Don't Panic

About ownership, remote control and privacy

Posted by eal on Tuesday, June 18th, 2013 0

Recently, I made a blogpost about the ownership of your own device and how control of technology is directly linked with the freedom of society – as well as with the freedom of each individual. The argument made in that post was, that remote control of technology in the hands of manufacturers put users out of their own control and makes censorship, supervision and control of society more and more easy and – therefore – likely to happen.

Just some weeks later, Edward Snowden leaked documents that show how the NSA was granted access to users data from US internet giants like Facebook, Apple, Microsoft and many more. These documents show that remote storage of private data puts users out of control of their privacy. As we will see, the worst still is to come: remote private data storage by a machine that is under remote control.

I assume that the vast majority already read a lot or at least the most important information about a surveillance program by the National Security Agency (NSA) which is called #prism. All of you who know the background can easily skip to the next paragraph as – for reasons of completeness – this paragraph just continues with a brief summary of Snowden’s leak about the Prism program:

In recent years, so-called ‘cloud-services’ count more and more users. These are services that offer you to store your data, emails, calender, social communication and more or less everything that users would like to have an online access to it. These services tend to be structured in a hierarchic and closed way. As Tim Berners-Lee points out, especially their communication channels tend to break the internet into fragmented islands. Most of them are available for no cost. Instead, users pay by signing highly questionable terms of service that allow the service providers to collect, reuse and sell as much data of each user as possible. Now we have knowledge that this is not just done for business operations but that the NSA was also granted access to users information. Because Edward Snowden leaked detailed information about the supervision by the NSA and, according to Bloomberg, thousands of firms are cooperating with the NSA.

As this wouldn’t be worse enough – to supervise all citizens by having access to private life and private data -, it still becomes worse: The combination of centrally stored private information of every citizen with remote control of their very own Hardware. Xbox One is a new video game console from Microsoft and it works best as an example to shed some light on the ongoing loss of privacy and transparency of citizens towards the state.

First, Xbox One will have an integrated webcam and microphone. Of course, this is not evil per se – integration of a microphone, camera and other periphals can be used to enable new modes of gaming, for example. But, when I have a machine in my living room that includes a microphone and a camera, I must have control of this machine! This is not just missing in the Xbox – the Xbox and its integrated Kinect is the opposite of having control: the machine will be connected to the internet all the time, transmitting data to servers from Microsoft [1]. Officially, this is done for offering personalized adds, voice control and monitoring of media usage, about what Microsoft also filed a patent [2]. In addition, the camera also includes the technology to see WHO (face recognition) is sitting in front of the camera and how he feels. So, to sum up, Microsoft sells a machine that has the ability to hear and see everything in front of it, can identify persons and their feelings, record everything and then stores all data on Microsoft servers.
As this fact alone is already bad for your privacy, now combine these functions with the ability for the NSA to have access to it. Feels like the NSA is directly sitting in your living room and records everything you are doing, who you meet, when you are at home, how you feel and so on. This is very close to the Orwellian Television in his novel 1984. Shouldn’t such a technology be forebidden? Shouldn’t we stop economy and state from spying at us?

You might say no, there is no need for a law because there is no need to buy this machine, so customers can decide for themselves if they like to buy it or not. Hence, if you do not feel comfortable with it – just let it be. But, that’s too easy and the assumption of ‘no need to buy it’ comes to short in practice. I tell you why: First, some people need protection because they don’t care about privacy or just don’t know about the implemented spy technologies in Xbox.
These people should be protected by us, who care about these aspects of privacy. They should be protected before giving up all their citizen rights that former generations fought for us to have it – and by protecting them we protect the general idea for us, too. Just imagine, once the mainstream does not care about issues of privacy anymore and privacy disrespecting machines will become beststellers – privacy for everyone will be gone.
Why? Because of the spread-effect: Imagine, that you might be concerned about your privacy but your neighbor is not, or your friend is not. Your neighbor, for example, buys a surveillance machine like the Xbox – then you cannot feel safe anymore to enter his flat, if you do not like your privacy to be exposed to the NSA. Or every time you will walk into a house for the first time you first have to check if there is a supervision-machine inside or not. To protect us from such behavior, we have to make sure that such sort of supervision is generally forbidden.
Finally, please take a look at the big picture: In this very moment, we are talking about one product of one company that is mainly used for video gaming. This is very specific and the product might be something you do not have to buy. But if we let them sell this video machine without resistance, then next will be maybe a windows phone that comes with these integrated features and permanent upload to Microsoft servers (including the spread-effect). Other smartphones might do the same to keep competitive. In short, phones that we carry around all the time might be able to record everything we are doing, what we say, what we see, how we feel, who our friends are and upload this information to hidden servers. And they will not just spy on their owners. Because of the spread-effect they will be able to spy on everybody surrounding them. Now, if we come back to the initial counter-argument, you can say there is no need to buy an Xbox, but it is very hard to say that there is no need to buy a phone.

