do in order to sell me shit." Oh well, nothing we can do, I guess, except shut up and take it.
With Google Maps the choice is even between "simply remembering your past few searches" (incredibly easy to do locally) and ruthlessly data mining the everliving shit of everything you do.
That's basically holding my privacy hostage for what is stupidly basic UX functionality.
And it's not like I was given a choice about it. Maps used to remember your search history just fine, until they pulled that a few years ago, and I "just" had to give them my location history, so they would remember my fucking search queries.
You might recognize these tactics from heroin dealers and similar scum.
It's amazing how unnecessarily less useful Maps is, if you have to retype the addresses every. single. time. But you don't want Google to keep a log of everywhere you've been.
I think it's useful to describe the features in terms that make it very clear what's going on. On the other hand, I disagree with the assumption that users should not be willing to make the tradeoff of using the software anyway.
It might ignore the value, but it's not incorrect.
If Chrome is sending to Google every character typed into the URL bar, that's literally a networked keylogger and can presumably be used for all the same nefarious purposes as a "malicious" keylogger. The perceived value this feature provides is meaningless in the context of privacy/security.
I bet all those keypresses are stored permanently, associated with your Google account, but that's another issue altogether.
Your "friend" analogy is basically the perspective of someone who wouldn't put their money in a bank. If you wouldn't trust a friend to hold thousands of dollars for you, why would you trust a bank?
It's questionable whether Google deserves similar trust as a bank since they aren't regulated in a similar way. But it isn't unusual for people to trust companies over friends for some things, such as their life savings.
The other thing to remember is that trust can be partial. For example, I wouldn't trust a bank not to be looking for legal ways to charge me fees and I wouldn't trust their investment advice, but I'd trust them to keep their ATM's working and not to lose my money.
You bring up regulatory controls on banks, but then dismiss them as if most folks would willingly put their money into them if the regulations weren't there. If you'd trust the bank with your money without the regulations, I'd love to send you details about the bank I'm forming.
You've managed to acknowledge and then ignore the point. You aren't trustworthy. Or maybe you are, but I don't know that. A bank is. There's history of acting, if not ethically, at least not totally unethically, even without government regulations. Wells Fargo, Visa, and Coinbase all have decreasing sets of regulations, but all have more consumer trust than "badrequest".
I certainly don't mean to dismiss financial regulation. It's an important reason why today's banks are lower risk than in previous times - at least, for depositors. But people used and trusted banks long before FDIC insurance. (And often, that trust was broken.)
I expect we will see more regulation of the companies storing personal data, along the lines of the GDPR. I don't expect people will stop using the big tech companies to store personal data.
Google is not your friend. Google is a multi-billion dollar international corporation which sells advertising. It does have a good marketing team that makes cutesy artwork for it's PR campaigns though.
If you come at it from the perspective that Google is your friend, as in not like a real friend (who I wouldn't let change my passwords), but a friend that's even better than a real friend, then sure, these points are paranoid.
If you start an argument with a false premise (like the above), then sure, you can come to just about any kind of conclusion you want.
The GNU perspective is very distrustful of the idea that anyone else should be administrating their devices [etc etc]
Which is a perfectly reasonable position to have, and no one takes issue with GNU for having it.
What one takes issue with is the consistent use of manipulative language, egregious omission of context (e.g. like what was just said about Google in the post above) and other generalized mindfuckery that GNU folks seem to routinely resort to in order to get you to buy into their shtick. As exemplified in the article referred to in the original post for this thread.
And which has gotten to be way beyond old. For like, multiple decades now.
GP's points still stand, if coming from the perspective that Google is a successful, multinational corporation, with a reputation to protect, and staffed with thousands of engineers who also have their own job standards and individual reputation to protect.
And again they don't stand if your perspective accounts for the following observable facts:
- Multinational corporations care little about their reputation - the public has very short memory, and it's rare that a reputational issue outweighs considerations like sunk costs, network effect, or lack of better alternative on the market. See literally almost every scandal involving a corporation ever.
- The larger the organization, the less individual ethical and reputational concerns of bottom-line workers matter. See literally every corporation. For particular recent examples, see e.g. Volkswagen emissions scandal or Boeing 737 Max fiasco, both cases involving actual engineers with actual careers on the line, and not just software devs risking unemployment for 10 minutes.
Note that both statements are explainable even without attributing malice to any corporation. They're side effect of scale and market power.
Your friends have your friendship to protect, right? If multinational corporations have your interests at heart more reliably than your friends then maybe it's time to meet new people!
Different entities can be entrusted with different responsibilities, not because I trust one more but simply because they're different.
I'll never ask my friends to memorize my schedule and remind me on time. I'll also never ask Google to take care of my cat. Sounds pretty straightforward to me.
> - They describe Google's demonstrated ability to remove malware from user's devices as a "backdoor"
from wikipedia "A backdoor is a method, often secret, of bypassing normal authentication or encryption in a computer system, a product, or an embedded device "
Seems to fit.
> - They describe parental controls as "censorship"
"Censorship is the suppression of speech, public communication, or other information, on the basis that such material is considered objectionable, harmful, sensitive, or "inconvenient"."
Also seems to fit.
I could go on about the other points, but most of it is true almost by definition.
This is an example of the noncentral fallacy. It's quite easy to do this for other situations.
Was Martin Luther King a criminal? A criminal is someone who breaks the law, and King knowingly broke a law against peacefully protesting against segregation, so yes.
Is it sexist to only hire women for a lingerie ad? Discrimination on the basis of sex is sexist, so yes.
Is it murder for a doctor to euthanize someone who wishes to die, even if it's not allowed in their area? Murder is the unlawful premeditated killing of one human being by another, so yes.
But for all these things, if you just describe them as "criminals", "sexists", and "murderers", you're saying "we agree x is bad, y is an example of x, so y is bad", even if the reason x is bad doesn't really apply to y.
removing malware is good, so this method of bypassing normal authentication is good.
parental controls are good (?), so this functionality to suppress what-we-define-as-objectionable content is good.
autocomplete is good, so this keylogger is good.
Google Assistent is good (?), so having it just pop up unprompted and just start recording is good (It managed to record me a few times, even though I have zero interest in voice controlling my phone--I have NO idea what triggered it, so yeah that's malware).
I'm not making a value judgment about anything, so that particular 'fallacy' doesn't apply. Good arguments don't just call things fallacies and leave it at that. Besides, the existence of a fallacy in an argument doesn't necessarily make it wrong; it's called the 'fallacy fallacy'.
This is such BS. When you put a baby in a car seat and he/she starts crying, you don't have their consent. However, legally the parent is the guardian of the child and is responsible for the well being. Stop using semantic bullshit to justify random arguments.
It's not semantic bullshit. It depends on what value you substitute for "child" when you think about it. It's different when you're thinking 5yo vs. 15yo.
If anything, being outraged at calling parental controls censorship is what's bullshit. "Censorship is bad and protecting children is good, therefore parental controls are not censorship". We could instead call spade a spade, and then talk about when its use is justified.
The point is that legally parents are allowed to make that choice among other things. It doesn't matter if the kids are the direct user. This is the legal framework we live in
Disagree. We’re allowed to dislike the legal framework we live in. We’re allowed to say, if we wish to, that our laws appear to force[1] parents to use censorship to limit what their kids see, and that that is a bad thing. Furthermore we can say we disagree with the rules defining that censorship — for example, I have always been more disturbed by violent content than sexual, and I wish that fictional depictions of murder were even more unusual than fictional depictions of rape currently are in daytime television, i.e. never.
