From 42051d96c59e86e22ed45177c47e5e483af5b40a Mon Sep 17 00:00:00 2001
From: inference <admin@inferencium.net>
Date: Tue, 20 Dec 2022 02:18:00 +0000
Subject: [PATCH] Update filenames to new file naming system.

---
 blog/foss_is_working_against_itself.html | 168 +++++++++++++++++++++++
 1 file changed, 168 insertions(+)
 create mode 100644 blog/foss_is_working_against_itself.html

diff --git a/blog/foss_is_working_against_itself.html b/blog/foss_is_working_against_itself.html
new file mode 100644
index 0000000..6835e43
--- /dev/null
+++ b/blog/foss_is_working_against_itself.html
@@ -0,0 +1,168 @@
+<!DOCTYPE html>
+
+<!-- Inferencium - Website - Blog - #0 -->
+
+<!-- Copyright 2022 Inference -->
+<!-- License: BSD 3-Clause Clear (with personal content exception) -->
+
+<!-- 0.2.2.4 -->
+
+
+<html>
+
+<head>
+		<title>Inferencium - Blog - FOSS is Working Against Itself</title>
+		<link rel="stylesheet" href="../inf.css">
+</head>
+
+<!-- Navigation bar. -->
+<div class="sidebar">
+		<img src="../img/logo-inferencium-no_text.png"
+		width="110px" height="110px">
+		<a class="title">Inferencium</a><br>
+		<br>
+		<br>
+		<div><a href="../about.html">About</a></div>
+		<div><a href="../contact.html">Contact</a></div>
+		<div><a href="../blog.html">Blog</a></div>
+		<div><a href="../source.html">Source</a></div>
+</div>
+
+<body>
+<h1>Blog - #0</h1>
+<br>
+<h2>FOSS is Working Against Itself</h2>
+<br>
+<p>Posted: 2022-01-27 (UTC+00:00)</p>
+<p>Updated: 2022-11-09 (UTC+00:00)</p>
+<br>
+
+<h4>Introduction</h4>
+<p>The world has become a dangerous, privacy invading, human rights stripping, totalitarian place;
+in order to combat this, people are joining a growing, and dangerous, trend, which I will refer to
+in this post as the "Free and Open Source (FOSS) movement". With that stated, I will now debunk the
+misinformation being spread inside of this extremely flawed movement.</p>
+<br>
+<p>The
+<a class="body-link" href="https://en.wikipedia.org/wiki/Free_software"
+>FOSS</a> movement is an attempt to regain
+<a class="body-link" href="https://en.wikipedia.org/wiki/Privacy"
+>privacy</a> and
+<a class="body-link" href="https://en.wikipedia.org/wiki/Control_(psychology)"
+>control</a> over our devices and data, but the entire concept of FOSS-only, at the current time, is
+severely, and dangerously, flawed. What the FOSS community does not seem to understand is the fact
+that most FOSS software cares not about
+<a class="body-link" href="https://en.wikipedia.org/wiki/Security"
+>security</a>.
+"Security"; keep that word in mind as you progress through this article. What is security? Security
+is being safe and secure from adversaries and unwanted consequences; security protects our rights
+and allows us to protect ourselves. Without security, we have no protection, and without protection,
+we have a lack of certainty of everything else, including privacy and control, which is what the
+FOSS movement is seeking.</p>
+<br>
+<p>FOSS projects rarely take security into account; they simply look at the surface level, rather
+than the actual
+<a class="body-link" href="https://en.wikipedia.org/wiki/Root_cause_analysis"
+>root cause</a> of the issues they are attempting to fight against. In this case, the focus is on
+privacy and control. Without security mechanisms to protect the privacy features and the ability to
+control your devices and data, it can be stripped away as if it never existed in the first place,
+which, inevitably, leads us back to the beginning, and the cycle repeats. With this
+<a class="body-link" href="https://en.wikipedia.org/wiki/Ideology"
+>ideology</a>, privacy and control will *never* be achieved. There is no foundation to build privacy
+or control upon. It is impossible to build a solid, freedom respecting platform on this model.</p>
+<br>
+<h4>Example: Smartphones</h4>
+<p>A FOSS phone, especially so-called
+<a class="body-link" href="https://en.wikipedia.org/wiki/Linux_for_mobile_devices#Smartphones"
+>"Linux phones"</a> are completely
+detrimental to privacy and control, because they do not have the security necessary to enforce that
+privacy.
+<a class="body-link" href="https://en.wikipedia.org/wiki/Bootloader_unlocking"
+>Unlocked bootloaders</a> prevent the device from
+<a class="body-link" href="https://source.android.com/docs/security/features/verifiedboot/"
+>verifying the integrity of the boot chain</a>, including the OS, meaning any adversary, whether a
+stranger who happens to pick up the device, or a big tech or government entity, can simply inject
+malicious code into your software and you wouldn't have any idea it was there. If that's not enough
+of a backdoor for you to reconsider your position, how about the trivial
+<a class="body-link" href="https://en.wikipedia.org/wiki/Evil_maid_attack"
+>evil maid</a> and data extraction attacks which could be executed on your device, without coercion?