That is why we have to call now on consumer protection to take action. There should be the general right of an owner of a device, to use the device for whatever he likes what includes the full control of his very own IT. This also includes the freedom of not being supervised, to be able to turn off his IT, to stop remote control and to give back control over personal data and IT to the only one who should be really in possesion of it: the user.
Again: It is not about to forebid to integrate a microphone or a camera into any device. It is about to forebid that these machines cannot be turned off and that users cannot decide on their own what they would like to transfer to non-personal servers and what not! That’s why it is time for us to call on the state or – better – the European Union to protect us from such a behavior and to keep our private life and the right to own our property.

And, as long as we do not have sufficient consumer protection given by the state, I have an idea how to protect ourselves and to stop this behavior: In Germany, there is a law that if you video-monitor a public place, than this has to be publicly announced. Now, if we think about the spread-effect that was mentioned above, you can transform this idea to the Xbox. Because if you have an Xbox at home and you invite friends, you should warn them that they are monitored. Hence, every customer who buys a Xbox One, should be given a sticker along with the hardware, that he has to stick on his front-door. The sticker than should say something like: “This flat is under 24h surveillance by Microsoft and the NSA”

Getting people to have to stick their doors with such a sticker, I assume this will very soon decrease Xbox’ selling numbers – and by this – hopefully stop such practices.

[1] as a sidenote: Microsoft was the first major company that was cooperating with Prism
[2] needless to say that software patents are a harm for society. For more information see here: https://fsfe.org/campaigns/swpat/swpat.en.html

Digital and physical restrictions on your own device

Posted by eal on Friday, May 3rd, 2013 1

About digital restrictions

Today, May 3rd 2013, is the international day against Digital Restrictions Management, powered by the Free Software Foundation. Usually, the term Digital Restrictions Management (DRM) refers to various restrictions that companies – or any other content provider – impose on digital media and data. These restrictions are there to let providers decide what you can do with your media and data and what not. By this, they keep you out of having true ownership of your data. This data is defective by design – no matter how much money you maybe paid for it. And it brings us into a world where we do not longer “buy” anything but only “license” the use of it. Restrictions like these evolve, just until one day when a licenser may legally decide to suddenly delete everything you have bought – remotely!

This year’s day against DRM focusses on a new and global threat to everything we are used to know about the World Wide Web: the World Wide Web Consortium (W3C) is discussing an Encrypted Media Extensions proposal (EME), that aims at incorporating support for DRM into HTML5. HTML is in the very heart of the Internet. Establishing DRM into HTML might become a terrific threat to the freedom of the Internet, to Free Software browsers and users freedom in general.
I hope, many people around the world join FSF and FSFE or align with other organisations in their fight against DRM in HTML5. Please, sign the petition and ring the bells as loud as you can to make other people aware of this misleading development.

Now, I would like to use this day to shed light on another issue. Something, that DRM not necessarily relates to, but, is indeed related to it: ownership of your own device.

About the ownership of your device

More and more, we see how companies and manufacturers sell crippled devices that are in fact (mini) computers – but are artificially blocked so you can not handle them like universal computers. Manufacturers are creative in how to restrict your devices and they already try to knock down the classic universal computer with a restriction that is called secure boot. But, the bitter truth is that similar restrictions are true for nowadays for “mobile” devices – phones and tablets – that put everything in question we know about ownership.

