Never Trust Proprietary Software With Security
![[avatar]](/pictures/favicon.png)
Blender Dumbass👁 56
https://blenderdumbass.org/ : 👁 2
https://blenderdumbass.org/articles : 👁 1
There is a person on the inter-webs, who dedicated himself to reviews on security devices. His name is Lock Picking Lawyer and he showcases how secure real life locks are. In his video 1543 he reviewed a rather peculiar security feature on a lock from ABUS. Which is strengthening itself not by building some clever mechanism that is hard to bypass, but rather, uses law, to make bypassing it more illegal than it already is. They made the key-way ( and by extension the key ) to be shaped as the trademarked logo of the company. Therefor producing or distributing blanks for this lock would be a violation of the trademark law. Using proprietary software for security is doing the same mistake as trusting this lock by ABUS.
Proprietary Software is not without their own ABUSes. In the 90s, as people joined the internet and started sharing media-files around, the media companies started experimenting with software that will encrypt the contents of a media-file, such that these contents would not be share-able, so people would be forced to buy more copies. They did such a bad job at this encryption, that instead of trying to develop better ones, they lobbied for a law that would make breaking this encryption illegal. Thus the infamous DMCA was born.
By the way, if you want to know about this type of encryption and how it violates your human rights, please go to DefectiveByDesign.org.
A lot of people, when I talk to them about the evils of proprietary software tend to agree with me on most of the points, but not all of them. A lot of those people tend to believe that proprietary software is more secure. Free Software ( the opposite of proprietary ) has a requirement for its source code to be accessible to all users. So in theory, somebody that wants to break through a security system implemented as Free Software, has an advantage of knowing how this system is secured. And not having the knowledge, potentially makes this system more secure. This is called "security by obscurity".
So lets go and smash this argument to pieces! Shall we?
Few years ago, before I had this website, I reviewed a Microsoft Software Licensee Agreement, that you pretty much have to agree to in order for the system to run. Apart from the usual demands to waive all your rights and surrender all your data to the overlords at the Microsoft corporation, and apart to agreeing to all the insecurities that come with the software being done by dumbasses at Microsoft, they also briefly mention the use of code published under the GNU Lesser General Public License. Meaning, to make Windows they used source code published under that license.
Even as far back as the 90s Microsoft was vilifying Richard Stallman for coming up with the regular GNU GPL, they thought it was viral, ugly and tried to claim it unconstitutional. Why? Why would a company that apparently can make software of their own, care so much about a license, for use of source code?
Well here an answer: If they can, they will not develop anything. They will use code that is already out there. And their shareholders will only be happy about it.
To pay for development time for some new clever security algorithm is to waste the shareholders investments, if an algorithm that does the job already exists in Free Software. Just copy-paste the source code and you are done. Of course sign that "developer" onto a non-disclosure agreement, as to hide the process and claim ( with a big asterisk ) the so called "security" of the software, hiding the truth about it deep in the agreement nobody ever reads, and you're chillin'! People believe you are secure and clever, while all you did was to repackage somebody-else's work.
Apple does the same thing. I remember a few decades ago finding a full text of the Lesser General Public License on my mother's iPhone. And their Mac operating system is a modified version of BSD. A Free Software operating system that isn't copylefted.
They do not have some better software for security. They are using the same stuff. Sometimes even older versions of the same stuff as in Free Software. And therefor breaking into those systems is at least as easy as breaking into Free Software system. But no... It does not stop there.
Some geniuses at the Microsoft corporation, some time ago decided that it would be a clever idea to make all Windows computers connected to the same network, be accessible through the normal Files Explorer. They were probably thinking about how convenient a feature like this could be. How easy it will be to drag and drop files from one computer to another.
Of course to implement such a feature, every Windows computer was essentially turned into a server that awaits commands from another Windows computer to hand over any file what so ever. Or to save any incoming file what so ever. Therefor making a huge security vulnerability that was widely exploited.
In the current version of the Microsoft Software License, there is even a passage saying that Microsoft itself can access files on your computer, probably using that same feature. And we known that Apple computers had similar security concerns that they tried to argue to be for the greater good.
Those companies just can't hold themselves from implementing baffling insecurities into their software, just so they themselves could violate your freedoms more conveniently.
Comparing this to the Free Software model is comparing a bush put in front of a door in order to disguise it, to a robust lock proudly on display on a high security vault.
Free Software does not afraid you knowing how the security is implemented. The same way Bowley ( a lock company; featured in video 636 of the Lock Picking Lawyer ) does not afraid you knowing the mechanism of the lock. Because the mechanism is so good, you knowing how it works will defeat you. And you will move on to the next target.
Every lock is breakable. Every encryption is decryptable. Security is not absolute. Computers get faster, therefor passwords get longer and algorithms get stronger. Free Software who's whole reputation is built on security cannot lack behind. They can't just hide their mistakes behind non-disclosure agreements and copyright infringement lawsuits. They actually have to make the code pass the scrutiny, or risk losing the users. And down the line, few generations later, after the feature is well known and no longer copylefted, proprietary software companies will pick up the leftovers and will repackage it as "more secure" because apparently they "have the money to pay the developers". But in that time they themselves will add insecurities on top of that. And the code they will be using will be way past its prime. And therefor you should never trust proprietary software with security!
Happy Hacking!!!
![[thumbnail]](https://upload.wikimedia.org/wikipedia/en/5/54/An_American_Pickle_poster.jpg)
![[thumbnail]](/pictures/thumbs/israel_palestine_hitler.jpg)
![[thumbnail]](https://archive.org/download/ThePentas/album.jpg)