Of course I already know the standard counter-arguments, but those don’t change the visceral annoyance I have with a system that considers all full-frontal nudity to be a bigger problem than watching someone being shot, stabbed, or poisoned. I am also annoyed that the rules of these parental filters seem to copy American sociopolitical norms by default.
[1] reality depends on your jurisdiction, and I am not a lawyer in any case, but people still get to say that if they mistakenly think it’s true :-)
Blaming the law and society should be a separate thread. Conflating that with tech companies abiding to them is plain wrong and dilutes two separate issues.
Then GNU shouldn't try to use providing censorship tools as a pejorative.
If we agree that there are ethical ways to use censorship, providing censorship tools cannot be inherently unethical and companies shouldn't be faulted for doing so.
You will have no legal viable product if you don't ban extreme hate speech or child pornography on your platform. Is a GNU "approved" platform okay with supporting those ? It's very easy to right these tenets and criticize every company. It's hard to build products used by billions and stipulating to laws in different countries.
A tool to remove malware may qualify as a backdoor, and backdoors may generally be considered as malware, and malware does generally harm or mistreat users, but it does not follow from all of that that tools to remove malware harm or mistreat users.
Say you want to send data to an untrusted destination and want the data to be read-only and non-copyable. DRM is the solution. That's not malware, it's part of the threat/loss prevention model for certain kinds of data.
There are plenty of issues with DRM from a practical and philosophical level. But I think calling it malware is disingenuous. Alice doesn't cede her rights over her data by transmitting it to Bob, and DRM is how Alice protects the data when Bob is a malicious actor. If Bob wants to gain more privileges over all his data, he doesn't need to accept communication from Alice.
That said, buggy DRM can be atrocious and cost more money than it saves. I know plenty of folks who pirate software they own because it's easier than an legal install. But that's a UX problem, not a DRM problem.
By sending it me you have to copy it, either onto a medium or network, I then have to copy it (from some medium/network at least into main memory and then copy either into video or audio memory which then do magic to highlight pixels or create audio waves)
The copy is essence of what a computer does. A computer can essentially only do some math and copying.
If you ask me to install some DRM software (or maybe even some hardware containing DRM stuff as in HDMI) you are asking me to run additional complex software where the only purpose is to restrict the functionality of my computer.
I do that, since I like some movies and other things I get this way. However the software serves no purpose to me as the user. It is there to do Digital Restriction Management.
When Apple dropped DRM from their music downloads it was a great day. Suddenly one could download music for a competitive price legally from the internet and use in all the ways. Putting it on my mp3 player or my media server and create a backup, which I can trust to be usable even a few years. If a new audio standard comes by I even can re-encode and keep it.
Meanwhile however we have Spotify and are back in the walled garden.
Movie industry unfortunately went directly from physical media (with stupid DRM restrictions - my favorite one is that on a "legal" DVD player I am forced to watch a short sequence on how bad pirates are, on my "illegal" DRM free player I can skip that part) to streaming. Making sure I don't "own" a thing and making sure my computer runs software limiting what I can do with my computer.
In the legal sense, buying from iTunes is actually "buying", while you do just rent access (similar to a Gym membership) when you sign up for Apple Music or Spotify. I don't blame them for using DRM for music when the user needs a perpetual license to continue listening to it.
Maybe "non-redistributable" instead of "non-copyable."
I don't disagree with your assessment, except I'd say DRM doesn't exist to restrict the machine - the goal is to restrict the user. Which is necessary, when users aren't trustworthy.
But I'd disagree that DRM doesn't serve you a purpose. It serves the purpose of establishing trust and enforcing conditional exchanges of information. The alternative, like you imply, is no communication, or communication through a different medium that doesn't involve your hardware at all.
These kinds of reductionist arguments don't hold much water in the real world. Using arguments like this you can justify ransomware--after all ransomware is just CPU instructions running on a computer. That is what computers do is run instructions. Therefore, it is totally okay if the instructions happen to encrypt the entire contents of a disk and prevent the user from accessing it until they pay money.
Here in meatspace, we have this notion of ownership and property rights. DRM is a mechanism to protect those rights. They may not be perfect, and they might not always make much business sense but that is their intent.
The ransomware doesn't do what I as owner of the computer want and nothing which serves me a purpose. The comparison doesn't work.
If you look for a comparison: DRM is like a book publisher printing books on special paper which prevents copying and which can only be read in a specific angle so I can't easily take notes containing quotes from the book. All to protect those rights. (Edit: actually that example is missing a piece - you need special reading glasses to be able to read it, that's what DRM is doing on my machine)
And yes - Napster was an issue for the music industry. Suddenly their content was there for free and easily accessible. But then there was Apple, giving music away DRM-free with even better usability and for an acceptable fee.
> Say you want to send data to an untrusted destination and want the data to be read-only and non-copyable. DRM is the solution. That's not malware, it's part of the threat/loss prevention model for certain kinds of data.
That's a nice way of phrasing it from the business point of view. From the customer point of view, it's degrading the product and artificially limiting the ways one can interact with it. It goes against the fundamental principle of general-purpose computing: as a computer owner, I get to tell what the computer can and cannot do with the data it has.
DRM in its most general form exists as a way to (try to) make some data follow a different set of rules than the rules of the medium. It's an attempt of making bits have colour[0]. Since bits don't, and can't, have colour, you have to simulate this by changing the rules of the universe in which those bits are processed. It's practically impossible to do correctly, hence the product degradation that always accompanies DRM schemes.
Adding insult to injury, DRM is usually employed to force a recurring revenue stream in a context where it fundamentally doesn't make sense.
Even with quantum technology, there is such a thing as a “good enough” copy — my phone can record 4k/60fps, and while it would be a bit fiddly to set it up right to copy a video by filming a display, it can be done.
I have no idea what you mean by that. I really need you to elaborate, because it sounds like a perfect description of DRM. It's there to stop you from playing/copying files, and nothing else.
Your explicit intention is to disrupt the operation of the computer running the DRM software. This disruption is not authorized by the owner of the device. Ergo: malware.
If you're going to claim control over my computer in the process, I would prefer that you not send me the file. If the price is accepting DRM then it would be better for everyone if the file never existed.
I can still not send you the file if I have DRM. Now you are keeping control of your computer by not using any files with DRM, and arguing that nobody else should be given those options.
Look, if you want to keep the file to yourself unless I agree to run your DRM code on my PC, that's your choice (and mine). Just like rootkits are generally considered malware but it's not an issue if the owner of the PC chooses to install one. However, to be clear, the price is not just me accepting DRM in order to get the file from you but rather everyone being saddled with owner-hostile (and generally non-removable) code shipped with their computers by default and a legal system which grants special privileges and protections to purveyors of DRM, without which the technical measures would be far less effective.
I'm not complaining that you won't give me the file unless I run your DRM code. I'm complaining that your insistence on DRM is creating negative externalities for me and others even if we don't want the file.
Extends what you can do, by letting you control (limit) my usage.
So instead of "It is extra software with the only purpose to limit what I can do." we have "It is extra software with the only purpose to limit what I can do, on the bidding of someone else."
That's basically the same definition. The "someone else" part was already implied by the first half, obviously some party wants it or there would be no conflict. So we've reached a clearer and more explicit definition, but we've also shown that the original definition is not insincere at all!
This is what I could call are a sincere definition.
