[WireWrap]

Security requires freedom, and cannot be achieved without it. If you don't have the freedom to determine the behavior of your personal computing device, select the ways it is and isn't locked down, control updates to it, and inspect encrypted communications to/from it, that device and your usage of it are insecure.

We should not reinforce the idea that one must sacrifice freedom for security, sacrifice privacy for security, etc. Those are false choices based on fundamentally flawed definitions of "secure" and "security".

[zepto]

Until someone develops an actually secure system that has these properties, the 'false choices' are the real choices.

[mikegerwitz]

Transparency is necessary for security. Full transparency requires free/libre software---we need both transparency for the implementation, and transparency for integration into the system as a whole (and, as it follows, the whole system).

Even if the system purports to be secure, that doesn't necessarily mean that it hasn't been tampered with, or that a backdoor hasn't been installed---we've had a number of examples of this lately. A fully free, reproducible system is needed here.

There's an often-used argument to dismiss this concept: that free software can still have security bugs. And then they cite recent issues like "Shellshock" and "Heartbleed". Freedom doesn't guarantee security, but it has stronger assurances than proprietary systems, where you don't even have the chance to look at and study it (to any reasonable degree); and you (collectively) definitely aren't able to modify it to suit your specific needs, study its integration with the larger system, or build it reproducibly.

Any other arguments that can be applied against free software can be applied more strongly to non-free software.

Corollary: Confidence in the security of a proprietary, secret system is always less than a free/libre, transparent one, even if the free system is provably less secure overall.

In a fully free system, it is not possible to lock down users, as the OP was concerned, because someone will just modify the software to remove that anti-feature.

[zepto]

I understand the general argument about transparency - without it you have to trust the person who holds hidden component.

The false premise here is that any argument that can be applied against free software can be applied more strongly to non-free software. Here are two contradictions to that:

1. The resources dedicated to securing non-free software may be far greater than those dedicated to free software because of the business interests in maintaining security. Google has done a lot to improve the security of a variety of open source projects, but only because they form part of a non-free core that would otherwise be compromised. The same holds true for Apple albeit to a lesser extent.

2. A free system can much more easily be compromised by the injection of cloaked vulnerabilities by actors such as the NSA.

You actually haven't shown anything. You have simply stated that transparency trumps everything else. This is false. Transparency simply diffuses the trust model.

More importantly, as I keep saying, nobody has ever produced a transparent system that can be substituted for Apple's system. Until they do, these arguments that a theoretical alternative would be better are imaginary. If it was as simple as you suggest, why hasn't it been done, or at least demonstrated?

[pixl97]

>2. A free system can much more easily be compromised by the injection of cloaked vulnerabilities by actors such as the NSA.

I can't see how that is possibly the case. With a non free system the NSA just has to show up with a national security letter and a gag order and the system is compromised.

With the free system the NSA has to push, or get a submitter to push an update that gets missed by anybody that looks at the code.

[mikegerwitz]

> The resources dedicated to securing non-free software may be far greater than those dedicated to free software because of the business interests in maintaining security.

My argument is about confidence---you cannot trust a system that you do not have confidence in.

Yes, a proprietary system may have had much more development and research. But that doesn't make it "better". With a free system---even if it's more poorly designed---you gain confidence in being able to observe _exactly_ what it does, faults and all. You know what to expect, and what not to; that's far more important than not knowing either of those.

Further, the general recommendation among cryptographers and security experts is to use public algorithms that have been torn apart by cryptanalysts for years---all security should be in the key, for example, _not_ secrets in the implementation.

> Google has done a lot to improve the security of a variety of open source projects, but only because they form part of a non-free core that would otherwise be compromised. The same holds true for Apple albeit to a lesser extent.

This is security through obscurity, and is antithetical to actual security.

> A free system can much more easily be compromised by the injection of cloaked vulnerabilities by actors such as the NSA.

I don't follow. This is one of those situations where you _always_ have more transparency in a free system than a proprietary one---you are able to see _every_ patch that makes it into the system. That doesn't mean that you'll catch everything, but you have the opportunity to do so. And not just you---everyone.

> You actually haven't shown anything. You have simply stated that transparency trumps everything else. This is false. Transparency simply diffuses the trust model.

You cannot have confidence in an opaque system.

> More importantly, as I keep saying, nobody has ever produced a transparent system that can be substituted for Apple's system. Until they do, these arguments that a theoretical alternative would be better are imaginary. If it was as simple as you suggest, why hasn't it been done, or at least demonstrated?

Which system, in particular?

Apple's system should not be used and cannot be trusted---it is proprietary and designed to control the user in countless ways. Apple may take measures to protect their users' privacy and data, but ultimately, users are at Apple's mercy, and Apple has the final say in everything. Apple is historically one of the most opaque, secretive tech companies in existence.

So any free system is an improvement over Apple's.

[zepto]

"Any free system is an improvement over Apple's"

It's hard to take that seriously.

I challenge you to name a single such system. It should be trivial since the class is so large.

[mikegerwitz]

This is simply by default, from both a free software and security perspective. I've made my security point already.

What is your argument in favor of Apple, specifically?

From a free software perspective, no non-free program is ever better than a free alternative, even if that alternative is poor, because it robs you of your freedoms.