More than 30 years ago, Richard Stallman quit a doctorate program at the MIT to start the GNU Project, a free software operating system. Not only has he been an uncompromising purveyor of free software, but he also founded the free software movement, which now has thousands of volunteers and many more supporters across the world.
So when Stallman turned up to deliver a talk in Mandya, a small town about 100 kilometres from Bengaluru, hundreds of students and a few teachers turned up.
“I’ve been following his work for the last 17 years,” Vishwa Kiran, assistant professor at BMSIT, tells me on the sidelines of the talk organised by the Free Software Movement-Karnataka. Kiran had just bid Rs 6,500 (about three times the selling price) to buy a stuffed baby Gnu at an auction conducted by Stallman himself. He’s travelled nearly 100 kilometres to listen to the talk on a Sunday evening. Such is Stallman’s appeal.
Despite his eccentricities, and views that some might consider extreme, Stallman the idealist, the ultimate free software evangelist, is a crowd-puller even in small-town India.
It isn’t always easy to follow in his footsteps. He doesn’t use Netflix or Uber, prefers cash or bitcoins over credit cards, and does not have a mobile phone, let alone a Facebook or Google account. These companies spy on their users and we shouldn’t let them do it, he argues.
In his talk, Stallman touched upon why this is dangerous as he tries to get a whole generation of young engineers to follow the path of free software. We made a trip to Mandya to cover his talk on Sunday. In the talk, which lasted more than an hour, Stallman launched into a scathing critique of big tech companies. Edited excerpts:
On companies spying on users
Most non-free software, as far as we can tell, spies on the user. This is not a rare exception that would be shocking. What is shocking is that non-free software comes from an industry with no conscience (and) is ready to spy on people whenever it gets the chance. One example is Amazon’s eBook reader… it reports everything the user does to Amazon’s service. It sends the title of the book, so even if the user got the book from someplace other than Amazon, it still knows the user is reading that book and it sends the page number. It knows about how the user progresses through the book. If the user highlights any text or enters any note, those are sent to Amazon’s service. Total surveillance. This is not the only example.
All the five successful non-free operating systems spy on the user. I am talking about Windows, macOS, Android, iOS, and Chrome. Each one spies and sends information about the user in different ways. The applications spy on users too.
On popular Android apps
An investigator studied 1,000 most popular Android apps, checking for one particular kind of spying that is easy to detect without the source code. The investigator could not get the source code, of course. There are many ways for a program to spy, but there is one way that the investigator could detect. The person found that of the paid apps, 60% were spying, and of the gratis apps, 90% were spying. Of course, all of them were non-free software. I can say most non-free programs, based on available measurements, spy on users.
On streaming and transportation apps
Spying is especially bad. It is especially bad for streaming apps and transportation apps. If you look at streaming apps such as Spotify and Netflix, they generally require the user’s identification and then they make a dossier about each user with a list of what that user has listened to or watched. This threatens human rights. We must not allow this kind of dossier to be collected. The transportation apps do the same kind of thing. For instance, Uber, to get an Uber car, the user must identify herself and then Uber makes a dossier of everywhere that user goes. We cannot allow the systematic tracking of people’s movements because that’s just like tracking what people look at or watch or listen to – they threaten human rights. They are incompatible with a free society. We have to put an end to those forms of tracking people.
On smart devices
Nowadays, it has become customary to design products for people to carry or put in their homes that report about the user to the manufacturer. The first one I found out about was Fitbit. It records how the user moves, if the user is walking or running, and it sends the data to the manufacturer, which offers to sell that data to the user. What nerve that company has to say that we will sell you your own data?! This is the internet of stings, where the way the user talks to the product is going through the manufacturer’s server. That is what they always do nowadays, which means all commands that the user gives the manufacturer knows, and the manufacturer knows the results as well. Constant spying. There is a home security camera that transmits video to you wherever you are through the manufacturer’s server. It used to be that the owner of the product could watch directly, connect to it directly, but then the manufacturer changed the software so that users have to connect through the manufacturer’s server after making an account. And I suppose that they have to identify themselves to do that. Since the manufacturer’s server can watch, I am sure they are saving the videos all the time.
