Open-source software as a security-enhancing measure
In the modern world, the efficient usage of computers nearly became a necessity on which
many people’s livelihood is dependent on. We use it for communication, work, and
entertainment all of this while unwittingly using hundreds of programs of which origins we are
not even remotely conscious about. What is even worse is that these programs, which we
often run on our computers, phones, and other devices like smart fridges and not-so-smart
smart toasters tend to have access to the sensitive personal data such as your location logs,
data about your bank accounts, your naughty summer vacation photos or basically
everything that actually goes in or out of your electronic device.
The described situation begs the question: “How can a person be sure that an application he
(or she) runs on his (or her) device is trustworthy? ”. It turns out, often case you can’t trust
even to the software produced by large and reputable companies. The reason for this is
simple, most of the commercial software people tend to use is proprietary, which means you
can never check the actual source code of the program in order to be able to know for sure
whether or not the program does something funny in the background. There are precedents
that should make any reasonable person doubt whether or not the big and generally trusted
tech companies are really that trustworthy 1,2,3,4,5,6.
The opposite of proprietary software is open-source software or as it also often called - free
software. The free software movement was started by Richard Stallman in 1983, and with
years it became so huge that only one of the many open-source operation systems runs at
the very least 34.4% of all web servers 7.
By estimates, about 78% of enterprises around the world run some kind of open-source
software 8.
According to free software movement, free software means that the user has four
fundamental freedoms over it, which are :
1: The freedom to run the program as you wish, for any purpose.
2: The freedom to study how the program works, and change it so it does your
computing as you wish freedom 1. Access to the source code is a precondition for this.
3: The freedom to redistribute copies so you can help others.
4: The freedom to distribute copies of your modified versions to others freedom 3. By
doing this you can give the whole community a chance to benefit from your changes.
Access to the source code is a precondition for this 9.
The difference between proprietary and open-source (free software) could be seen on picture:
The critical point here is that users can freely inspect and modify the source code of
programs. Although at first, it might not have any obvious benefit for people who are not
programmers by profession and are unable to explore the source code of their programs
directly, many people can and will do it. It might be possible for a closed organization to inject
malicious code in your application and stay quiet about it for decades, but if the source code
is open for the public inspection, any malicious code is doomed to be eventually found by
someone, which generally results in a scandal big enough you will undoubtedly know about if
you pay attention 10
Sources:
1: Google remotely changed the settings on a bunch of phones running Android 9 Pie.
2: A security issue has been flagged in the hugely popular mobile messaging app WhatsApp that could allow for messages sent via the encrypted platform to be intercepted and read.\
3: Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key.
4: Many models of Internet-connected cameras contain a glaring back door—they have login accounts
with hard-coded passwords, which can't be changed.
5: Apple can, and regularly does, remotely extract some data from iPhones for the state, and maybe
not only for the state.
https://arstechnica.com/gadgets/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/
https://arstechnica.com/gadgets/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/
6: More on known backdoors in proprietary software.
7: Comparison of the usage statistics of Linux vs. Windows for websites
8: 78 percent of companies run open-source software.
9: What is free software?
10: 'Backdoored' Intel RdRand library denied from Linux kernel.
https://www.theregister.co.uk/2013/09/10/torvalds_on_rrrand_nsa_gchq/
Questions:
- Have you ever heard about open-source software or free software movement?
- Does being unable to know what the programs on your device do ever bothered you?
- Do you use any open-source software right now?
Comments
1. Yes, I have. As I am IT student it is a well-known topic in the environment.
2. In a way. I usually pay attention into what I install on my computer, so I'm not really bothered by that.
3. I code in open-source technologies, so yes. I'm also very sure that I use a lot of them without knowing they are open-source.
Have you ever heard about open-source software or free software movement?
Of course, I heard about open-source software. I think it is a great movement, which could help all of us to improve our software. But in some cases it is not suitable, like in the defence industry and so on.
Does being unable to know what the programs on your device do ever bothered you?
Yes, especially after a lot of news about the app, which is spying for their users and sends all the data to governments or company, which developed it. I feel myself a little uncomfortable with all those news and realization, that I am not aware, what is the code for the app which I am using.
Do you use any open-source software right now?
Maybe I am using it without knowing about it. I am not searching for it especially, so I cannot be 100% sure.
2. Of course, it bothers me all the time. When I have a choice between open-source or non-open source programs doing the same thing I always choose the open-source one. Doing that I am almost certain that the software that I am using has nothing shady going on in the background.
3. I work with Ubuntu Linux. Also I use numerous open-source software at work and in my private projects.
Have you ever heard about open-source software or free software movement?
Yes, i did, and i have been a contributor on github.
Does being unable to know what the programs on your device do ever bothered you?
not really on computer but on my mobile yes. (and i have deleted them)
Do you use any open-source software right now?
I don't currently but I used to in the past.
Yes. We hear it many times because we are in the software market. But I didn't join any of them
Does being unable to know what the programs on your device do ever bothered you?
Except for social platforms, there is no program that bothers me extra.
Do you use any open-source software right now?
There is no open source program that I use when I look
1. Have you ever heard about open-source software or free software movement?
Yes, I have heard.
2. Does being unable to know what the programs on your device do ever bothered you?
I delete the bothering programs from all devices. If the program bothers you then the program does not meet all requirements for living.
3. Do you use any open-source software right now?
No, I do not.
program. Use those that you need to know if you can home or commercial use. I don't understand the second question a bit.
But I think it is obvious what program I use on my computer and what it installs. As for the last questions:
I use, e.g. notepad ++, which helps me at work, gim - graphic program, NGINX and many other programs
1. YES, of course. I follow interesting open source and even open hardware projects (have you heard about such movement?). That's great opportunity for people. They can use it, learn from its code and take part in development.
2. I always know what I have installed on my devices
3. Yes. To be honest I think that it's hard to not use open source programs these days. Literally every program have its open source alternative - and that's really good.
I`m using VMW products.
2. Never.
3. A very large amount.