There have been numerous incidents involving Apple products and their closed source software which raises concerns about the dangers, risks and security issues of using proprietary software. According to Reuters’ recent article, a spying software was used to gain access to iPhones by simply sending the target device a text message:
“A team of former U.S. government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma.”
As an ongoing operation since 2016, the spying tool was used to extract “photos, emails, text messages and location information” as well as “saved passwords”. Since then, Apple has updated their software several times which has made the tool become “less effective”.
One of the issues with centralized, closed source proprietary software is that vulnerabilities must be acknowledged and patched by the original developers, or in this case, by Apple Inc. Take for example the incident surrounding Apple’s FaceTime bug which allowed iPhone users to eavesdrop on other people without their knowledge. As reported by CNET:
“The bug allows iPhone users to call another device via the FaceTime video chat service and hear audio on the other end before the recipient has answered the call. That is, it can turn any iPhone into a hot mic without the user’s knowledge.”
To make matters worse, this bug was not found by Apple, it was as allegedly spotted by a 14-year-old. Though, despite his mother doing her best to report the bug to Apple via email and social media pages, she was unable to get their attention.
It seems that even if the security flaws are found and patched, Apple has on occasion failed to document them in their updates. As a result, people may not understand the importance of a certain update. As reported by ZDNet:
“Google’s Project Zero once again calling Apple out for fixing iOS and macOS security flaws without documenting them in public security advisories… The absence of information about them [issues] is a “disincentive” for iOS users to patch…”
Problems with closed, centralized development
In the case of proprietary software, whether it be Windows, Apple, Amazon or otherwise, the sole responsibility of fixing bugs or making sure the system is secure falls on the company.
If you do not have the transparency offered by open source software – for anyone to review the code – then you have to believe that the company and its development team have done their best to keep you safe. Though mentioned incidents point to the contrary.
To get a better understanding of why closed source software is risky, consider the following: imagine the very fabrics of life itself. The human body and our genome, our cellular and neurological structures. So much of our advancements are dependent on our ability to review our own source code – as well as other species, plants and so on. A closed system defies the principles of nature.
Whether we imagine closed systems using an analogy of nature or the centralized financial system, the path leads to one point. Which is that, if you have a closed system with no respect for transparency, which cannot be audited, tested, and reviewed by anyone in the world wishing to do so, then you will run into issues. Issues such as the Amazon Alexa device “mistakenly” sending over 1700 voice recordings to the wrong person.
Importance of open, free software
Let us consider what would have happened if Apple was an open source software or project. First, you would not need to wait for the main developers to patch the issue. You could review the code, make changes and update them as you wish. You could also submit the change to the project’s repository – GitHub or GitLab – and if accepted, the updated code would be implemented for all people to benefit from.
You wouldn’t need a resume or an interview to see if you are worthy to contribute. You would be judged based on your work. You could be a 10-year-old living in the Arctics, it would not matter.
As for the reporting of bugs in an open source environment, you can use the available social media channels, messaging platforms or the repository management system to directly reach the main development team. A common practice within open source communities, whether it is involving public blockchains or open source software and projects.
Such communities are openly available for collaboration, suggestions or participation via an array of social platforms – such as Telegram, Slack, Discord and IRC. This is why they are so powerful, adaptable and robust.
Moving toward open societies
Richard Stallman – a renowned programmer considered by many as the founding father of free software – has spent most of his life in educating people on the importance of free software. Though we must note, out of respect for his work, that even open source software falls short of his requirements.
One of the reasons is that software can be open source, although the code could be copyrighted and may not respect the end users freedom and liberties. As pointed out on his website, “open source is a development methodology; free software is a social movement.”
When we consider the number of devices we are surrounded with, we may start to notice the vast amounts of information which we willingly entrust to them. Edward Snowden did a great job in helping shed some light on such risks, though unfortunately, many people are yet to fully grasp the importance of being aware in a digital era.
Centralized systems are on a self-destruction path due to the growing number of security issues and hacks. Furthermore, we are seeing rapid growth in the sharing economy, public blockchains such as Bitcoin and Monero, as well as easy to use free software.
We can make small changes that make a big difference. For example, moving away from proprietary software such as Microsoft Windows or Apple’s iOS and replacing them with free GNU/Linux based systems such as Ubuntu. As for our devices, companies such as Purism are working hard to produce products – laptops and mobile phones – that protect our privacy and security rather than “exploit them”. Richard Stallman in the GNU Project wisely outlines:
“With free software, the users control the program, both individually and collectively. So they control what their computers do… With proprietary software, the program controls the users, and some other entity (the developer or “owner”) controls the program. So the proprietary program gives its developer power over its users. That is unjust in itself; moreover, it tempts the developer to mistreat the users in other ways.
Even when proprietary software isn’t downright malicious, its developers have an incentive to make it addictive, controlling and manipulative… Freedom means having control over your own life. If you use a program to carry out activities in your life, your freedom depends on your having control over the program. You deserve to have control over the programs you use, and all the more so when you use them for something important in your life.”