There is also a sex toy that connects over the internet and allows some other person to send commands to it. This could be an enjoyable feature in some circumstances, but the communication goes through the manufacturer’s server and I suppose that the other user has to make an account. It has no right to know that. It sees all commands too and the results, so it is spying on everything. I saw one of those in a store and I immediately said, “Ah! That is to spy on people.” That was just a suspicion, it was not proved, but later on, somebody found proof and not only that, the physical product was designed for spying because they put in a thermometer. The users do not need a thermometer. What would you do with that? The users probably do not even know it is there, but with the thermometer, the manufacturer can tell when the product is in contact with the human body. It could probably also tell how the product is in contact with the human body, I suspect. So the sex toy was designed to spy on the people using it.
On digital restrictions management (DRM)
There is another nasty thing about this system of communication through the manufacturer’s server. If the manufacturer decides that that server is not profitable, it will switch the server off and then the people who bought the product will not be able to talk to it anymore. Several companies have done this. There is the functionality of refusing to function, called DRM (digital restrictions management), or digital shackles. When a product is designed to stop people from doing things, it is totally malicious. My rule is I will not use any product that was designed to restrict the user unless I have exactly what is needed at my disposal at that moment to break the shackles.
Some users were reading a book on Amazon Kindle when they saw it suddenly disappear and they looked around. The book was not there anymore. What was the book that they erased? It was Nineteen Eighty-Four by George Orwell! There was a lot of criticism. So Amazon said it would never do this again unless ordered to by the state. If you have read 1984, which you should, that promise will not be very comforting because it is about a totalitarian state that burned books it did not like. It was just something Amazon could say to turn off the criticisms. A few years later, Amazon resumed remotely erasing books without even an order from the state.
On software backdoors
We know a few other backdoors. iOS has a backdoor to remotely erase an app. Apple can remotely erase any app or perhaps it just irrevocably deactivates the app’s equivalent. Android has an even more powerful backdoor. Google can remotely erase any app and forcibly install any app. This backdoor is located in Google Play. You may have heard people saying that Android is free software. Some of the components are free software as Google releases them, but some components such as Google Play are not free ever at all, and that is where the backdoor is.
A backdoor in a driverless car could be extremely dangerous. You could get into the car and tell it to take you to the train station but instead, because its backdoor received the command, it would take you to the secret police torture centre. I am sure that is what would happen in China and in Saudi Arabia, it might take you to the secret police dismemberment centre. What about India? What about the United States? Can we be confident that this will not happen in those countries? Not me. You cannot trust your car if it is self-driving unless software in it is free. By the way, remote-controlled software for cars has already been developed. This is not just hypothetical. That software has been tested. And as for driverless taxis, you can only trust them if the car cannot tell who you are. So you cannot possibly ever trust a driverless Uber car because Uber insists on knowing who you are.
On subscription software
Another malicious functionality I should mention is subscriptions. About 20 years ago you would simply have installed software on your computer and run it. Nowadays, the software requires users to get a subscription and identify themselves. That includes Microsoft Office. It includes a lot of software that artists use. So this means the chains are getting tighter. Another malicious functionality is addictiveness. Many non-free programs are designed to manipulate users psychologically so they get hooked and they have to keep using it. This is often found in games. Facebook does it too. If the program were free, we could modify it to be less addictive and then you would be able to use it as much as you want to, as much as you really think you should, instead of having to fight against yourself to stop.
On Apple and censorship
Apple was the pioneer of censoring apps. The user of the iPhone, for the first time in a generally usable computer, could not freely install the applications of her choice. The person was limited to installing apps approved by Apple from its App Store. Apple practised this censorship power arbitrarily based on its own commercial interests and political stances until 2017. Then, China ordered Apple to begin blocking VPN applications because those can be used to get through the great firewall, and Apple discovered it could not disobey China’s order. This was because Apple had given itself the power of censorship and China knew that, so Apple could not deny. If users were able to install whatever programs they wished, then Apple would have had an excuse: ‘China, you know that we always want to make you happy, but in this case, we cannot. We have no control over what programs users install in their iPhones. We are unable to stop them. Please forgive us.’ But because Apple had arrogantly taken the power to censor, China knew it and Apple was compelled to censor for China because of its own wrongdoing in the past.
