Search Mailing List Archives
[liberationtech] Chromebooks for Risky Situations?
jacob at appelbaum.net
Fri Feb 8 21:45:32 PST 2013
> On Wed, Feb 6, 2013 at 2:16 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>> Brian Conley:
>>> Perhaps you can tell us the secret to convince all family members and
>>> colleagues to become Linux hackers able to be completely self-sufficient
>>> managing their own upgrades and modifications indefinitely?
>> Stop supporting the use of non-free software? We're all part of the
>> problem when we help people to be less free and to use proprietary
>> software or proprietary services. This is both an education and a
>> problem with enabling. We all suffer from it, I think.
> What's funny about this, is that you appear to think I disagree with you on
> My point is, if *YOU* (any you out there of the many yous on this here
> libtech list) want to advise someone who is at risk to use free software,
> YOU should take responsibility for stewarding them through the process and
> making sure they know enough not to get themselves into trouble.
>> When we encourage people to say, buy a Macbook or a Chromebook because
>> we're happy to support it over say, Windows, we're making things worse.
>> Largely because the choice is actually between Free Software and
>> proprietary software or free software on devices where we're not
>> actually able to exercise all of our freedoms.
> I don't know a great deal about Linux. I know enough to know that smart
> people I know seem to think it is better for a variety of reasons from a
> security standpoint. Unfortunately where it is *not* better is for people
> engaged in multimedia. It would be great if someone would support the
> development of better linux-based multimedia tools. I'm not that person.
> Oh, except for the last year I've been working with the good folks at the
> Guardian Project and others on a secure-by-design multimedia reporting app
> based in Android, and a large portion of our relatively meager funding has
> been directed at UI/UX design and graphics and content in the training
>> Thus, when we aren't helping people to get off of the non-free platforms
>> or to reduce our dependency on non-free software, we're basically not
>> doing a great job at educating people that we care about and otherwise
>> wish to support. When we pass the buck, we're enabling them with
>> harmful, sometimes seriously so, solutions.
> See above. I am certainly doing a lot more than I used to be doing in this
> realm. I hope you're not trying to suggest that I am passing the buck.
I actually think that we all pass the buck. It is part of the current
discourse - perhaps the only person that doesn't pass the buck is Micah.
He's like some kind of Gnu/Saint, really.
> My point is that if knowledgeable individuals are not willing to spend the
> time to assist less knowledgeable people to get the first leg up in the
> much-less-than-obvious world of FOSS/FLOSS/Whatever, then they are just as
> responsible for security risks and endangerment as people who ignorantly
> recommend windows, mac, etc because as you put it "When we encourage people
> to say, buy a Macbook or a Chromebook because we're happy to support it
> over say, Windows, we're making things worse."
I disagree. The packaging system alone for most systems encourages a
safe way to install nearly all software. Thanks to the nearly impossible
UX choices, we don't see a lot of accidental malware on GNU/Linux
systems. I wish I was kidding but this is actually an improvement over
say, Windows or Mac OS X software packages that promote downloading
anything and everything insecurely, running it and then updating willy
nilly over the same insecure channels.
> Again, just as I still haven't heard a strong argument why google hangout
> is "as bad" or "worse" than Skype, I don't yet see good arguments why
> Chromebook is such a bad option for "many" use cases. In fact, I don't see
> why a lot of mobile devices that are wifi only might be such bad options.
> However, don't worry, I won't be advocating for you to use a windows mobile
> or apple tablet anytime soon.
This is the wrong framing entirely. Allow me to re-frame it: I haven't
heard a strong argument as to why Google or Skype is safe at all.
Thus, I'll conclude that neither are very safe for anything at all,
though they may thwart some people with little time on their hands.
>>> Otherwise what is your point?
>> This essay seems like a longer version of what Micah has expressed:
>> I also suggest reading these two essays by RMS:
> I will definitely read up, though by pointing me in this direction, you
> open yourself up to replying to relevant and serious clarification
> questions as follow up. (the Gunner clause ;) )
Happy to help. :)
>> He is also talking about how the threats to a user might include Google
>> itself (eg: my legal cases!) or perhaps even the network you're using
>> (hint: ChromeOS has no way to protect you against such an attacker, so
>> no, it isn't safe to use everywhere or perhaps anywhere depending on
>> your trust of the local network).
> Again, depending on your threat model. Who said "everywhere" or "anywhere
> for everyone?"
I don't agree at all. I see that there is a larger context here where
even non-activists have to deal with transitive risks. That is to say -
my friend doesn't have the same security concerns or politics as I do
but they still shouldn't bareback with the internet as we're connected.
The local network is a huge threat and a personal threat model might be
non-existent, I find that to be irrelevant when we speak of society as a
whole, or even of a small group of activists.
>>> It seems like you are being needlessly confrontational or outright
>>> the quite reasonable counter arguments to various linux
>>> etc etc being made here.
>> Most of arguments I've heard here boil down to privileged wealthy people
>> complaining that learning and mutual aid or solidarity is simply too
>> hard. The worst is when people who train people in risky situations make
>> those kinds of statements.
> LOL. I'm, frankly, quite offended if you are indeed suggesting that I am
> making those statements.
I'm sorry if you feel offended by what I've said. I feel quite strongly
that the people doing trainings are the ones who should set the positive
example. Or at least, if they set a negative example, they should do so
with open eyes in a declarative manner. I don't really see that
happening in this thread.
> Also, remember that I'm currently involved in developing what is probably
> the first FOSS(FLOSS?) tool for mobile multimedia reporting that is built
> on secure-by-design principles.
I support your efforts, just as I support OpenWatch. That doesn't change
that corporate controlled laptops include a bunch of trade-offs that are
hard for people to understand.
> Why? because traveling to various risky places and training people in
> person will never ever scale, and is in fact potentially dangerous for the
> trainees. Instead we're developing a tool to help them learn on their own
> and at a distance, and that will give them relevant pointers on-the-job,
> oh, and publishes to the YouTube API with resumable upload over Tor. So
> yeah, we are thinking about this stuff from a user-first perspective and
> not a "privileged wealthy people" perspective.
I applaud you for this work and I can't wait to use it myself. I do hope
it is obvious that Android phones are actually a sign of wealth though.
> What even counts as wealthy? should we get into class and privilege debates
> here? That seems like something no one ever ever wins.
In my view for this discussion, wealth and privilege boil down to
autonomy - we get to choose between a chromebook, a thinkpad, a macbook,
etc. If we're making that choice, we should make a choice where the
hardware and the software really respects the freedoms that a user
wants, needs and without such respect, it will otherwise harm them.
While in Burma recently, I met a man who was sentenced to fifteen years
in prison for receiving an email with a political cartoon. He served
four years (!) hard labor before being released. The State took him,
forced him to give up his gmail password and then charged him under
their anti-hacking laws.
So, what is privilege? In this context, it is the notion that there is a
threat model where nothing will harm you, as you are afforded some kind
of innocence. I mean, it took me some time to really wrap my head around
his case; in the end, he believes the government itself sent the email
to set him up! So, imagine saying, "oh yeah, that is out of scope for my
threat model" to someone like him?
>> It's frankly, really and seriously embarrassing.
> Yep, it would be seriously embarassing if it was accurate or relevant,
> luckily for us all, its not!
We probably disagree. I thought we were debating the merits of a
chromebook for a risky situation, something that I find well,
questionable at the time and certainly questionable in how we're
evaluating the so-called risk.
All the best,
More information about the liberationtech