Note: What I am going to explain is definitely true for a lot of devices out there – but as I know best the Android system and the restrictions that come along with these systems, I will concentrate on Android phones. BTW: If you like to know more about unlocking bootloader, changing your operating system and use Free Software on your mobile device, find more information at http://www.freeyourandroid.org

If you buy an Android device today, you buy hardware from some manufacturer that comes delivered with a pre-installed operating system developed by Google, the Android. This operating system often comes with a lot of disadvantages, like apps you are not allowed to deinstall. Hence, they sell you a locked operating system. Unfortunately, the same hardware often comes with a locked bootloader, so you are not able to replace the operating system. Beside some apps, why is this bad?
First, it is an artificial restriction of your very own device. They don’t want you to use your own device for your own purpose – if you like to use the pre-installed system or not. They often call this an “end product” – what literally should be understood as an end to your freedom.
Second, their aim is to tie you to the manufacturers interest. And their interest is to increase numbers of sold devices year by year instead of maintaining their already sold devices. How? If you buy an Android phone today and Google is publishing a new version soon, you are not able to install the new version because your bootloader is locked. That means, no matter if your device is able to run a newer operating system, they simply restrict your access to do so. Officially, the only way to get an update for your operating system then, is an update that is offered by your manufacturer. But your manufacturer will most probably not update your device as he likes you to buy new hardware. Hence, you are perfectly vendor-locked.

Fortunately, there is a way to take back ownership of your device and to install whatever system you like to run: unlock the bootloader. But, as this is not in interest of your manufacturer – as explained above – they will most likely declare your warranty void if you do so. Which is legally not correct. As Carlo Piana and Matija Šuklje pointed out – as well as a German association for consumer protection – this is not legal due to the European Directive 1999/44/EC. Unfortunately, still they try to scare you. This can not just be seen as a bad habit. It is intentional to stop users from taking ownership of their very own device. That is why they still do so – even if not on legal basis.

Manufacturers have different policies concerning the ability to unlock your bootloader. In worst cases they force you to sign a legal agreement before you get a specific code to unlock your bootloader. In these agreement, that you have to sign, they often force you to resign from your warranty – which is a transfer of your consumer rights, as explained above. But, even worse, is the legal agreement you have to sign to unlock your Motorola [1] device:

Devices that have been unlocked are for your personal use only. Once you unlock the device, you can only use it for your personal use, and may not sell or otherwise transfer the device.

Pardon? You are not longer allowed to sell your device?
The device you have bought?

Where are we going?

Remote control and management of restrictions of your digital data is something we truly have to be concerned about. But, more and more companies already impose digital restrictions on the physical use of our devices – like restrictions on the software you are allowed to install on your very own hardware. Or, as we have seen, even restrictions on how or under what conditions you may sell your very own hardware. This is a negative development that we have to take action on and try to stop these practices. If we fail to do so and give up our consumer rights and civil liberties, we have to fear that one day we wake up in a world where not just digital content is out of control of society but also the physical control of technology.
These days, Google shows us best how this can be done: Google Glass will be a Hardware that is sold by Google and it is now in beta testing under the name Google Glass Explorer Edition. Due to the license agreement that you have to sign to become a beta tester, you are not allowed to sell the device or even lend it to a friend. Well, this can be seen as bad habit or as an understandable restriction of a beta test. This is not the point. But, the point that should concern everybody: If you do not fulfill Googles restrictions, they will remotely deactivate your hardware.

This comes close to the final step: Having an integrated option by the manufacturer to remotely destroy your hardware puts every user out of control of their own IT, of their own property. If remote control will become the future, society will be pushed out of control of technology and its content. From this point it is easy to imagine censorship, supervision and control of society by some monopolies in a never-seen-before manner.

[1] This is just an example, I am aware of. There might be other companies behaving in the same way, I just don’t know.

== update May 26 ==

Please note that there is a french translation of this blog post, done by Framasoft:
http://www.framablog.org/index.php/post/2013/05/13/drm-controle-numerique-et-physique
Thank you very much for this translation, love you guys!