I understand why someone could view this as limiting, but saying DRM is malware and it's only purpose is to limit you is intentionally ignoring other information about DRM to make it sound even worse then it is.
Given that 'malware' is short for 'malicious software', one might make a semantic argument that DRM is actually anti-malware, as it prevents other software from operating maliciously. Copyright infringement is undoubtedly a malicious act under the law in most places.
Any kind of security, authentication, or encryption software ever written was done so to "limit what you can do", so I don't think that is enough to constitute maliciousness.
That being said, many DRM software implementations have been known to go beyond just protecting the rights of the content creators, and that's a different story.
> Copyright infringement is undoubtedly a malicious act...
You're seriously trying to argue that people who commit copyright infringement do so maliciously, i.e. with the intent of harming the copyright holder? That seems... novel. And not very plausible. If true, however, it would be much more effective to ignore the work altogether, thus denying the copyright holder both direct income and free publicity.
> Any kind of security, authentication, or encryption software ever written was done so to "limit what you can do", so I don't think that is enough to constitute maliciousness.
The point of security, authentication, and encryption software is to protect the interests of the owner of the device. Defending yourself from malicious attacks by others is not an act of malice. DRM is malicious because it perverts the owner's computing resources to thwart the owner's interests and subverts their control over their own device.
> You're seriously trying to argue that people who commit copyright infringement do so maliciously, i.e. with the intent of harming the copyright holder? That seems... novel. And not very plausible. If true, however, it would be much more effective to ignore the work altogether, thus denying the copyright holder both direct income and free publicity.
Your incredulity seems intellectually dishonest.
If not malicious, how would you describe enjoying a {book, movie, song, program, ...} that someone has offered for sale without paying for it?
Granted, it's not as clear cut as theft. You aren't depriving anyone of an item that they own.
Granted, the author may in some cases benefit indirectly from copyright infringement, e.g., when you go tell your more honest friends about it, and they go off and buy a copy for themselves.
But in a world where the vast majority of the folks who create these kinds of works need to get paid, and the way they get paid is by selling copies, consuming their work without paying for it seems really fundamentally unfair to them.
> If not malicious, how would you describe enjoying a {book, movie, song, program, ...} that someone has offered for sale without paying for it?
The natural state of the world? There is no natural right to control the distribution of things that you publish. Copyright is an artificial privilege created for the sake of social engineering.
If one thing is certain it's the fact that there is no actual malice in the act, so calling it "malicious" is intellectually dishonest. Even labeling it as freeloading would be incorrect since there is no cost ("load") imposed on anyone else. It makes zero difference to the copyright holder's material wellbeing whether you obtain an unauthorized copy or just ignore the work altogether. It's understandable that people would like to be paid for nothing more than giving permission for something that doesn't actually affect them at all, but there's no just basis for it.
Obviously people should get paid for the labor involved in creating new works, to the extent that there is a demand for them. That does not in any sense imply that they should be able to control the distribution of works which have already been created and published. There are plenty of other models (including patronage, crowdsourcing, bounties, and work for hire) which would permit creators of works to get paid fairly without control over distribution. Copyright in general and DRM in particular are among the worst choices, not only because they are unjust but also because they impose massive negative externalities on the rest of society for relatively little gain.
The owner owns their device, yes but they don't always own the data on the device. DRM, for all its faults, is an attempt to reconcile to reconcile the two conflicting requirements.
The idea of "owning" data is incoherent, which readily explains the issues with DRM. It is an attempt to apply rules suited only for scarce property to non-scarce information.
Owning a resource means that you get to decide how the resource is consumed, i.e. used up. This is exclusive only to the extent that scarce resources cannot be put to two conflicting uses simultaneously, so active use by anyone else would prevent the owner from consuming the resource as they choose. Data, however, is not scarce; it can never be used up. There is no possible conflict between the "owner" and any other user, which makes the claim of ownership meaningless. No matter what anyone else might do with the data, the "owner" still has it and can use it however they wish.
The vast majority of places in the world recognize the right for a creator to exclusively reproduce their creative works for a period of time so that they may enjoy profit from their creativity.
That may be semantically different than “ownership”, but is otherwise functionally irrelevant in the context of this conversation.
Thank you for providing a perfect illustration of the is/ought fallacy. You are saying that copyright laws exist. I am saying that they should not exist because they are unjust and logically incoherent. These points are not in conflict. The fact that copyright is semantically different from ownership is the entire point. Ownership and exclusive control over physical property have a just and rational basis in scarcity. Copyright does not.
The concept of copyright absolutely does have a rational basis in scarcity. Creative works take a substantial investment of time and/or money to create.
The idea that creators shouldn't have the right to control their works is wildly radical -- even more than the FSF's view. Even the concept of copyleft relies on the right of the creator to impose licensing on their creative works. If copyrights didn't exist, licenses that require source to be shared, like GPL, couldn't exist.
You're well entitled to your opinion, but I'm glad the world doesn't work that way, because things like the restrictive clauses in GPL have been very good for the world.
> Creative works take a substantial investment of time and/or money to create.
That's the labor which is scarce. Not copies of the copyrighted work. I already said people who create things should be paid for that labor—or more to the point, have to be paid if you want them to continue to create things. That does not imply that they deserve to control what others do with the work after it's been produced and published. That was just an expedient method chosen to encourage "the sciences" (though in practice it's been applied more to entertainment). There are better ways.
> If copyrights didn't exist, licenses that require source to be shared, like GPL, couldn't exist.
The GPL was created as a counterbalance to copyright. In a world without copyright there never would have been any need for it. Moreover, permissive licenses like MIT and BSD have had their share of success even without a requirement to share source code for modifications.
> The idea that creators shouldn't have the right to control their works is wildly radical -- even more than the FSF's view.
It's not really all that radical. Copyright itself is a relatively recent invention and was originally designed as a means of censorship and protectionism for publishers. Before that there was no practical means for an author to control distribution of their work, or any expectation that they should be able to do so. The manual duplication of notable works was routine, and you wouldn't find those scribes begging the author's permission.
In more modern terms, the popularity of file sharing certainly suggests that a very large fraction of the population doesn't act like they believe authors should be able to control the distribution of their works once they're published. Copyright is mainly popular among those who directly benefit from it, much like any other subsidy.
> I already said people who create things should be paid for that labor—or more to the point, have to be paid if you want them to continue to create things.
> There are better ways.
Like what, paying for labor instead of the work itself? That may work well (and already does) for more commoditized/custom-purpose/one-time-use creative works, but how do we apply something like that to something like recorded-media entertainment? Prepay for Taylor Swift's next album on Kickstarter?
> Like what, paying for labor instead of the work itself?
Yes, exactly. There is no reason why a Kickstarter or Patreon model wouldn't work for recorded-media entertainment. Those approaches have already been used for things which are much more labor-intensive than music albums.
Artists with an established brand and fan following have some additional options, such as limited-edition merchandise or signed prints. Scarce physical goods that can't just be duplicated because their value is derived from their providence.
If DRM allows you to consume content you would not otherwise have access to, it is a feature. What does it limit you from doing, in particular? Running custom software on your device? That’s a funny definition of malware.
DRM doesn't allow you to consume content. There is nothing technical about DRM that helps deliver content to me.
I think you may be referring to businesses making an anti-user decision to withhold content, and mistaking exceptions to that to be things useful to a user.
I don't see how it's an anti-user decision. Whether it's bits over the network or physical stuff, why should they have to send me their product if they don't want to?