Then, there are universal backdoors. A backdoor is universal if by using the backdoor it is possible to remotely force changes in the code itself. That backdoor can do anything whatsoever to the poor user. The user is completely helpless under the power of whoever can force software changes. Windows has a universal backdoor. Microsoft has the power to forcibly change the code in a machine that is running Windows and, therefore, it owns that machine. Microsoft has owned all the machines that have run Windows, starting with Windows XP, because that is the first version where we know the universal backdoor existed. All the users are at Microsoft’s mercy.
There is also a universal backdoor in Amazon (Kindle) and in almost every model of the portable phone ever made, except perhaps for some old analogue models from decades ago. The portable phone has a processor called the modem processor, which talks to the radio network, and in almost all portable phones it also talks to the microphone and to the GPS. The software in it is always non-free because that processor is secret and we do not know how to write any software for it. If you think you can get your privacy back by turning it off, guess what? There is no off switch. Mobile phones do not have an off switch. Instead, they have a button to request the telephone to be so kind as to switch itself off. Once they converted into a listening device, they also changed the code to handle pushing that button, so it pretends to switch off, but really it continues running, listening, and transmitting.
Meanwhile, there is another surveillance thing that the phone does. Every few minutes, it sends a signal saying, “Here I am, here I am.” The reason for this is so the phone network can tell which tower to use to route communications to the phone. The original reason for this was honest, but it has the effect that the network follows the movements of every phone and through triangulation, it can determine the phone’s location very precisely.
If you are carrying a mobile phone, it is always tracking your movements and it could have been modified to listen to the conversations around you. I call this product Stalin’s dream. What would Stalin have wanted to hand out to every inhabitant of the former Soviet Union? Something to track that person’s movements and listen to the person’s conservations.
Fortunately, Stalin could not do it because the technology didn’t exist. Unfortunately for us, now it does exist and most people have been pressured or lured into carrying around such a Stalin’s dream device, but not me. I am suspicious of new digital technology. I expect it to have new malicious functionalities. It has happened so many times that I have learned to expect this, so I have always checked before I start using some new digital technology. I asked to find out what is nasty about it and I found out these two things. It was something like 20 years ago, and I decided it was my duty as a citizen to refuse, regardless of whatever convenience it might offer me. To surrender my freedom in this way was failing to defend a free society. This is why I do not have a portable phone. I refuse to carry a portable phone. I never have one and unless things change, I never will. I do use portable phones, lots of different ones. If I needed to call someone right now, I would ask one of you, “Could you please make a call for me?” If I am on a bus and it is late and I need to tell somebody that I am going to arrive late, there is always some other passenger in the bus who will make a call for me or send a text for me. Practically speaking, it is not that hard.
It spies on the user and builds a dossier of what the user watches. It puts on digital shackles. The user is supposed to agree not to make copies and share them, not to lend the one and only copy to somebody else. If you have agreed to a contract like that, that does not excuse acting that way. You must not be a jerk. Even if you promise somebody else you would be a jerk, you still must not act like a jerk. I do not want to make an agreement knowing that I would later be morally obliged to break it. I would rather reject it in advance and that is what I do. I check these things. I have never knowingly agreed to a contract with these requirements. I want to make sure I never accidentally agree to one.
There is another nasty thing that Microsoft does to the users of Windows. When it discovers a security flaw in Windows, before fixing it, it informs the US government’s spy agencies, so that they can enter the computers of users of Windows. Do you think the government of India should use Windows? Obviously not. In fact, nobody who has any sense would use Windows if the user is applying that sense and judgment to the question. You know about this or the other nasty things it does, you would say no. We know this in the case of Windows because of an article that reported on this. Other companies could be doing the exact same thing and we do not know.
Disclosure: FactorDaily is owned by SourceCode Media, which counts Accel Partners, Blume Ventures, Vijay Shekhar Sharma, Jay Vijayan and Girish Mathrubootham among its investors. Accel Partners and Blume Ventures are venture capital firms with investments in several companies. Vijay Shekhar Sharma is the founder of Paytm. Jay Vijayan and Girish Mathrubootham are entrepreneurs and angel investors. None of FactorDaily’s investors has any influence on its reporting about India’s technology and startup ecosystem.