Binary Blobs and You

What is a blob?

Not that kind of blob.

For the sake of the context we are in, a “blob” is a file of proprietary binary code provided from a corporation, without source code, that is needed to power certain chips on a computer (it could be firmware, hardware microcode, etc.). It is a form of proprietary (non-Free) software. Therefore, binary blobs are “mystery software”, places in the computer where the system is doing something secret—where you have no way to know what it is doing, and no way to stop it. It is the place where spyware and malware can—and will—run, without your knowledge.

Let’s nuance a bit, though: binary packages are not inherently problematic if source code is available:

  1. All computers ship with many thousands of compiled binaries. That’s just how most software works efficiently on hardware.
  2. Binaries are computer code that cannot be read by humans. It’s essentially a big pile of “ones” and “zeroes”.
  3. All binaries originate from compiled source code.

It is the public availability of the source code that is the important part. If you don’t have it, you’re in trouble.

Why does it matter?

If people have access to the source code, they can compile their own binaries, but more importantly they can inspect the code to verify it does what it should. People cannot inspect or troubleshoot a binary completely, they need the source code to properly verify—with absolute certainty—that the software protects your privacy, security, and freedom.

All proprietary software and operating systems are provided as binaries without source code. Therefore all proprietary software and operating systems cannot be verified to protect your rights to privacy, security, and freedom. MacOS, iOS, Android and Windows all ship binaries for which the source code is not provided, so there is no way to verify that the software provided by their parent corporations truly protects your privacy, security, and freedom.

Even if they are “part” of an open-source program, blobs are no less dangerous. That is why such occurrences are considered “tainted” open-source software.

Beyond privacy and security concerns, troubleshooting bugs in proprietary binaries (and “tainted” open-source software) is nearly impossible. Prominent Linux kernel developers have made an official statement to that effect.

Purism provides the source code to all the software—from the bootloader (GRUB), kernel (Linux), operating system (PureOS), to individual software applications in PureOS—and does not include any binary blobs in any of them. People can safely verify every single line of code.

Want to learn more? Check out our related articles.