Gesucht: Nutzer, denen die Gewährleistung eines gerooteten Gerätes versagt wurde

Posted by eal on Tuesday, April 30th, 2013 0

Die Verbraucherzentrale Bundesverband (VZBV) – ein vom Bundesministerium für Verbraucherschutz geförderter Verein – hat auf ihrem Portal Surfer haben Rechte das Thema Rooting vs Gewährleistung aufgegriffen. Speziell geht es in diesem Beitrag um das sogenannte ‘rooting’ von Android-Smartphones. Darunter versteht man den vollen Zugriff auf das eigene Mobilgerät um Daten und Programme nach Belieben zu installieren – beispielsweise auch alternative Betriebssysteme. Die meisten Hersteller gewähren ihren Nutzern dieses Recht auf eigene Gerätehoheit allerdings nicht. Die Verbraucherzentrale Bundesverband stellt dazu fest:

Rechtsexperten sind sich einig, dass das Rooting zu privaten Zwecken zwar strafrechtlich unbedenklich, allerdings vertragsrechtlich höchst umstritten ist. Denn viele Hersteller akzeptieren in der Praxis keinerlei gesetzliche Gewährleistungsansprüche mehr, wenn das Gerät gerootet wurde. Dabei ist es unerheblich, wann der Schaden eingetreten bzw. worauf er zurück zu führen ist.

Diese Praxis stößt bei der VZBV auf Unverständnis, auch die Free Software Foundation Europe hat dazu bereits eine Stellungnahme veröffentlicht. Demnach schreibt die EU-Richtlinie 1999/44/EG vor, dass die Gewährleistung auch im Falle des ‘rootens’ oder ‘flashens’ erhalten bleibt. Die Verbraucherzentrale Bundesverband schließt sich diesem Ergebnis an und schreibt es “gilt auch weiterhin das Gewährleistungsrecht, selbst wenn das Telefon gerootet wurde”.

Um dieses Thema in Zukunft verstärkt in den Fokus zu nehmen, sucht die VZBV nun Nutzer, die ihr Android-Smartphone gerootet haben und denen daraufhin vom Händler die gesetzliche Gewährleistung versagt wurde. Wenn ihr also mit diesem Problem konfrontiert seid oder wart, dann nutzt bitte das angebotene Kontakformular und helft mit, eine klare Rechtslage zu schaffen.

#ilovefs everywhere

Posted by eal on Thursday, February 14th, 2013 0

Today is the day to show your love for Free Software. Here is my message:

I love Free Software because it is in the very heart of a 21st century society that respects the rules of privacy, autonomy, democracy, participation and the freedom of speech.

(Just to list a few of its countless good characteristics)

I would love to see this message going out to the people that decide on our daily lives, our legal and educational framework. By promoting and using Free Software, they have the chance to set up the roots for a truly interconnected and transnational society. Hence, my message today is addressed to all of you in the European Parliament:

European Parliament celebrating #IloveFS

Description: The European Parliament celebrating and promoting Free Software – for a Free Society. Licensed under CC 3.0 BY-SA

New DFD Posters arrived

Posted by eal on Wednesday, January 23rd, 2013 0

Today, the new posters for Document Freedom Day 2013 arrived. Thank you, Stepan @stehno Stehlicek – FSFE’s new intern – for your wonderful presentation:

You want to be free …

Posted by eal on Tuesday, January 15th, 2013 0

… but they don’t want you to!

This is the name of a new campaign by the FSFE that will be launched soon. To not miss it, follow FSFE’s news section.

In the meantime, keep an eye on the streets – you will maybe see some stickers where you don’t expect them.

The right to install Free Software on any device

Posted by eal on Wednesday, November 28th, 2012 1

Last weekend, the German Pirate Party held its federal party convent to discuss and potentially agree on various amendments to their manifesto. Among them, there was amendment number 551: “Freie Softwareinstallation statt App-Store-Zwang” (German). A proposal, that aims at giving every user the right to install whatever software he likes on any computer-like device – instead of being locked to the vendors app-store.