+With Android phones, this is bad enough to completely break the privacy and control the FOSS
+movement seeks, but "Linux phones" take it a step further by implementing barely any security, if
+any at all.
+<a class="body-link" href="https://en.wikipedia.org/wiki/Privilege_escalation"
+>Privilege escalation</a> is trivial to achieve on any Linux system, which is the reason Linux
+<a class="body-link" href="https://en.wikipedia.org/wiki/Hardening_(computing)"
+>hardening</a> strategies often include restricting access to the root account; if you
+<a class="body-link" href="https://en.wikipedia.org/wiki/Rooting_(Android)"
+>root your Android phone</a>, or use a "Linux phone", you've already destroyed the security model,
+and thus privacy and control model you were attempting to achieve. Not only are these side effects
+of FOSS, so is the absolutely illogical restriction of not being able to, or making it unnecessarily
+difficult to, install and update critical components of the system, such as proprietary
+<a class="body-link" href="https://en.wikipedia.org/wiki/Firmware"
+>firmware</a>, which just so happens to be almost all of them. "Linux phones" are not as free as
+they proclaim to be.</p>
+<br>
+<p>You may ask "What's so bad about using
+<a class="body-link" href="https://lineageos.org/"
+>LineageOS</a>?", to which I answer with "What's not bad about it?".<br>
+<br>
+- LineageOS uses
+<a class="body-link" href="https://github.com/LineageOS/hudson/blob/master/lineage-build-targets"
+>debug builds</a>, not safe and secure release builds.<br>
+- LineageOS requires an unlocked bootloader. Even when installed on devices which support custom
+Android Verified Boot (AVB) keys, the bootloader cannot be locked due to lack of the OS being
+signed.<br>
+- LineageOS does not install critically important firmware without manual flashing, requiring users
+to perform a second update to install this firmware; this likely causes users to ignore the
+notification or miss firmware updates.<br>
+- LineageOS does not implement
+<a class="body-link" href="https://source.android.com/docs/security/features/verifiedboot/
+verified-boot#rollback-protection"
+>rollback protection</a>, meaning any adversary, from a stranger who physically picks up the device,
+to a goverment entity remotely, can simply downgrade the OS to a previous version in order to
+exploit known
+<a class="body-link" href="https://en.wikipedia.org/wiki/Vulnerability_(computing)"
+>security vulnerabilities</a>.<br>
+<br>
+LineageOS is not the only Android OS (commonly, and incorrectly, referred to as a "ROM") with such
+issues, but it is one of the worst. The only things such insecure OSes can provide you are
+customisation abilities, and a backdoor to your data. They are best suited as a development OS, not
+a production OS.</p>
+<br>
+<h4>Solution</h4>
+<p>What can you do about this? The answer is simple; however, it does require you to use logic,
+fact, and evidence, not emotion, which is a difficult pill for most people to swallow. Use your
+adversaries' weapons against them. The only way to effectively combat the privacy invasion and lack
+of control of our devices and data is to become a
+<a class="body-link" href="https://en.wikipedia.org/wiki/Turncoat"
+>renegade</a> and not take sides. Yes, that means not taking sides with the closed source,
+proprietary, big tech and government entities, but it also means not taking sides with any
+FOSS entities. The only way to win this war is to take *whatever* hardware and software you can, and
+use it tactically.</p>
+<br>
+<p>The only solution for phone security, privacy, and control, is to use a Google Pixel (currently,
+Pixel 4a-series or newer) running
+<a class="body-link" href="https://grapheneos.org/"
+>GrapheneOS</a>. Google Pixel phones allow you complete bootloader freedom, including the
+<a class="body-link" href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later"
+>ability to lock the bootloader after flashing a custom OS</a>
+(GrapheneOS includes a custom OS signing key to allow locking the bootloader and enabling verified
+boot to prevent
+<a class="body-link" href="https://en.wikipedia.org/wiki/Malware"
+>malware</a> persistence, evil maid attacks, and boot chain
+<a class="body-link" href="https://en.wikipedia.org/wiki/Data_corruption"
+>corruption</a>),
+<a class="body-link" href="https://support.google.com/nexus/answer/4457705"
+>long device support lifecycles</a> (minimum 3 years for Pixel 4a-series to Pixel 5a, minimum 5
+years for Pixel 6-series and newer), and
+<a class="body-link" href="https://source.android.com/docs/security/bulletin/pixel/"
+>guaranteed monthly security updates</a> for the entire support timeframe of the devices.</p>
+<br>
+<h4>Conclusion</h4>
+<p>Use what you can, and do what you can. By neglecting security, you are, even if unintentionally,
+neglecting exactly what you are trying to gain; privacy and control.</p>
+<br>
+<br>
+</body>
+
+</html>