[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Indirect Tor question



>> I'm wondering about any and all similar tor-based systems wherein there
>> is ANY portion that is not opensource.
>
> Scrutiny is a good thing. I suggest using the vrms tool to find non-free
> software. [10] [11] Parts of this non-free software may come without
> source code being available. From a quick curious look into the Tails
> source code greping for "nonfree", I found "firmware-linux-nonfree".
>
> There may be more good reasons to add such packages than against adding
> such packages. (Because not adding those may result in such poor
> hardware support, that there aren't enough users in the first place to
> even theoretically provide anonymity.)

...

>
> The development version of Whonix (we'll probably make a new release
> soon) includes a check using vrms (while building from source code),
> which provides safety against installing non-free software.
>
> (Tails aiming to be run on hardware may not be so easily be able to drop
> all non-free packages. It's much easier for Whonix when aiming at
> Virtual Machines - I am not saying this solves the problem - it leaves
> the user alone with the decision to install such non-free packages on
> the host.)


I don't usually chime in on the Tor-talk list although my company is
following Tor / supporting Tor / Tails, etc. We have been working with the
FSF and other entities to improve the availability of free software
friendly hardware and get the companies designing various pieces to
release the complete set of code. It's a lot of work. Check out
fsf.org/ryf.

In any case I thought I'd chime in because it's what I work on.

In any case while you won't find a 100% free x86 system you can avoid
dependence on most non-free firmware. ThinkPenguin (I'm the founder & CEO)
has a catalog of hardware of which 100% of the catalog is compatible with
100% free distributions. That is all core features should work on any
device / system (wireless, sound, ethernet, USB, graphics, etc) without
any non-free firmware. The BIOS in the laptops and desktops are non-free
and there is undoubtedly non-free microcode all over the place (probably
the biggest problem that is unknown to the masses which needs solving).

The solution to the hardware problem is to focus on increasing demand for
free software friendly hardware and using that demand to get concessions
from the large cooperations designing the chipsets. I'm not a big fan of
reverse engineering and feel it is in large part a loosing battle. RMS
sparked my attention at 2013 LibrePlanet with a speech he gave. He talked
about the difficulties of reverse engineering and the need for the
community to design hardware from scratch (essentially). It may seem
unrealistic right now due to cost, the lack of expertise, and how far
behind anything would be once it reached the market although I think the
only thing really holding such projects back is a scattered community. We
have this community that hasn't shown it's willing to put its money where
its mouth is. People too concerned about saving a dollar here or there.
Fortunately there is a whole large set of new and less tech savvy users
who care getting on board all the time. They aren't afraid to spend a
little extra. I think from that such challenges may be overcome. If there
is any hope it probably lies with them.

What I'd still like to see is more people thinking about how we can get
more people concerned about free software friendly hardware (and software;
ie Adobe Flash, etc). Right now most companies advertising "Linux"
compatible hardware I'd advise avoiding. The ones who aren't advertising
it seem to be more in tune with cooperating on the release of code (HP is
a good example; great job on code releases, but never advertise Linux /
GNU on the package). Good PR doesn't make up for the lack of code either
(NVIDIA/AMD w ATI).

What is extremely disappointing to me is that some of our smaller
competitors aren't helping the situation any. There are things they could
do easily and aren't. For instance shipping with free software friendly
wifi cards. Even if your going to offer systems with a non-free dependent
graphics chip (because of performance advantages) there is no reason you
can't ship with a free software friendly wifi card.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk