Walled gardens, walled spyware

Steve Jobs justified the “walled garden” approach of the IPhone’s App Store by saying that it provided freedom, freedom from spam, freedom from viruses, freedom from porn. In theory, he had a point about viruses. In theory, if all apps are properly vetted, we would never get a virus on our phone. Whether that’s true in practice is matter of debate. But if Julian Assange is correct, the walled gardens allow for something even more ominous, spyware installed with the consent of the walled garden owner, such as spyware in Apple’s iTune. This is even worse that installing logging spyware for the carriers’ benefit, as did CarrierIQ. With the walled garden, we may not get regular spyware in theory, we just get walled spyware in practice.

Of course, there are probably layers of indirections that provide plausible deniability to the walled garden operators. Maybe they are not actually installing the spyware themselves. It seems that the various spy agencies are perfectly capable of planting a virus on somebody’s PC or phone, without asking anything like a judge’s permission or a search warrant. So maybe the walled garden operators do not install the spyware themselves. Maybe they just left the door open. Maybe they just forgot to fix a bug here or there.

I worked on Windows long enough to understand that eradicating all security bugs in a complex product is very hard, almost impossible. We were using all kinds of tools to improve the software quality, from manual testing to automated code analysis, stress tests, fuzz tests and many more. Our software quality improved dramatically, but we would still hear of bugs found after the code was realized. I have thus a hard time believing that the walled gardens are perfect. They may well adequately protect their operators’ businesses, ensuring that the services generate enough revenues. But the average smart phone software cannot possibly be completely free of bugs, and we can be sure that hackers and spy agencies will indeed find these bugs.

The spread of viruses may well be a consequence of the openness of the PC, but the same openness also enables us to install all kinds of security products. On a PC, I can install a variety of anti-virus and other spyware detection tools. I can reinstall the software as I see fit, or I can get it reinstalled by a technician whom I trust. On a walled phone, on a walled tablet, no such luck. I will only get the software that is approved by the walled garden operators.

As Benjamin Franklin said, “They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.” Well, they who accept the walled gardens to obtain a little safety will get neither liberty nor safety!


About Christian Huitema

I have been developing Internet protocols and applications for about 30 years. I love to see how the Internet has grown and the applications it enabled. Let's keep it open!
This entry was posted in Uncategorized. Bookmark the permalink.

One Response to Walled gardens, walled spyware

  1. Kurt says:

    I’m amazed, I must say. Seldom do I encounter a blog that’s both equally educative and interesting, and without a doubt, you have hit the nail on the head.
    The problem is something too few folks are
    speaking intelligently about. Now i’m very happy I stumbled across this in my hunt for something regarding this.

Leave a Reply to Kurt Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s