Kyle Rankin

Chief Security Officer
PGP ID: 0xB9EF770D6EFE360F
Fingerprint: 0DFE 2A03 7FEF B6BF C56F73C5 B9EF 770D 6EFE 360F
Librem Social

Latest posts by Kyle Rankin (see all)

A Brief History Lesson

There is a saying “A man’s home is his castle” that derives from an even older British saying “an Englishman’s home is his castle” from hundreds of years before. Putting aside the history of male and female ownership of property for the past few hundred years, this statement came about as a matter of common law in the 17th century that enforced the right that no one–even the King–may enter a British person’s home without their invitation. As stated famously by Prime Minister William Pitt in 1763:

“The poorest man may in his cottage bid defiance to all the forces of the crown. It may be frail – its roof may shake – the wind may blow through it – the storm may enter – the rain may enter – but the King of England cannot enter.”

This right influenced the United States founding fathers and became a right against unreasonable search and seizure enshrined in the fourth amendment in the US Bill of Rights.

Ultimately this statement is one about personal sovereignty over your property: that you should be able to control what happens with your property, should be able to control who is allowed to enter it, and should be allowed to defend it from intrusion.

Your Phone Is Your Castle

If your home is your physical castle, your phone is your digital castle. More than any other computer, your phone has become the most personal of personal computers and holds the most sensitive digital property a person has, including:

  • Detailed contact lists of friends and colleagues
  • The contents of private communications
  • Personal photos (sometimes including very intimate ones)
  • Personal files (sometimes including financial documents)
  • Health and biometric information (sometimes including personal heart rate, blood pressure and exercise regiment)
  • Passwords to online accounts
  • Often even a database (if not multiple databases) of everywhere the phone has (and therefore you have) been.

So to extend the metaphor, if your phone is your digital castle, it means you should be able to control what happens with it, who is allowed to enter it, and should be allowed to defend it from intrusion.

Well, Maybe Not Your Phone

The unfortunate fact is, for most of the people reading this article, your phone is not your castle. In many ways, your phone isn’t yours at all, at least if we are using these same traditional definitions of property. Instead, you happen to live in a castle owned by your phone’s vendor. It’s Apple or Google, not you, who decides what is allowed to enter the castle, and what happens inside its walls. They are the ones who are allowed to defend it from intrusion, and more importantly they are the ones who define what counts as intrusion to begin with. Your phone is their castle, you just happen to live inside their walls subject to their rules.

The recent epic battle between Apple and Epic over the tariff Apple charges for merchants to sell goods inside the castle walls illustrates how Apple markets their castle’s defenses as protecting the castle residents when in reality it’s about controlling all that goes on inside the castle.

If you haven’t been following the case, Epic is objecting to the 30% cut of their revenue that Apple gets from processing payments within the App Store. Epic has added an alternate payment processor within their popular game Fortnite that competes with Apple’s App Store payment processor by charging a lower price for purchases made through the game since Epic avoids Apple’s 30% processing fee. Apple has responded by threatening to remove Epic’s software from the App Store as well as revoking their ability to use Apple’s development infrastructure.

A customer can only install apps that are in the App Store, so by removing Epic’s app from the App Store, Apple removes them from the full iOS ecosystem. Customers who own iPhones and who have paid for and installed Fortnite would then have the application removed from their phones. In a court filing, Apple argues that the requirement that customers may only install software through the App Store is needed “for security and privacy.”

There is some truth to this statement. Because iOS software, backed by iPhone hardware, actively prevents a customer from installing any software on an iPhone outside of the App Store, it does also prevent attackers from installing malicious software. Because the App Store has rules about how applications (outside of their own) can access customer data, if Apple discovers a competitor like Google or Facebook is violating its privacy rules it can remotely remove their software from iPhones, even internal corporate versions of software owned by Google or Facebook employees.

In all of these examples, though, the “security and privacy” of customers happens to also coincide with restricting a competitor. While Apple markets themselves as welcoming competition on the App Store, Apple has a long history of resisting competition with their own products from the App Store such as when it banned parental control apps around the same time it released its own, only to remove the ban a few months later after its own app had sufficient market share.

I should note that Apple isn’t the only company that does this, it’s just that their control is a bit more advanced than Google’s. In my Consent Matters series I elaborate on a number of different companies that take remote control of customer computers including the now-famous example where Google was forced by the US Government to remove Huawei’s ability to update Android on their own hardware. Huawei has since responded by building their own OS so they have control over their own castle (and subjects).

Well, Maybe Not Their Castle

If you live inside a strong, secure fortification where someone else writes the rules, decides who can enter, can force anyone to leave, decides what things you’re allowed to have, and can take things away if they decide it’s contraband, are you living in a castle or a prison? There is a reason that bypassing phone security so you can install your own software is called jailbreaking.

These companies have built very sophisticated and secure defenses all in the name of protecting you from the world outside their walls, yet in reality the walls are designed to keep you inside much more than they are designed to keep attackers out. The security community often gets so excited about the sophistication of these defenses backed by secure enclaves and strong cryptography that their singular focus on what those defenses mean for attackers blinds them from thinking about what they mean for everyone else.

The biggest threat to most people ends up not being from uninvited hackers, it’s from the apps Apple and Google do invite in that capture and sell your data. This has resulted in a multi-billion-dollar app ecosystem built around capturing and selling your data. If Apple or Google let someone in you didn’t invite, whether through pre-installed applications or new features embedded in an OS update, you can’t tell them to leave. Your security and privacy aren’t really protected inside these walls because the main point of these security measures is to enforce control, security against attackers and protecting your privacy is mostly marketing spin.

Make Your Phone Your Castle

It doesn’t have to be this way. We believe your phone should be your castle and that you should be in control of your own computer, not us and not any other vendor. This doesn’t mean sacrificing security or privacy, on the contrary it means putting your security and privacy in your own hands by building a strong foundation of trustworthy free software anyone can audit, while rejecting security measures that build a stronger cage around you than attackers. It means controlling your hardware with hardware kill switches so you can disable your camera and microphone, your WiFi and Bluetooth, and even your cellular modem and all of the sensors on your phone and know they are truly off.

You should decide which software is allowed on your system, not Purism. While other vendors often are paid to bundle third-party applications you aren’t allowed to remove, all of the software on the Librem 5 including pre-installed software is fully under your control. There’s no “rooting” or “jailbreaking” required to install or remove the software of your choice or even to install a different OS. While we will provide you with a list of trusted, curated free software in our PureOS Store, if you want to invite some other software into your home, even software that violates Purism’s Social Purpose, you can.

The current phone market is centered on vendor control and is only getting worse with each iteration and advancement. We had to design and build the Librem 5 from scratch, because no other combination of hardware and software on the market met our high standards for freedom, security, privacy, and user control. What we have built with the Librem 5 is a phone that works the way your most personal of personal computers should work–your own digital castle where you can store your most sensitive digital property, control what happens with it, and decide who’s invited in.

Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the-people stand up for our digital rights, where we place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

Recent Posts

Related Content

Tags