Freemors Blog

Musings of an East Coast Techie
Archive for April 2016

Stop Calling it Sharing

2016-04-09 by Freemor

I'm getting tired of term "Sharing" or "sharing economy" being applied to things that clearly are not sharing. It muddies the waters in discussions of these services, it's more about marketing then the reality of the situation, and frankly it's highly inaccurate.

Sharing is something one does without profit in mind.

Things like Uber, AirBnB, etc. are not about sharing. There is an exchange of funds involved. The companies provide a service to people how in turn provide a different service to clients.

If you go to Uber's "Drive" page it is quite clear from the wording that this is not about sharing. Phrases like:

"earn what you need"

and

"we deduct a service fee"

clearly show that this has nothing to do with sharing. So any references to Uber as a sharing service are completely inaccurate. It is a business plain and simple.

So with the "sharing" mystique stripped away it is clear that Uber is just another taxi service and thus should be regulated like any other taxi service.

AirBnB is about the same, their website starts off with:

"Rent unique places to stay from local hosts in 190+ countries." (emphasis mine)

Renting is not sharing. Also the "Hosts" pay a service fee to AirBNB:

"You'll only pay a 3% service fee".

So, once again we have a Company offering a service to people who offer a different service to clients. No Sharing. And with the "Sharing" mystique once again stripped away it's clear that this is just an unregulated hotel service.

So can we please stop referring to companies like this as "sharing" or being part of a "Sharing Economy". The use of that term is nothing but marketing buzz and an attempt to try and duck regulations that are generally there to protect the public.

Now if you take a site like CouchSurfing you'll be looking at something that is about sharing. Accommodations offered for free. No stings attached. No earning or service fees. However the company providing the site is not entirely in the sharing business, from their "Terms of use" we see:

"Couchsurfing may offer the opportunity to purchase products and services from third parties. You acknowledge that such products and services are offered and sold to you by one or more third parties. For more information, please refer to the applicable third party's terms of sale and privacy policy that are presented as part of the checkout process."

So even though CouchSurfing facilitates sharing they are in it to make a buck. They are a business. They are offering a monetized service.

I am in no way disparaging CouchSurfing. Everyone needs to eat. And bravo! they are facilitating actual sharing. Good for them. I'm just saying that their motivations are not entirely selfless.

I am also not saying that there is a dearth of sharing. Certainly the capitalistic society in which we live tries hard to push people away from sharing, as it is bad for their bottom line. Even so, I have seen many people offer public spaces and resources on-line for altruistic and/or selfless reasons.

People who run Tor nodes are sharing their bandwidth and computer resources. The same goes for people running I2P nodes, or people running publicly available Pump.io nodes or Diaspora pods. There is also the thousands of people that devote their time and energy to creating freely available GPL'd software.

So there is definitely a sharing economy out there. It just isn't the one you hear about. And sadly the "Sharing Economy" that is getting all the press isn't about sharing at all, just more capitalistic endeavours trying to wrap themselves in a palatable and marketable guise.

He who controls the server and software 'owns' the device

2016-04-05 by Freemor

With recent articles like this and this, I felt it was important to point out the golden thread running through these. Which boils down to one thing. "He who controls the software and/or server controls the device" at least in devices like these.

When buying a product that is Internet ready or Internet connected it is very important for people to ask the question "What happens if the Internet part goes away?"

For some products it's no biggie, like say a media player that downloads from a specific site, but also let you put your own music on. In this case the Internet part is more of a "Value added" piece then an mandatory one.

Then there are things like the Google Chromecast. If the Internet back end goes away because Google decides to move to ChromeCast V3.0 and not support earlier ones, then the device will become a brick. useless. And due to the lack of software freedom in these devices there is nothing the owner can do.

This same thing is true of an ever increasing number of products. Especially as we move into the whole "Internet of Things" (IoT) world. One of the reasons that businesses are so hot on the IoT idea is the reach it gives them over the product. This was seen with Kindle when amazon reached into thousands of devices and Erased the book 1984.

There are two separate issues at play here:

The "ownership" of the device hinges on these two things. Lets look at each of them.

Who controls the software

If you do not control the software on the device, then it controls you. You do not own that device. The person that controls the software owns it.

When I talk about control I am not talking about how "Usable" the software is. I'm talking about the users ability to Change, modify, study, etc. the software on the device.

If you can't change the software at all them you have absolutely no control.