DRM isn't about them not sending the product - it's about them sending the product and then hijacking the computer I own to prevent me from using the product the way I like.
DRM schemes are anti-user decisions in the sense that users are presented with a choice of either allowing companies to hijack their machines to enforce a subpar experience, or walking away.
The product is the media content. Our society and legal framework says you don't own that content. You might own your device, but you don't own that bit of data stored on it. Said data owner requires you to consume the data in certain ways. How do you reconcile the two conflicting requirements? One way is to invent crazy DRM schemes.
Of course, I'd argue most DRM pushes normal people to piracy because the restrictions usually suck. Had they just distributed the content in a more unrestricted way, they'd do more business. But that is a business problem, not a technical one.
> How do you reconcile the two conflicting requirements? One way is to invent crazy DRM schemes.
Another way is to not do it. The law does not require you to implement crazy DRM schemes, it requires me to not distribute copyrighted work to which I don't own the copyright.
The law doesn't force companies to implement DRM. It's a choice, and as a choice, it can be considered malicious action by customers.
Grocery stores doesn't hire large amount of security people so that every customer would have a security person assigned to them that follows them around and ensures they don't steal anything. They could do it, I don't think any law anywhere prevents them from doing that. But the first one to try it would quickly lose all its customers. If such a practice happened to get ultimately established (e.g. normalized by stores in non-commodity position), I suspect the meatspace equivalent of FSF would be ranting about it too.
Absolutely this. There are real issues worth real discussion, both on this post and their related Apple post. But these are the posts of a conspiracy theorist instead; they don't enable any sort of rational discussion.
How is that? All the claims are strictly true. They just carry a moral judgement some people disagree with, and most people don't care about. It's not a conspiracy theory, it's enumeration of facts.
There are facts in here, but they're very selective facts.
For example, in the "Sabotage" section, it describes how by turning off a server, Google turned a device "into a $300 out-of-warranty brick."
Now, it is a fact that the device did cost $300 and it was out-of-warranty, but pointing out that the device is out of warranty without also pointing out that Google offered full refunds for all of the devices is deceptive wording.
> All the claims are strictly true. They just carry a moral judgement some people disagree with, and most people don't care about.
This is a poor standard. For example:
> Kim Jong-un is an elected leader
It's technically correct, but it does not provide any useful information, and could be classified as heavily misleading. But hey, technically it's true!
It is an incomplete enumeration of facts which presents a biased picture. This is not some kind of novel technique, it's been around for a long time under the name "lying by omission".
Pretty much nothing here resembles the world I live in. Can you precisely articulate which pieces are right now?
I've been reading a lot recently, and so buying a lot of books. Some digital, some not. As far as I can tell I own a single copy of the physical ones. I can transfer them to someone by handing them my copy. I can do the same with digital ones. It's legal for other people to read my paperback, or for me to hand them my Kindle. I can even, get this, do stuff to the mobi file I get when I download the ebook.
Amazon can — and have — reach into your Kindle and delete books you have there (notably, they did this to 1984, proving that real life can be ironic).
You cannot lend one Kindle book to someone else, without lending the entire Kindle.
Your phone, computer and TV run binary code which can do literally anything (say, logging your passwords and transmitting them in unused protocol headers), which you are not permitted to remove or modify, in the name of DRM and similar user-restricting technologies.
If you squint hard enough, cherry pick and are highly motivated, more or less anyone who makes sweeping predictions about the future can be 'precisely right'. Even this particular essay isn't really 'precisely right', never mind every single prediction, dire warning or position the FSF has ever taken.
This is my #1 issue with the FSF, and a lot of these types of arguments originate with RMS himself. RMS has always put a lot of energy into trying to get people to use other words to describe common things, and the other words always spin those things in some really obvious and extreme way. Insisting that everyone say GNU/Linux is the one most people are familiar with, but other things like always referring to DRM as "Digital Restrictions Management", etc. Or heck, trying to redefine the very generic but positive word "free" to mean a whole host of very very specific and often unintuitive things.
The FSF/RMS insistence on calling things by different words seems so irrational and dishonest. Likewise with taking common words with many meanings (like "free") and claiming that word as their own, then claiming that what "free" really means in the context of software can only be expressed once you tack on several KB of legalese that tells you what you can't do with it and how you're a bad person if you do. It's like the naming of the PATRIOT Act- it had nothing to do with patriotism, but it surely changed people's perceptions of it in subtle ways. What congressman would vote against patriotism? How could anyone be opposed to freedom? It's the same BS rhetorical trick, and it makes whoever uses that trick seem less honest and more irrational (to me at least). It's still an effective propaganda technique, which is exactly why they should avoid these sorts of rhetorical tricks. I don't want to hear their propaganda, I want to hear their philosophy. Because if their philosophy is truly built on a foundation of propaganda and rhetorical tricks, then their philosophy is meaningless. I agree with much of what the FSF advocates but they've always done such a terrible job advocating for it.
> They consider the ability for users to remotely reset their Android lockscreen combo if they know their Google account password a "back door"
It literally is a backdoor into your phone. Whether it's ethical or not depends if they've ever used it with law enforcement or for their own personal gain.
> They describe a bug where Google Assistant incorrectly identified the "Okay Google" hotword as "Google Assistant recording users' conversations"
This isn't necessarily great but I've run into situations where it activated on completely unrelated phrases. Is it Google's best interest as an ad company to sell data to fix this? No.
The issues you see as someone else pointed out are because you implicitly trust Google. I personally don't trust Google. The fact they manipulate their products for "algorithmic fairness" is proof they have ulterior motives one way or another. Is it that far of a stretch to think they could be abusing other components of their platform either intentionally or not?
"Although Google's exercise of this power has not been malicious so far, the point is that nobody should have such power, which could also be used maliciously. You might well decide to let a security service remotely deactivate programs that it considers malicious. But there is no excuse for allowing it to delete the programs, and you should have the right to decide who (if anyone) to trust in this way."
> Ignoring the fact that there is basically no OS in existence that can't be infected with malware.
To be fair to GNU, GNU Hurd cannot be infected with malware because no one is quite sure how to install it and keep it running for any meaningful amount of time.
The average user certainly doesn't worry about any of this, but that doesn't mean that they shouldn't.
The worst, of course, is the tragedy of the commons dynamics. A lot of harm that comes from surveillance capitalism does not affect someone in particular, but it amounts to great damage to society as a whole. For example, by degrading public discourse, addicting people to screen time while robbing them of living their actual lives, and assisting authoritarian regimes in oppressing their own people (project dragonfly).
> The average user certainly doesn't worry about any of this, but that doesn't mean that they shouldn't.
I think the point he was making, in part, was that if the average user worried about those things, they would WANT most of those features and decisions.
Sure, that is why I mention the tragedy of the commons. People (me included, I'm not claiming to be a saint) very easily rationalize exchanging short-term personal comfort for the long term social good, and the adtech people know this very well.
It sounds like GNU have a very constrained view on what a computer does and is used for. From reading this, it sounds like they want a computer (and by extension, its OS) to be a thing that sits on a desk and is operated on in very distinct ways.
I agree with you, this appears to be part of the lies and false narratives put out by evil totalitarian regimes in China and Russia to distract us from their activities. Especially since these tech companies are leading lights on human rights.
> - They describe Google's demonstrated ability to remove malware from user's devices as a "backdoor"
It is a backdoor... They can install or remove any apps on my device without my authorization and I cannot disable "that feature" even if I know about it. So it's almost like a rootkit.
