- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
Apple’s battle with Epic is a reminder that today’s tech companies behave like 19th-century monopolists. Installing democratic control over these modern throwbacks to Gilded Age robber barons is the only way to curb their power.
Unfortunately the nature of these enterprises makes that prohibitively difficult to accomplish, not only for regulating them, but also for protecting democratic controls elsewhere. One of the big difficulties in tech security is just how much is happening inside black boxes where nobody can actually verify the process.
And that’s why I’m so adamant about FOSS. If I trust most of the software that runs on my machine, it’s pretty easy to quarantine the rest.
But if everything is in the cloud, I can’t really quarantine it. FOSS tends to be local first, or at least self-hostable, whereas big tech prefers the cloud so they can control the data.
I’m talking about hardware though. Even before you get into whether or not software can be trusted you should understand that computer chips have a very large number of undocumented processes that can run on them. Some are actually used only for testing purposes, but there really isn’t any way to verify everything that happens on the physical machine itself. You just have to trust the people who manufactured it (ie. total strangers).
Absolutely. Open hardware is also incredibly important, and RISC-V is a big part of that.
But honestly, FOSS and good system design is often good enough to limit the impact of bad hardware. As long as the set of hardware you have is different enough and you have multiple layers of security, the chance that something will sneak through is incredibly low. For example, you can control application access to the system (SELinux, AppArmor, etc), separate applications from each other (e.g. containerization), and configure a firewall on the PC side. At the router level, you can configure zones like a DMZ, packet filtering, and firewalls. You may not be able to trust each individual chip, but you can probably trust the system as a while with enough redundancy.
So I’m less worried about hardware than cloud based software. I can mitigate my vulnerability to hardware-based issues, I can’t do anything about cloud-based issues once the data leaves my network.
Right, but when we’re talking in the context of regulating broad democratic systems, the potential for deliberate corruption of the systems is vastly greater while employing black cube technology.
And I’m saying we can mitigate the risk by driving a wedge between hardware and software. Require companies to allow competition on their hardware. I think Apple and Android manufacturers should be required to allow custom ROMs on their phones and tablets, and provide sufficient documentation to facilitate that. A big part of that is Right to Repair as well, but the focus should be on documentation so customers can find/develop workarounds, not on forcing standardization (i.e. the fight to standardize on USB-C is nice, but it’s less important than forcing Apple to provide tooling to re-pair serialized components).
If customers can control the hardware, that represents a check against the hardware manufacturer. The next fight is “the cloud,” and again, if customers can control their hardware, there will be alternatives to those cloud services.
So I think the fight needs to be to enable and develop FOSS alternatives for all consumer hardware because that at least provides an alternative of those companies decide to act against the interests of their customers.