[mikegerwitz]

Transparency is necessary for security. Full transparency requires free/libre software---we need both transparency for the implementation, and transparency for integration into the system as a whole (and, as it follows, the whole system).

Even if the system purports to be secure, that doesn't necessarily mean that it hasn't been tampered with, or that a backdoor hasn't been installed---we've had a number of examples of this lately. A fully free, reproducible system is needed here.

There's an often-used argument to dismiss this concept: that free software can still have security bugs. And then they cite recent issues like "Shellshock" and "Heartbleed". Freedom doesn't guarantee security, but it has stronger assurances than proprietary systems, where you don't even have the chance to look at and study it (to any reasonable degree); and you (collectively) definitely aren't able to modify it to suit your specific needs, study its integration with the larger system, or build it reproducibly.

Any other arguments that can be applied against free software can be applied more strongly to non-free software.

Corollary: Confidence in the security of a proprietary, secret system is always less than a free/libre, transparent one, even if the free system is provably less secure overall.

In a fully free system, it is not possible to lock down users, as the OP was concerned, because someone will just modify the software to remove that anti-feature.

[zepto]

I understand the general argument about transparency - without it you have to trust the person who holds hidden component.

The false premise here is that any argument that can be applied against free software can be applied more strongly to non-free software. Here are two contradictions to that:

1. The resources dedicated to securing non-free software may be far greater than those dedicated to free software because of the business interests in maintaining security. Google has done a lot to improve the security of a variety of open source projects, but only because they form part of a non-free core that would otherwise be compromised. The same holds true for Apple albeit to a lesser extent.

2. A free system can much more easily be compromised by the injection of cloaked vulnerabilities by actors such as the NSA.

You actually haven't shown anything. You have simply stated that transparency trumps everything else. This is false. Transparency simply diffuses the trust model.

More importantly, as I keep saying, nobody has ever produced a transparent system that can be substituted for Apple's system. Until they do, these arguments that a theoretical alternative would be better are imaginary. If it was as simple as you suggest, why hasn't it been done, or at least demonstrated?

[pixl97]

>2. A free system can much more easily be compromised by the injection of cloaked vulnerabilities by actors such as the NSA.

I can't see how that is possibly the case. With a non free system the NSA just has to show up with a national security letter and a gag order and the system is compromised.

With the free system the NSA has to push, or get a submitter to push an update that gets missed by anybody that looks at the code.

[mikegerwitz]

> The resources dedicated to securing non-free software may be far greater than those dedicated to free software because of the business interests in maintaining security.

My argument is about confidence---you cannot trust a system that you do not have confidence in.

Yes, a proprietary system may have had much more development and research. But that doesn't make it "better". With a free system---even if it's more poorly designed---you gain confidence in being able to observe _exactly_ what it does, faults and all. You know what to expect, and what not to; that's far more important than not knowing either of those.

Further, the general recommendation among cryptographers and security experts is to use public algorithms that have been torn apart by cryptanalysts for years---all security should be in the key, for example, _not_ secrets in the implementation.

> Google has done a lot to improve the security of a variety of open source projects, but only because they form part of a non-free core that would otherwise be compromised. The same holds true for Apple albeit to a lesser extent.

This is security through obscurity, and is antithetical to actual security.

> A free system can much more easily be compromised by the injection of cloaked vulnerabilities by actors such as the NSA.

I don't follow. This is one of those situations where you _always_ have more transparency in a free system than a proprietary one---you are able to see _every_ patch that makes it into the system. That doesn't mean that you'll catch everything, but you have the opportunity to do so. And not just you---everyone.

> You actually haven't shown anything. You have simply stated that transparency trumps everything else. This is false. Transparency simply diffuses the trust model.

You cannot have confidence in an opaque system.

> More importantly, as I keep saying, nobody has ever produced a transparent system that can be substituted for Apple's system. Until they do, these arguments that a theoretical alternative would be better are imaginary. If it was as simple as you suggest, why hasn't it been done, or at least demonstrated?

Which system, in particular?

Apple's system should not be used and cannot be trusted---it is proprietary and designed to control the user in countless ways. Apple may take measures to protect their users' privacy and data, but ultimately, users are at Apple's mercy, and Apple has the final say in everything. Apple is historically one of the most opaque, secretive tech companies in existence.

So any free system is an improvement over Apple's.

[zepto]

"Any free system is an improvement over Apple's"

It's hard to take that seriously.

I challenge you to name a single such system. It should be trivial since the class is so large.

[mikegerwitz]

This is simply by default, from both a free software and security perspective. I've made my security point already.

What is your argument in favor of Apple, specifically?

From a free software perspective, no non-free program is ever better than a free alternative, even if that alternative is poor, because it robs you of your freedoms.

[zepto]

Right - I can see that's the belief you hold.

The part that I disagree with is the 'even if the alternative is poor'.

I understand that tolerating non-free software could be seen as moving us further away from a world where free software is the norm, but I also disagree with this.

You are arguing against Apple when the problem you are actually facing is a failure of the free software ecosystem to produce a viable alternative.

From an ideological perspective I would prefer free software too. My argument 'in favor of Apple' isn't really in support of Apple. It is against trying to tear down the current best option in favor of an alternative that doesn't exist.

There is a real fight going on right now, and favoring the government over Apple in this because you prefer free software seems like an extemely counterproductive move.

A free alternative can just as easily be outlawed as the non-free ones can. What matters is the legal and social precedents.

[mikegerwitz]

> favoring the government over Apple in this because you prefer free software seems like an extemely counterproductive move.

I'm not sure where you got that impression. I apologize if I was unclear.

It's essential that Apple fight this order, and essential that everyone do everything they can to ensure that this precedent is not allowed.

My comments were about the OP's comments about tradeoff between freedom and security.

As I summarized elsewhere:

https://social.mikegerwitz.com/notice/6552

We shouldn't agree with Apple's position on many things.

But it is _essential_ that this precedent---government-mandated backdoors---not be allowed. The stage on which we fight the crypto wars is shared by what would be our enemies in many other respects. So yes, we should choose our own shoes: we can stand with Apple in resisting this order while at the same time standing _against_ them for all of their other evils. This issue does not somehow legitimize all of their other evils.