All of this is trivially and obviously true to power users of GNU/Linux systems.
My machine does precisely what I want, when I want it, in the way that I want it. If it doesn't, within reasonable constraints like physical possibility, I can open a text editor, and make it do so. Sure, that might take me a long time.
I can add almost all of this configuration to stuff like git repos; back it up; transfer it between completely different machines; I can have a very high degree of certainty that any laptop or desktop I pick up off the shelf will just work and that within 30mins - 1hour I can have it working _identically_ to the old one.
By contrast, right now I am using my phone for USB tethering. There is literally no way for me to make this automatic because it's a black box. I have to enable it every time; if the cable moves a bit and disconnects; etc.
Trivial, basic example? Sure. The fact that even this most basic behaviour is completely unfixable proves the point.
I'm really looking forward to stuff like the Librem, pinephone, etc.
The IBM-compatible PC might well be the greatest contributor to the progress of technology in the last few decades. It's heart-breaking that smartphones are this custom random locked down mess of nonsense.
Hell, this article has reminded me I was meaning to set up a donation to the FSF. Off it goes. A small impact but an impact nonetheless. I really appreciate the work you guys are doing for those who can't.
For anyone reading this and not knowing this; since your post doesn't make it explicit enough, it uses a different APN because Google specifically made it do so. They could let it be hidden. Of course carrier would then mod it in anyway, but here Google did it for them.
I'm fairly sure tethering can also be trivially detected by inspecting the TTL of packets, as a device sitting "behind" the tethering device will increase the TTL by one.
USB tethering is specifically listed under features, presumably there's some API that developers have access to.
Apparently by use of the class WifiManager in android.net.wifi you can programmatically change the state of USB tethering without any kind of special privileges.
I work at a major tech company. I have multiple degrees in CS. I've never recompiled anything except maybe in a class ages ago. Among even my most technical peers, I'd bet a lot of money that they percentage of them that have actually modified the software that they are using by editing its source is less than 2%. I'd wager that among the population of people using computers in some way that the percentage is less than 1 in 100,000. And if I asked people who had never done this if they'd like to be able to do it, I'd wager that the huge majority would say "not really".
Its fine for power users to want something different than the rest of the world. But it becomes ridiculous to expect people to go out of their way to accommodate these tiny use cases.
The fact that you have a beef with USB tethering does not refute the fact that OSS usability is generally shit, and that would likely also apply to smartphones. So it’s a choice between “good” and “poor, but OSS.”
Smartphones are based on Free Software. This is part of what makes them so frustrating from a user freedom point of view - they lock some of the most successful Free Software out of the user's reach while sitting in their own hands.
The "censorship software" point is extremely dumb.
I have kids. I want them to have a phone for communication purposes when they move from place to place (come back from school). I also want the to lock down the phone so if they sneak it out or something, they can't watch it for 12 straight hours.
I am not commenting on you directly, but, in general, I find the kind of control that the Google parental control app gives to be excessive. It makes talking unnecessary and gives a direct window to a personal dimension of the kid. You really have a total power over the kids phone and activity.
I get the reasons to install this on the phone of a child, but at the same time I'm afraid that it might be too much and that it might give to the kids the sensation of being watched by the parent all the time. Respecting their spaces, having their own dimensions that is out of the eye of the parent is also important, in my opinion.
To further specify: go read the user reviews of the kids in Google Play Store for the app. Apart from being hilarious, they are actually quite sad and I understand, in part, their points.
Consented censorship (i.e. opt in) is not only something good, but I believe it's an important factor in what's keeping decentralized social networks back. Users want the ability to censor gore, porn, etc. Facebook seems particularly competent in filtering this kind of content.
Actually, they listed most of software companies in their set of malware. While I don't necessarily agree with them, but their stance have been at least consistent.
I feel like DRM is basically the prisoner's dilemma at this point where it's in everyone's interest to give it up, but no one wants to be the first person to do it.
But honestly it's weird for GNU to fault the person being held at gunpoint for the situation, not the person holding the gun.
If you have a choice between doing the right thing, and the wrong thing, and you choose to do the wrong thing, you've chosen poorly.
I'm increasing not a fan of naked individual initiative as the sole response to abuses of power; that itself is and long has been a tool of power, to skirt its own responsibilities. Annie Leonard's essay on the "Crying Indian" anti-littering (that is: pro-disposable packaging) advertising campaign is a key case in point: http://www.pfree.co.uk/wp-content/uploads/2018/04/Moving-fro... (PDF)
But raising awareness and consciousness can help us get to a collective action promoting the common weal, which is the goal here.
These are not people, they are businesses; and they are not victims, but producers of a product that they can also choose not to produce, or to produce differently.
That's an interesting perspective, and I would take it a step further to say it's prisoner's dilemma but with millions of prisoners.
From the media owners' perspective, there's always going to be users who defect to piracy, so DRM is the resulting Nash equilibrium that maximizes benefit from not catering to pirates while still catering to customers.
The word you're looking for is "radicals"; "extremists" carries connotations with violence and illegal behavior, which is the exact opposite of what Stallman/FSF stand for.
Are these views radical? Yes. But are they wrong?
The way I see it, RMS has been writing about what's wrong with the software world for decades and predicting the consequences. The industry has been ignoring this for just as long, and then people keep complaining about consequences materializing as predicted. Makes you wonder whether it's RMS that's really radical, or whether our Overton window has shifted so much that doing the right thing fell off it?
“Though I was initially disappointed at being categorized as an extremist, as I continued to think about the matter I gradually gained a measure of satisfaction from the label. Was not Jesus an extremist for love? … So the question is not whether we will be extremists, but what kind of extremists we will be. Will we be extremists for hate or for love? Will we be extremists for the preservation of injustice or for the extension of justice?”
> How weird to argue about the connotations of a word like extremist in response to a comment about calling Apple malware.
That seems like an ad hominem to me. The linked article presents clear arguments for why the FSF consider Apple software to be malware:
- backdoors
- disabling features when non-Apple hardware is installed or attached
I think that those are compelling, and can be termed malware. The extremism isn't the FSF's for calling Apple out: it's Apple's, for … producing, selling and advertising malware.
Other stuff, like forbidding users to run software from third parties on their devices or censorship, doesn't fall under the category of malware IMHO, but it is a kind of evil nonetheless. One might claim labelling that stuff as malware is extreme, I suppose.
Look, I like RMS. I casually know him. We had dinner a few times, mostly with other people at the table. He is very interesting to talk to.
It pains me to say it but he is a Luddite. He would be quite happy in the world of late 1980s because that's where him and his quaint way of technology, society and progress fits in swimmingly. And maybe he is right.
But here's the thing: he simply outsourced his need for modern communications to others -- he does not call restaurants to make reservations, his hosts do. He does not use GPS and maps -- drivers that his hosts use do. He does not need to use a banking app/deal with payments/scheduling/etc that are needed for him to appear at conferences -- those that invite him do.
I wish I could have a life like that. Probably a lot of us would. All the advantages and none of the inconveniences.
A Luddite would argue that the technology (NB: not the implementation or design but the very concept) takes something away from quality, morality, and/or spirituality of life. Thus, Luddite Stallman would refuse any help from anyone using any kind of handheld communication device including walkie talkies, free software laptops over wireless access points, etc.
Stallman is instead a surprisingly pragmatic free software advocate. He ignores software which runs as if it were low-level hardware circuitry (and says very little about hardware since it can't be produced with anything near zero marginal cost). Plus he qualifies his stance against cellphones as a symbolic stance against mass surveillance.
