This document is a first step to nudge the mainstream discourse around fundamental digital rights for all Users.
Feedback welcome via pull request, Urbit (~datder-sonnet), Twitter (@tholford0), or email (info at tholf dot org).
- Users are free to encrypt any data or information with any algorithm
- Users cannot be compelled to share keys with a third party, or use a backdoored algorithm
Encryption is the fundamental backbone of the modern Web. It allows for myriad use cases including secure communication, online banking and e-commerce, and cryptocurrency. Nation state actors have attempted to covertly insert backdoors into standardized algorithms1, and government regulators have attempted to compel Users to install decryption devices2. Unencrypted or weakly encrypted information poses a threat to Users' security as well as their privacy.
- Users are free to execute any binary or executable on their own hardware, or virtual devices under their control (e.g, Virtual Private Servers in the cloud)
- Users cannot be compelled to uninstall, shutdown or modify the execution of any program. Similarly, Users cannot be compelled to install or execute a program.
Centralized app stores operated by both Apple and Google have "pulled" apps previously purchased by users3. Governments have passed regulation that proscribe infrastructure providers from operating privacy-preserving technology such as Tor or VPNs4. In the future, other software may also potentially be banned - e.g., Bitcoin nodes or Urbit personal servers. Further, in the past Users have been compelled to run insecure software (for example, a certain government required usage of Internet Explorer with a bespoke ActiveX plugin for many years5.)
- Users are free to repair, modify, or upgrade their own hardware
- Users are free to remove, uninstall, or disable trackers, keyloggers, and backdoors
Device manufacturers use restrictive terms of service and unfriendly hardware designed to prevent users from repairing or modifying their devices. This practice leads to increased cost, waste and over-dependence on such manufacturers. Further, Users can remove backdoors that are preinstalled on modern CPUs6 and 5G hardware7.
- Users of centralized providers such as Gmail or iCloud are free to export their data
- Users are free to import their data to use with other providers, or on onto their own self-hosted alternative
Centralized providers attempt to "lock in" their existing users by making it difficult to transfer their data to another service provider. Users become involuntarily bound to such providers. Ultimately, this leads to consolidation and eventual monopolization, and is a key factor in the rise of Big Tech8. With healthcare data, where such lock in can have serious health or financial consequences, significant measures are being made to ensure patients have access to their own health data9]. User's general data should be no less protected.
Footnotes
-
https://www.atlasobscura.com/articles/a-brief-history-of-the-nsa-attempting-to-insert-backdoors-into-encrypted-data ↩
-
https://appleinsider.com/articles/22/04/24/apple-warns-developers-it-will-pull-apps-without-recent-updates-from-the-app-store ↩
-
https://www.bleepingcomputer.com/news/government/russia-passes-bill-banning-proxies-tor-and-vpns/ ↩
-
https://en.wikipedia.org/wiki/Web_compatibility_issues_in_South_Korea ↩
-
https://en.wikipedia.org/wiki/Intel_Management_Engine#Assertions_that_ME_is_a_backdoor ↩
-
https://www.cnet.com/tech/mobile/us-finds-huawei-has-backdoor-access-to-mobile-networks-globally-report-says/ ↩
-
https://locusmag.com/2021/07/cory-doctorow-tech-monopolies-and-the-insufficient-necessity-of-interoperability/ ↩
-
https://public3.pagefreezer.com/content/HHS.gov/31-12-2020T08:51/https://www.hhs.gov/about/news/2020/12/10/hhs-proposes-modifications-hipaa-privacy-rule-empower-patients-improve-coordinated-care-reduce-regulatory-burdens.html ↩