Free Software and Security under the #NSA

Anyone claiming Free Software “does not magically make things more secure – never has, never will” without explaining how you’re so much better off at securing yourself is using truths to lie to you.

Here’s an example:

Explicit truth: it doesn’t “magically make things more secure
Hidden truth: it technically and scientifically does by exposure to peer review and the scientific method, the end results have definitely been proved more secure in average than the proprietary “alternatives”
Hidden lie: “never has, never will” It’s just piggy backing on the explicit truth in order to hide (using a true statement) that in average it does and that you’re better off.

So, if someone is lying to you so straight faced, how can you trust that person when he’s been claiming badBIOS is a myth?

The fact is it is possible, it’s installed code running on chips and it can be updated. Didn’t he himself just say that all software has security bugs when he told that being Free Software doesn’t “magically make things more secure“?

So why couldn’t these computers be compromised in such ways? In fact the NSA backdoor catalogue explicitly details BIOS level security compromises and implants! Go read this list, specially the BIOS level attacks then think for yourself upon badBIOS rather than trust people who tell you “no, that’s not it” or “just conspiracy theories”.

Those people are lying to you and they have hired a lot of security people under their wing, so of course they’d use these hired high tech spooks in order to try to discredit you…

So go watch Jacob Applebaum’s talk at 30C3, To protect and infect, part 2, rather than believing someone calling him a conspiracy theorist.

He’s publishing these findings at a respectable newspaper (Der Spiegel), the other guy is just name calling.

Which one deserves more credit? You decide.

Me, I’ll be trusting Free Software security, if anything, these NSA scandals have proven my reason, and sure they could try to insert backdoors in Free Software, but tell me, how easily can you put a backdoor where anyone can see?

Not. Easily. Not at all.

What about when most people are blinded except from the builders?


Here’s an example, from Jacob’s talk: Jake tells about those little USB dongles that randomly move your mouse in order to prevent the screensaver from launching… you know what Systemd now does when it finds one? Automatically locks the screen. What do Windows or MacOS do?

Riiight… you guessed it, move the mouse and prevent the screensaver from launching.

I’ll be using Free Software and so should you, but you’re your own boss.

You can choose a greater likelihood of being infected.

2 Replies to “Free Software and Security under the #NSA”

  1. Hello Rui,

    I’d argue that software freedom is an absolutely *necessary* condition for security, but it’s nowhere near enough. In particular, one can make an argument that source code availability helps attackers and defenders roughly equally [1]. That being said, I stake my trust on free software, because this way I’m sure no vendor is going to put *his* interests ahead of his customers’ (trusted computing, and other forms of DRM…).

    Another reason to use free software, from a totally different angle, is given by Cory Doctorow, here:

    [1] –

  2. I’d argue that Free Software is an absolute necessary condition (although not sufficient per se, alone), as with non Free Software you’re mostly bound to acts of faith.

    There are some exceptions where you can access the code even though it’s not Free Software, but they’re exceptions rather than the rule.

Comments are closed.