I don't see any difference between that symbolic stance and, say, a celebrity who tries to have a zero-carbon footprint in their abode. The inconvenience in cost is obviously in service of the benefit of raising awareness, which he does every time he's asked about how he gets around in the world without a cellphone. Not everyone gets royalties from TV drama to pay for a fancy house and not everyone can outsource their schedule to friends aren't serious criticisms of symbolic stances.
Edit: WRT pragmatism-- I'll be interested to see if FSF approve the Purism Phone. It's got a proprietary baseband OS but that can be turned off...
In this sense, calling Stallman a Luddite is a compliment and recognition of the validity of his point of view.
Luddites rose up against the abusive practices of businesses which happened to involve new technology. Similarly, FSF is warning about abusive practices of today's businesses involving technology.
Luddites also lost. We use the tech they rallied against and they are gone. And we are also better for it than we were before that tech was actively used.
Why are you trying to coerce the commonly accepted meaning of Luddite back into the original historical meaning?
If the OP were for some reason referring to the original meaning, why would OP have prefaced it with "it pains me to say this, but?" Comparing Stallman to people who objected to particular technologies on moral grounds would be mundane and not require an apology.
It pains me to say that RMS is a Luddite. In a correct, historical meaning of the word -- to him technology should go a specific way. Just like it was to Luddites. Society disagreed. Just like it disagreed with Luddites. Luddites were loud ( in the context of those that listened to them ). He is loud ( in the context of those who listen to him). Luddites were wrong, largely because they just picked a hill to die on and they died on that hill. He is going to end up the same way. And it pains me to say that.
> But here's the thing: he simply outsourced his need for modern communications to others -- he does not call restaurants to make reservations, his hosts do. He does not use GPS and maps -- drivers that his hosts use do. He does not need to use a banking app/deal with payments/scheduling/etc that are needed for him to appear at conferences -- those that invite him do.
Unfortunately we've ended up in this sort of world where this is necessary, because it's impractical for people to exist where non-free software is widely used by everyone. Another example of something similar would be Facebook: I don't have an account, but I indirectly benefit from it by knowing people who do and share that information with me. But this is only required because people expect Facebook to be a valid way to communicate with everyone, so there's really no way out of this until everyone leaves…
I think it's one of those situations where he has the ability to wax poetic from his ivory tower simply because he doesn't have to exist in the real world in terms of technology.
If he had to exist in the real world, he would find it a lot harder to stick to those principles.
I'm not sure that this makes a great case for him ceasing his endless fight to change "the real world in terms of technology" to reflect a vision that would allow everyone the choice to live as he does. It's quite literally the only thing he's known for, and all he'll be remembered for by most people.
It's the problem with leaning into a niche viewpoint. You have to continue to lean harder and harder into that viewpoint as the times change in order to keep the people who also believe in that viewpoint supporting you.
I genuinely think the FSF/RMS level hate of non-free software will continue to die out as everyone starts to die/retire from public eye. Whether or not that's a good thing overall is not something I'm going to touch, but it seems like there's not enough being this aggressive to keep this viewpoint sustainable.
RMS could very likely retire today, find himself a nice seaside property, get himself a parrot, and sit outside in the sun in his pants and hack on emacs to his heart's content.
The only genuinely weird thing about RMS is that he doesn't do exactly that.
He continues to do so because he has to because of who he is. It is his calling. Zealots (and zealotry is not always wrong) have to do what they do. The same is true of artists. They don't continue to create late into life because they need to monetarily, they do because that is what they do.
I'm fairly sure that a hypothetically retired RMS would have no problem calling a restaurant, over a landline or hopefully a freedom-respecting mobile device.
Also that, should he go for a drive, maybe to a folk-dancing festival, he would use GPS and maps, maybe the paper variety.
As for the people inviting him to speak at a conference taking care of his scheduling and accommodation, I think that's fairly common and polite.
> I wish I could have a life like that.
By and large, you can. Whether you actually want to is another matter.
Almost every modern car has similar tracking capabilities to cell phones. And they're jam-packed full of microcontrollers running proprietary firmware, and computers running proprietary software.
At least some of the microcontrollers in cars are the kind of thing that need to be extra tamper proof. There are some niche applications where safety trumps freedom. If a device has a computer in it solely for the purpose of controlling the functionality of the device's primary function, then the priorities really become different.
(b) it is not really possible for those whom he wants to "empower" to live like it is 1980s while maintaining life as it is needed in 2019.
This is why he rubs people the wrong way when he peddles his philosophy as something that is possible in practice. Do I, a person who is pretty happy playing with computers, writing code, sometimes helping others with their technological issues or helping them to leverage technology to do something that they do more efficiently, care if my phone can't trigger Netflix playback on a Chromecast? Not at all, I will just look at one of the fifty something projects that I have in a state of a mess and work on something for fun. Will my wife have the same opinion if she can't watch "Mindhunter" because we are FSF only household and Chromecast is made by a tracking company? Yeah, now we know why his companion is a parrot.
> (b) it is not really possible for those whom he wants to "empower" to live like it is 1980s while maintaining life as it is needed in 2019.
You say that as if it is a law of nature, rather than specifically and intentionally caused by people he has made a life's work of railing against.
He would rather it be effortless for you to live like he does, and spends all of his time on that problem. On what planet is that somehow hypocritical, except to the people who are his targets, and create entire business plans around preventing people from living like Stallman?
> it is not really possible for those whom he wants to "empower" to live like it is 1980s while maintaining life as it is needed in 2019.
You're confusing wants and needs. We need food, shelter and water; we want up-to-the-minute traffic maps in our pockets.
> This is why he rubs people the wrong way when he peddles his philosophy as something that is possible in practice.
He practices it, therefor it is possible in practice! QED
I happen to be like you: I'm willing to put up with a few violations of my freedoms in order to get features I want. But I chafe at them, because I know that they aren't essential: there's no legitimate reason for the DRM in TVs and computers nowadays; there's no legitimate reason for devices I own to refuse my commands.
> rms wants people to live in 2019 but with free software.
In order for that to work, society as we know it would need to be structured completely different. Who is going to build all this free software? How will they get paid?
And before you mumble on about "you can get paid for free software", show me how it is done on the scale required to build a netflix or a facebook. Who will build a device as elegant as an iphone with free software? How will it get funded.
Again, for it to work, you'd have to restructure the whole world from the ground up. That ain't gonna happen. I'm not even sure it would be desirable....
> Watching Netflix via a surveillance device or watching VHS rips of old shows is a false dichotomy
My wife does not care about "how" or "why". She wants to have a show from Netflix on our TV downstairs with one to two clicks. I want her to be happy because happy wife means happy life.
"Free" + unhappy wife < non-"free" + happy wife.
FSF's obsession with 100% "free" got us Hurd which in 2019 looks like it is from 1994.
> Yeah, now we know why his companion is a parrot.
To what end would you write something like that?
Also, as far as I know he likes staying with people who have a parrot, but asks people explicitly not to give him a parrot because he's often travelling and couldn't properly care for it. I doubt he has a parrot.
This is not about "your" devices. It is about all devices that control your life. Infrastructure, government, businesses all use devices that control your life.
This is purposely written in a foreboding way. A lot of this stuff is standard SaaS procedure. Google does tend to make some boneheaded moves though and Transparency is constant struggle for them.
I personally stopped using chrome due to manifest V3. Not because of the tracking, the tracking makes my life easier. Just keep things secure, ok?
> This is purposely written in a foreboding way. A lot of this stuff is standard SaaS procedure.
Just because it's standard, doesn't mean it's moral. FSF has been speaking about immorality of these practices for decades now. Their point is essentially that as a software creator, you shouldn't do it, and as a user, you shouldn't (for both ethical and practical reasons) subject yourself to these practices.
I just want to avoid technology becoming the boogeyman to normal people that don't necessary understand this kind of thing. Then again, I suppose the odds of a normie going to FSF is probably moderately low.
They aren't wrong. I would just appreciate a bit more finesse in their wording.
The FSF's goal is to make technology not a boogeyman, modern tech culture has a goal of making the inside of every device opaque enough that a boogeyman could hide there.
The question of what is moral is subjective. I listen to what some people have to say on topics of morality, but I generally ignore those who clearly use deceptive language or tactics. That category includes both the Westborough Baptist Church and the FSF.
The FSF isn't doing their cause any favors by being manipulative in this way.
Casting the vast majority of tech workers as immoral is a great way to win people over. Pragmatism wins over purity, and the FSF is far, far, far from pragmatic.
As an Android user, what are some ways that I can deal with the problems addressed here? (I already do a number of things, but I’m curious what everyone else does.)
> You didn't think it was relevant, in response to a question about whether you might not be impartial because you worked for Google or Apple, to mention that you worked at Apple a few months ago?
I didn't find the question that was being asked to be relevant, since Apple has nothing to do with this article and I have never worked at Google. In any case, if you're actually looking for my opinion on this topic, I suggest looking at this comment, which is basically saying what I was too lazy to and which you can judge for potential conflict of interest yourself: https://news.ycombinator.com/item?id=20749104
Install f-droid (https://f-droid.org/) and take a look around the repository to see if there is any software that can replace some other application you are using.
Maybe some alternatives might not be as polished as you're used to, but having to approve only logical permissions and software doing exactly what it should do and nothing more provides for a peaceful state of mind.
> Google/Alphabet intentionally broke Revolv home automatic control products that depended on a server to function, by shutting down the server. The lesson is, reject all such products. Insist on self-contained computers that run free software!
The last two sentences seem a little pretentious. The people who bought these products don't know (or want to take the time to learn) how to use git or edit config files or install docker. A consumer IoT product that provided an easy GUI, uses device discovery, and of course was only LAN would be a big win for privacy conscious people, but I'm not aware of something like that existing.
One technical person could make this work for everyone else.
I have a few pieces of hardware right now that are "broken" because the companies that made them went of business. These products have millions of owners. With the source code and encryption keys I could personally make this hardware work for those users indefinitely. And there are hundreds (if not thousands) of users just like me.
> One technical person could make this work for everyone else.
Yup. An oft-missed but crucial point.
The benefit of software freedoms isn't that everyone has to do everything themselves. The benefit is that everyone can do it themselves if they like, but they can also delegate the job to anyone else that wants to take it, like someone's friendly neighbourhood techie, or a small local business. In this way, free software actually promotes free markets, by enabling unrestricted competition on adding value on top of what free software offers (vs. locking it down and making money by rent seeking).
The DRM stance is ambiguous IMO. Property rights of content creators are generally considered worth protecting in a good society. The issue is with locked down software which 1) abuses this privacy to violate user privacy, and 2) takes the creative freedoms that the software publishers enjoyed when they wrote their software and creates a contract which denies those freedoms to their users.
I feel like we would better highlight the core complaint by calling the issue Digital Rights Reciprocity.
DRM (Digital Restrictions Machinations) being an ineffective and harmful measure isn't ambiguous. There is no reciprocity to them, and they are generally neither imposed by nor respectful of creators.
Don't consume that content then! You don't own the content!
Does DRM work against businesses who implement it? I'd say hell yes it does. It drives people to piracy.
But I don't think inventing childish, misleading names is going to fix anything. Much better to point out how it causes people pain (unstoppable commercials, inability to play content on all the devices you own, etc).
I used to hate all this FSF stuff. That, though, was back in the day when taking back control of your devices was as simple as changing a couple of settings, uninstalling a few things, and flipping a couple of switches in a registry. Now that I've been screwed a few times by this "we know better than you" tech culture my opinion has changed. Richard Stallman is still a lunatic with poor personal hygiene but he makes some excellent points.
People should be more concerned about the location tracking inserted into Android in the form of Google Play Services.
Generally those who know the technical details of these systems are bound, as current or former employees, not to reveal confidential information that includes technical details about how these systems work, how they could be corrupted or manipulated, how auditing works, and how far they are subject to warrants, subpoenas and national security letters for law enforcement and intelligence agencies. For a layperson and an outsider, if you don't fully trust Google, you should probably uninstall all Google-bundled software, principally Google Play Services and maps. Some settings can reduce the tracking but it is mercurial and often opaque, and informed user consent is specious here, since the technical details are so secret.
Location data is the next goldmine of advertising. There is already an economy springing up around it. Even if it is banal today, it won't be tomorrow. Pervasive location tracking is the backbone of a terrifying technological dystopia. Fight it.
Yeah, that makes sense why it’s in the article. As much as people hate DRM, I can’t see a way for Netflix to be offered for the same price and content selection if the users were able to own the content indefinitely. It seems like it would just devolve into the iTunes Store where you purchase each episode/movie.
They could just stream unencrypted movies in the browser, but that would make it trivial for people to save copies of the stream, and no big film distributer would go for that.
Even moves you buy from the iTunes Store have DRM so they only play on authorized devices (to keep one person from buying it, and giving all of their friends a copy).
The whole article takes the principle of charity in inverse and goes on a rant. I like the idea behind FSF but becoming a troll is not going to help them get much credibility.
Ironically, I opened this in a new tab just before going on a two hour saga of fighting Chrome's autocomplete behavior and losing. That particular decision of Google's is so painful to deal with, and I'm not alone, this issue is well worth skimming through, just for fun: https://bugs.chromium.org/p/chromium/issues/detail?id=587466
It's been three years since they broke autocomplete="off", and in the meantime forms are less secure (for multi-user computers), user-friendly (e.g. when the web app provides its own autocomplete, which then gets hidden by Chrome's), and error-prone (when the same field means different things in different contexts, like when filling out a customer's address rather than your own).
Such screaming! The issue I perceive is that Google and FSF are both at opposite ends of a spectrum. I know that Google has a commercial agenda, and I know that Google uses my data. Maybe the headline should be that Google harms clueless ignorant users. The rest of us have made a partial deal with the devil, and we live with it.
FSF has its own screeching issues in any case. I understand much of where Stallman comes from, and how this influences the FSF, but I don't necessarily agree with Stallmaan or the FSF on every point. In particular, I think that GPLv3 is useful for some individuals, but a hindrance to others, who are free to use GPLv2 (or BSD/MIT/...) as they wish.
The screeching, at times, comes across like that of PETA.
Also: a lot of this post is old and needs to be updated. Android 5.0 anyone?
Honest question: in many cases, how can you _not_ have a backdoor? Obviously, it depends on what kind of software you're writing, but pieces like this seem to have this utopian goal of software that "just works", independent of any human except its user. In reality though, other humans are always necessary — whether to explain how to use the technology, to do something that can't be done through the software, to fix the software (after isolating the problem using your data).
If there's trust between the user and the software provider, why not leverage it to fill in the gaps that software leaves in functionality. If there's no trust, how do you use software without giving the provider the keys to the kingdom?