More precise, the content of this proposal reads like:

Given by law, there is the right for free installation of whatever software you like on any ‘computer-like’ device. For the vendor, it’s legal to sell a locked device – but unlocking the device by the user must be implemented in an easy way by the default operating system. All software that will be installed, must be given the possibility for full access to all interfaces of the device. In addition, warranty may not be declared void after installation of software by the user. This must be true for manufacturers warranty as well as the one from your provider.
‘computer-like’ devices, and therefore affected by this law, are all information-processing devices whose operating system basically allows to install additional software. Not included should be devices for industrial or security purposes as well as devices that can physically harm someone, eg. cars or kitchen inventory.

These days, this could be a pathbreaking proposal concerning consumer protection and user rights. Actually, the content of this amendment comes pretty close to demands, that are also part of FSFE’s FreeYourAndroid campaign. If this amendment would be passed as law one day, it would also support FSFE’s efforts to get rid of Digital Restrictions Management and would be an answer to arising problems imposed by Secure Boot Systems. Nowadays, the right to unlock your device and further install your favorite Free Software, can be seen as the only way to access full and sole control over your own device. The obligation, to provide an easy possibility to unlock your device would encourage and help many users to do so. Especially, as unlocking your device – depending on the model – can become a hard job today or even impossible. As it is to fear, that manufacturers and service providers will try to further restrict our user and consumer rights, the time has come to ask our politicians to take care of them.

Unfortunately, at the end of the day, this amendment was not discussed due to the lack of time and the order in which all amendments were arranged. Hence, I hope it will be confirmed at the following federal party convent. Until then, I would like to encourage all members of political parties in Europe, to engage for a similiar statement or manifesto in your own party. Let’s get rid of further restrictions on general purpose computing and put the user in full control of his hardware.

My experience with Ubuntu running on a Nexus 7

Posted by eal on Wednesday, November 21st, 2012 2

Last week, together with Torsten @grote Grote, I attended SFScon to give a FreeYourAndroid workshop. Thanks to Patrick @ohnewein Ohnewein and Shaun @shaunschutte Schutte, we had the chance to use two Nexus 7 for every purpose. We decided to install Cyanogenmod on one and Ubuntu on the other.

Installing Ubuntu was my turn and I was looking forward to a “one-click process for installing Ubuntu”. Ubuntu and Canonical might be debatable but I think what they do is a very interesting idea and a first step to spread GNU/Linux operating systems on mobile devices like tablets.

I followed the installation guide from Ubuntus wiki. First surprise was that you need another computer that runs Ubuntu to actually install Ubuntu from there on the Nexus S7. Would be a nice feature, if further developments go for an image that you just need to copy to the tablet and then let run the installation by the tablet itself. For now it would be worth a try and seems like some fun to use a tablet that runs Ubuntu to install Ubuntu on the next tablet. Unfortunately, I hadn’t had the chance to try this out.

To install, you need ‘Ubuntu Nexus 7 Desktop Installer’ from a PPA and ‘Fastboot’ to unlock the Nexus 7 device. Then you can simply click through a GUI to flash the device and start installation. The installation process itself, again, is self-running and easy.

After installation, I had some time to play around and get used to the system. Here are my first thoughts after using Ubuntu on Nexus 7 for two hours or so.

Pro:

You get the whole Ubuntu 12.10 Quantal Quetzal distribution without limitations!
Like in the other Ubuntu distribution, you can remove the Unity Shell and replace it with your favorite shell.

Cons:

The system was sometimes really slow and refused to respond for a bunch of seconds. It even crashed me twice in 2 hours.
The visualized keyboard was slow, so I got sometimes confused if I already typed a letter or not. Really annoying was that it sometimes completely refused to show up – and without a keyboard, you are somehow lost.
Gnome3 Shell unfortunately didn’t start with Gnome3 interface but was stuck in the Gnome Fallback session, instead.
I had some problems to access system settings, as the panel was sometimes not responding.
By default, the font-size was too tiny for me. This was not a problem of reading, but targets that you tip with your fingers where so tiny that it made me a hard job to point them with my stubby fingers. I fixed this issue by installing gnome-tweak-tool and set the system font-size to 16.

to sum up: Installation of Ubuntu was very easy. As soon as there will be a self-running installation process without the use of another computer, installation will be even more user-friendly. On the other hand I was a bit disappointed by the overall performance of the system, especially by the keyboard.