If you can swap one opaque mass of software for another opaque mass of software you have the limited illusion of control

Only when you can Study the software to see how it works, Change it to work the way you want it to, Share the changes you've made and have the freedom to use the software in any way you choose do you truly control the device.

Sadly an ever decreasing number of devices fall into this category. Even many devices that appear free, like the Raspberry Pi, are actually Not truly so due to the fact that they can not work without some opaque bit of software. In the case of the Raspberry Pi it is impossible to boot the device without software that is not in your control.

Who controls the server

This question is either of slightly less or equal importance to the "ownership" of the device based on what the server bit does.

If the server bit is strictly "Value added", as in the device will continue to function completely without the server. Then the question is a minor one.

However increasingly, and by design, devices will not function if the server is gone.

Now if you have freedom in the software as mentioned above. It wouldn't be an issue. You or someone else could study the software, change it to use a different server or to not need the server and then share that change to the world. Problem solved.

Sadly as mentioned above it is a rare device where that can be done. Partly because most software licenses prevent you from doing any of those and thus from using the software any way you want

So lacking freedom in the software and being tied to a server that you don't control means that not only can you not fix, or modify the device, you are now entirely at the whim of the person that controls the server. What if the server says to delete all your stuff? Nothing you can do. The device wont work without the server so you can't prevent it from connecting and once it does bang your stuff is gone.

It goes well beyond just deleting your stuff. The server could push out an update that kills the device. Now it wont even turn on. Or they could just shut down the sever, Again you're stuck with a useless device. It is also important to remember that the connection to the server is a two way street and can be used to spy on anything you do with or near the device, as Windows 10 does and it looks like Occulus Rift will.

As the whole IoT thing takes off this is going to become a huge issue and one that customers need to pay attention to. An IoT fridge that you do not control could be remotely told to not keep food cold anymore when the manufacturer decides it is time for you to buy a new one.

Think that is far fetched? There have been printer out there for years now that decide to stop working based on a software counter in the printer. There is absolutely nothing mechanically wrong with them the software just decides "Sorry I'm done.. go buy a new printer". If manufacturers are willing to screw with you like this how much more so when they can reach over the network and do what ever they like to your device?

So the next time you buy an electronic device ask, Who controls the software? Is the server part "Value added" or mandatory? Can I change the software? Can I run my own server? And ultimately, Do I want to buy a device I will not "own or control".

A Phone is not a House

2016-04-01 by Freemor

With the ongoing debate about strong encryption on mobile devices, I'd like to take a moment to clear up a misconception that I've seen tossed around and sadly accepted by too many people.

To be clear anyone that reads my stuff will know that I fall well inside the "must have strong crypto" camp. So the views expressed here will clearly be coloured by that.

The point I want to clear up is this new comparison of cell phones to physical spaces. The argument tends to go like this: "Peoples homes are private but the government can get a warrant to search them. So the government should be able to do the same for Phones."

On the surface that may seems to make sense and I suspect that is why people are buying into it, but the truth is much closer to saying: "Peoples homes are private but the government can get a warrant to search them. So the government should be able to do the same for private conversations."

What the government is seeking is not access to a physical space but rather retroactive access to private conversations. The government has never had the ability in the past to compel you to divulge what you said to your friend last Tuesday. Especially if such might be incriminating.

By wanting all encryption breakable the government is trying to do an end run around your right to remain silent, or plead the 5th, or what ever the equivalent is in your country.

Cell phones are by definition communication devices, not dwellings, not safes, not a place of business. Cell phones store and transmit conversations, which is speech, which has special safe guards when talking privately with another individual.

Yes there are wiretaps and police can get a warrant to get a wiretap. But wiretaps have never been retroactive. Remember it's "You have the right to remain silent, anything you say may be used against you in a court..."

How safe do you feel knowing that by breaking into your phone and having retroactive access to your speech, "anything you say" now includes much of what you said for the last 2, 3, 5 years. Did you have an indiscretion that they can blackmail you with? Did you joke with a friend about robing a bank? Did you talk with someone about the possibility of fudging your taxes a bit? Did you get really drunk after a break-up and text something that could be considered a threat? And on, and on.

One of the reasons that speech is protected is because it is so easy to twist and use against someone. As the famous quote goes "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."

We can not, we must not allow governments and police to have easy unfettered retroactive access to our speech going back years. It removes too many safeguards and tips the balance of power dangerously to the side of the already powerful.

Keep private conversations private. Say No to big brother.