All your questions have a single answer, which FSF is arguing for: Free Software. No, seriously:
> In reality though, other humans are always necessary — whether to explain how to use the technology,
You can do that through good UI design, manuals, tutorials and support (possibly paid support).
> to do something that can't be done through the software, to fix the software
This doesn't mean the people doing this have to be the vendors selling the software. You should be able to do it yourself, or hire a third party.
> (after isolating the problem using your data).
Doesn't justify getting that data without consent.
> If there's trust between the user and the software provider, why not leverage it to fill in the gaps that software leaves in functionality.
One of the point of Free Software is that this shouldn't be a two-party relationship. The relationship should include all other users of the software, and put them all in similar positions of power.
(Personal aside: maybe this is because I'm past my 20s, but I start to hate this growing trend where buying a product forces you to establish a relationship with a vendor. I don't want a relationship, I want the product.)
> If there's no trust, how do you use software without giving the provider the keys to the kingdom?
Maybe it has something to do with the domain I work in, or maybe it's just a problem with how software is done, but the expectation in my industry that there ought to be a relationship that comes along with the software.
Also, Open Source is not an answer to the last question. The majority of software users don't have the technical expertise to evaluate the safety of a given OSS, even if there's a community established around making recommendations — but even then, that's a trust relationship too.
Edit: maybe I should be more open minded. How is OSS a substitute for trust? Is it a redirection of trust to a group whose interests are aligned with yours? How do you facilitate that network without putting too much burden on the user? Are there any good examples of working OSS that involves non-technical end users?
> Maybe it has something to do with the domain I work in, or maybe it's just a problem with how software is done, but the expectation in my industry that there ought to be a relationship that comes along with the software.
It absolutely is a problem with how software is done. A decade or more ago, back before everything turned from a product into a SaaS subscription, you could buy software, and any relationship was strictly optional.
> How is OSS a substitute for trust? Is it a redirection of trust to a group whose interests are aligned with yours?
I should have said more and not just dropped a term, sorry. OSS is not a substitute for trust in general; trust is a desirable quality. But it is a refinement of trust (per the usual "trust but verify" approach), and also potentially a redirection - you have an option to base your trust not just on promises of the software provider, but also on the opinions of other people who looked into it, and who give you more reasons to trust them.
> How do you facilitate that network without putting too much burden on the user?
Open Source helps with that by allowing communities of users with knowledge about the inner workings to form. These communities naturally connect to other communities. It's not effortless, but humans in general are good at navigating this. OSS isn't a necessary thing here, but it's very helpful.
Haha, privacy advocates love this sort of sensationalism. They run around saying the world is ending.
Then, when they spend all their time yelling that autocomplete is surveillance, they wonder why no on is listening.
I, for one, am fully informed of all this and choose to share my info. Even better, when Google gets "My Timeline" wrong, I correct it. For free. That's right. For free.
Because there's no nuance to their arguments, they end up looking like the crazy guy with the sign about contrails on Market St. Then when MKULTRA comes out, they act like they predicted it when the f-score of their predictions is near zero.
I mean, anyone who bothers to take the time to do a Google Takeout and actually looks at the data in the JSON files can see just how much information they are storing, and it is quite alarming.
Thing is, companies keep data about you even if you don't have an account, which is impossible to GDPR.
Some of the sources here are questionable; there's a sun.co.uk URL which is obviously tabloid trash, so please apply critical thought, the article presents what appears to be a convincing piece but some of the "sources" are not to be trusted.
But even on Linux you can't escape Google's web, even if you really really tried, some developers use Google's APIs for fonts, jQuery/scripts etc, so it's really hard to use the web without Google knowing about it and building up their knowledge graph.
Given this thread and the one about Apple, I can't help but notice that Microsoft feels, to me, much better on that front. Far from perfect or even good enough for the (very sane) criterias GNU aims for, but I feel very much more in control of my Microsoft box that I am of my Apple or Google one.
Of course there are dozen of areas where Microsoft fails as bad as the other two, but I notice there are a couple dozen where they let me while the others don't, while the reverse is not quite true.
> but I feel very much more in control of my Microsoft box that I am of my Apple or Google one.
Hahaha, you haven't seen the data MS collects on Windows 10 users? Try enable full telemetry and download their tool, every damn URL gets logged and even some of the "basic" data might reveal trends when combined with other data sets.
NO "big tech" company is to be trusted. Cambridge Analytica and co taught us that.
Data and information is being weaponized, the 2016 election proved that, go read the Mueller report for more information on this.
You may have missed my point, which was not about the default or intent, but about the amount of control they let me have on my actual computer; the ability to change its behavior to make it do what I want.
I have done what you say about having a look at the telemetry feeds, and as such I know that a simple run of 0&0 ShutUp 10 allows me to stop it. Not a complex kernel thing or whatever, just a simple user land application that has like 3 buttons to click and doesn't even require an install.
So I stand by my opinion, which again is not intent or what they do by default, but how much they allow me to change it on my own hardware.
0&0 ShutUp 10? WTF is this shit? All it does is let you set regular Windows settings (which are far from protecting your privacy)and in exchange will happily collect information about you and will use it for targeted advertisment:
Data collected as part of the operation of our Services – In order to provide the service you request, we collect and store a range of data, including device information, technical usage data, location data, error logs and data, from the computers you monitor with O&O Syspectr and server.
...
O&O may contact you from to time to time on behalf of external business partners in order to draw your attention to special offers that might interest you.
You may feel in control and may believe using a closed source 3rd party to tweak few Windows settings gets you somewhere, but research as well as Microsoft own words shows that you were fooled.
What is interesting about this and the Apple post[1] is that no one is actually taking responsibility or signing their name. It's just a generic blog post with a list of issues. Where is the GNU's "open" log of who is publishing this info? Without a source, I can't really verify if the author has some ulterior motive.
> Without a source, I can't really verify if the author has some ulterior motive
Is it actually something you need to appreciate the points the post is making ? I actually very much like raw things like this, that you can appreciate without letting yourself be influenced by who said it.
I often wish for a timeline where we could see the community's reactions to some things Jobs or Musk said if they didn't know it was their words, for exemple.
I think the points in the post are valid, but there are also things about GNU that are terrible as well. It's just that nobody is wiring GNU faults. If someone did a write up, I would expect that person to own their work as well.
I think it's pretty clear that this is by the GNU project, under their agenda and that they take responsibility for it. This is not a newspaper or someone publishing a guest article on someone else's blog.
Just a few examples, to demonstrate my point:
- They describe Google's demonstrated ability to remove malware from user's devices as a "backdoor"
- They describe parental controls as "censorship"
- They consider the fact that Android supports DRM "malware"
- They cite the fact that Android malware exists as a security flaw. (Ignoring the fact that there is basically no OS in existence that can't be infected with malware.)
- They consider the ability for users to remotely reset their Android lockscreen combo if they know their Google account password a "back door"
- They describe a bug where Google Assistant incorrectly identified the "Okay Google" hotword as "Google Assistant recording users' conversations"
- They describe the fact that a Google message app doesn't delete conversations until the user asks it to as "surveillance"
Again, I'm not saying this point of view is necessarily wrong. From a certain point of view, all of the claims I described above are actually quite logical. (I even find myself agreeing with some of them.) But from the perspective of the average user, the vast majority of this stuff simply isn't worth worrying about, and I think it's a little extreme to characterize it as "malware". Just something to keep in mind.