FSF(Free Software Foundation) is bad for the Privacy and Security of the general public

The FSF has a disregard for user privacy and security of it’s users in general , promoting political propaganda rather than doing some actual good, which results in the creation of policies that would’ve made sense in the 80s, but actively harm users today to quite some extent, through recommending obsolescent equipment , insecure software and hardware and discouraging both good security practices in general. As a result of these policies, misconception about FOSS and Linux runs wild in the privacy and security community and more users are tricked into installing shitty insecure stuff in the name of “escaping the bonds of big tech”.

The normal Linux kernel is not recommended by the FSF, because it allows for the use of proprietary firmware with devices. Instead, they recommend Linux-libre, which disables support for proprietary firmware by ripping out code which allows for the firmware to be loaded on to devices. Libreboot, being FSF-recommended, also has this policy of disallowing firmware blobs in the source tree, despite it being a source of nothing but problems.

The end result is that users who deploy the FSF-recommended firmware and kernel wind up with varying degrees of broken configurations. Worse yet, the Linux-libre project removes warning messages which suggest a user may want to update their processor microcode to avoid Meltdown and Spectre security vulnerabilities.

While it is true that processor microcode is a proprietary blob, from a security and reliability point of view, there are two types of CPU: you can have a broken CPU, or a less broken CPU, and microcode updates are intended to give you a less broken CPU. This is particularly important because microcode updates fix real problems in the CPU, and Libreboot has patches which hack around problems caused by deficient microcode burned into the CPU at manufacturing time, since it’s not allowed to update the microcode at early boot time.

There is also a common misconception about the capabilities of processor microcode. Many of the people belonging to the Stallman cult likes to believe that microcode is capable of reprogramming the processor. In reality, the microcode is a series of hot patches to the instruction decode logic, which is largely part of a fixed function execution pipeline.

By discouraging (or outright inhibiting in the case of Linux-libre) end users to exercise their freedom to update their processor microcode, the FSF pursues a policy which leaves users at risk for vulnerabilities such as Meltdown and Spectre, which were partially mitigated through a microcode update.

1 Like

By FSF I assume you’re referring to the Free Software Foundation? Just looking to clarify for folks who may not be familiar.