I was still thinking on the subject of :
security,
privacy,
anonymity and
software freedom
(and hardware freedom in some ways).
Here's my conclusion, after a couple of years:
- First, I can't and won't ever go back to a proprietary OS/software in
general.
Never say never? Well, try me :)
A non-libre OS is rigged, and it's been proven many times (examples:
https://www.gnu.org/proprietary/proprietary-surveillance.html).
It's relatively safe from other users (secure/private if you work for it),
but not from companies.
It's also rigid, and can force unacceptable limitations on the user (that's
me).
- It's possible to use non-libre hardware and still be safe, have privacy and
be anonymous (if Snowden can do it that way, so can anyone).
but AMT and other remote control tools are still unacceptable (even if
realistically a limited number of people can make use of it, I suppose).
So for most users, even if it's not a "real" threat, it's still not ok.
Yet it's better than having non-libre hardware AND non-libre OS and software.
- Security is rarely an issue, but it can always be improved. Mainly system
hardening/reducing the attack surface.
An average user don't really need it, though improving it can't hurt.
- Privacy from other users and from companies takes some more work/education,
even on a vanilla Trisquel and/or Replicant and other libre OS.
Full disk encryption in case your machine is stolen, browser plugins
(cookies, refferers, profile spoofing, checking requests, https, local
emulation of files, ad blocking, no javascript...), specially if Javascript
is on, properly checking software, e-mail encryption,
Proper Tor BB behavior (no video/torrent/connecting to accounts unless
created anonymously from the Tor network...), installing and using a VPN...
Definitely not an exhaustive list, but it's a solid base IMHO.
- Anonymity is still achievable on a non-free OS in a limited way (Tor), if
no other means are available at hand in the moment, but it's obviously
immensely better on a libre OS.
About the hardware:
- any hardware will work (minus the wifi problem sometimes. But since
switching to Trisquel takes some effort anyway, it's a minor obstacle).
- a Librebootable machine is best (eliminates the remote access threat). It
is relatively affordable, and powerful enough for the average user.
- More libre hardware (or maybe 100% free but I'm not sure) like that POWER8
motherboard and Neo900 are unfortunately luxury items.
But I'm confident we'll find solutions, as more people become aware of all
this. And maybe with some luck, someone will leak Intel programs, who knows
:)
- E-readers, music players any other connected hardware really: get rid of
those who are too intrusive. For others, I guess turn the wifi off and hope
for the best. Or use real paper books.
- About tracking in general: smartphones, anything with a chip in it (public
transportation card, maybe credit card, whatever), implants under the skin
for the most idiotic ones...
Well, you can simply make sure to not use them too often if that matters to
you.
I came to the conclusion that even if it's not acceptable to track people
down (it doesn't even improve security against crime, as far as I know), I
feel it's not as important as the rest since 90% of the time (arbitrary
number obviously), people go from home to work, go buy some stuff, go meet
other people (friends, family, whoever), and go back home.
The data is useful for target advertising, and this bothers me though.
But if you are a journalist (for example) that needs to go off the grid, then
we're not talking about most people. And with some logic, there are obvious
ways, like temporarily getting rid of the tracking sources when needed. Maybe
there's more to it, but this makes sense to me.
- Other users : after all, it's the weakest link in the communication chain.
Fortunately, e-mail encryption works.
But multiplying social medias isn't acceptable for most users, so Fecesbook
and all this garbage will live on for now (even if it will be without me:
e-mail is enough).
What to answer to those who rightfully say that it's no big deal if companies
know which music I listen to, which books I read etc. ?
Easy: it's not about the isolated data or metadata, it's about the big
picture that's made of all that data. Powerful entities having such files in
their hands is only a disaster waiting to happen, even if you know very
little about humanity's History.
I think I reviewed it all.
In essence,
as most people can mainly own non-free hardware (since hardware that can be
used with Libreboot or Replicant is ultimately limited in quantity),
It's realistic to invite them to use free software anyway.
Not using a phone is nearly impossible anymore for most people.
But encrypted e-mails still work on non-libre phone OS.
And living with e-mails on the go is something I'm willing to try, but it's
not for most people (too much effort and inconvenience).
Bottom line, if I could talk to myself from 2 years ago, I'd say :
- take as much software freedom as you can afford. Any is better than none.
- know that there's no 100% of reliability in anything, which applies to
software too. Real example: unsafe Tor exit nodes.
- ultimately, a machine is only a tool, though free software makes it how it
normally should be.
- take the time to learn about at least setting up your system for improved
privacy. I wanted to write a basic guide (explaining and detailing what I've
listed about improving vanilla Trisquel), though it might be outdated fast if
it's not written with principles in mind.
Then, don't spend so much time on configuration, and just use it, and go on
with your life, just as it should be.
And take some time off the damn screens whenever you can ;)
don't spend so much time on configuration, just use it, and go on with your
life.
Ok I'm done.
Feel free to correct me, or to disagree if there's nothing to correct (which
I seriously doubt). I wish such posts could be stickied, but since it's not
gonna happen, I'll probably compile additional data from your answers and put
an entry in the wiki for example.
So what about you? What would you say to your old self on this matter?