Finally, I like the idea to spread GNU/Linux systems in the world of tablets and I support Ubuntu in doing their first steps. If you have some spare time and a Nexus 7 at hand – that you maybe do not need for critical issues – then it can be some fun for you to run a Ubuntu distribution on a tablet. But if you are in need of a stable and smooth free operation system that you can run for daily and efficient use, than you probably better decide to install Cyanogenmod.

Free Society Conference and Nordic summit 2012

Posted by eal on Thursday, November 15th, 2012 0

Last weekend I was attending FSCONS, where I was giving a FreeYourAndroid-workshop as well as my first talk about FSFE’s FreeYourAndroid campaign. I have never been to FSCONS before and I was quite surprised by its familiar atmosphere. Some special fun came up with the Karaoke event at Saturday night, where in the end nearly the whole FSFE team was amusing itself as well as the rest of the conference.

FSCONS is co-organised by the FSFE, hence it was a great opportunity to meet Fellows from all Northern Europe at this conference. Beside other talks, I enjoyed a lot the talks given by Karsten @karsten Gerloff and Otto @otto Kekäläinen. The first one impressed by giving an easy to follow and free talk with just using a few slides. The latter one came up with very good insights on how big companies try to convince decision makers – and how you succeed best in counterarguing. Just the same day, Otto Kekäläinen also received the Nordic Free Software Award 2012 for his important contributions to Software Freedom.

My FreeYourAndroid workshop was on Friday, one day in advance of the conference. 16 attendees showed their interest, six of whom finally liberated their phone at the workshop. By the way, thank you, Bjarni Einarsson, for your help at the workshop. It was quite fun to see, how you brick and unbrick phones, just to liberate them in the end. Next year at FSCONS, you should think about giving a lightning talk on this : )

On Saturday I gave my talk about our FYA campaign. In contrast to the workshop, this talk did not so much concentrate on the technical side. The talk was about how FSFE runs this campaign, tools that are provided and aims that are to be achieved. Similar to my experience in Kosovo, after the talk people were interested in liberating their phones, asked me about how to do it and the message about FreeYourAndroid spread through the attendees of the conference. Hence, during the rest of the conference, every now and then someone asked me about more details of the campaign or how to liberate their phones. So I did a second, informal phone liberation workshop on Sunday, too.

Finally, a big thank you to Leif-Jöran @ellefj Olsson for all your endless efforts in organising FSCONS and making this event possible!

Why become a supporter of FSFE?

Posted by eal on Friday, October 12th, 2012 0

If you know the Free Software Foundation Europe and you like what we are doing, there are a lot of ways and possibilities, how to support our work. You might join a local Fellowship group, subsribe to the newsletter, become a Fellow, [...] or – newly – become a supporter.

What does that mean – supporter of FSFE? Being a supporter of FSFE shows that you care about Software Freedom and that you support the never ending work of the FSFE towards a world of Free Software. To become a supporter, it just takes you two minutes and no costs are involved. But every supporter increases the weight and importance of FSFE when we talk to politicians or work on other public levels. With this easy way of supporting the FSFE, bit by bit, we might grow into an organisation who is supported by then thousands of Europeans out there. Be one of them! Increase our voice! Show your support!

I am already a Fellow – why become a supporter now? Thank you very much for being a Fellow of FSFE. This is the definitely the best way to support our work and to get in contact with other people that think likewise. But even as you are already supporting FSFE in the best way, please be aware, that our supporter form is an opt-in form. That means if you are a Fellow, you will not automatically be listed as a supporter. To further increase our voice, please subsribe to be a supporter, too.

Spread the message As you will see, becoming a supporter is just a few clicks away. And as there are no costs involved, you can easily spread the message among your friends. People that you know of, who care about Software Freedom, but do not (yet) like to become Fellow, for example. Or all your friends, your family, [...] ask them to do you a favor!

Plus: To have some fun, just add ?yourname at the end of the supporter-URL (http://www.fsfe.org/support), for example

https://fsfe.org/support?yourname

Then you will be able to see in the statistics how many people you succesfully encouraged to support FSFE if you look at:

https://fsfe.org/support/stats?ref_id=yourname

Good luck! And thank you very much!