How Nokia can takes away your freedom

Update 2008-04-29

It looks like currently the open signed offline methods are re-established again. But who knows for how long?

There simply is no way to "open signed offline" certificate.

As noted the "open signed online" methods are only valid for 3 years (and restricted to some UIDs), which is rather short, and therefor it is impracticable. It's unbearable to have an application in a phone which might cease to work while you are out in the field due to some irresponsibilities of a third party.

Yes, this applies to the installation process. You are abroad, have your own application on your memory card to install it on demand, and installation suddenly does no more work as the certificate ran out.

If somebody tells you that this shall be no problem, they lie. It already was a problem for billion $ companies like Microsoft and Verisign. So if even companies with "endless money" are not able to manage running out certificates, nobody is allowed to request from you that you keep oversight over all and each certificate!

Note that I expect in future that some people will die(!) because of running out certificates (like astronauts, where the communication to some equipment ceases to work in a field operation due to irresponsible time settings). This then is no fault of the one who forgot to extend the license. This is no fault of the died persons (even if they must have known the time limit). This also is no fault of the people programming the certificates. It's only and allone the fault of those companies, making money out of certificates.

So my request is that if any person on this planet is harmed due to a digital certificate (this means: Health, time or monetary), the managers must go to jail of the company, which did not allow to use a truly free certificate. This must be true in any such case. So only truly free certificates are allowed to escape from this rule!

This does not means, that you can gain money out of certificates. It only means, that you cannot charge for the certificate itself (if you place any restrictions like a price on the certificate, you are immediately fully responsible for anything which happens with the certificate).

Example 1: If somebody wants to be able to do revocation you can charge for this service. However this service is optional. The company who sold the revocation then is liable for this revocation to work. So if you lost the cert and everything else in a fire (this includes the revocation request), so all there is is your naked body and your word for it, then you still must be able to revoke the certificate. That's what you have paid for, that's what the company must allow you to do. If they fail, they are responsible what happens with the certificate from the time you requested the revocation and the company did not do so.

Example 2: If some manufacturer does only allow you to use a certificate with a revocation, and to get a certificate with a revocation you must pay to a trust center, this manufacturer(!) is guilty and liable to anything which happens to the certificate. This is because you were not able to use a truly free certificate. If the manufacturer does not want this, there are two ways: Either do not use certificates at all, or allow people to manage their own device to 100% with a truly free certificate.

If you think, this is nuts, think about following: Weapon manufacturers. I think, it would be right to those manufacturers, to be liable to anything which is done with their weapons to the owner of the weapon besides the owner's free will. So if the owner of the weapon is harmed through this weapon not willingly, then the weapon manufacturer must go to jail! Note that the manufacturer need not go to jail if the weapon is used for it's purpose, to kill other people or kill yourself. It's only for actions the weapon does without the user of the weapon is willing to do. Do you see the difference? Note that "owner" is the one who aims the weapon. So if somebody takes your weapon and shoots you, there is no problem, too. But if the weapon backfires, then there is a problem. This also is true if the weapon backfires on the burglar who uses your weapon against you. Note that if you are responsible for the weapon to backfire, then it's you who must go to jail, because you are responsible (like the manufacturer in Example 2).

The difference between certificates and weapons is, that certificates usually make sure that the owner does not change, while it is easy for a weapon to change the owner (just grab a weapon, and you own it).

And if you are puzzled, why I compare certificates with weapons: In a digital society certificates are weapons.

Old Text

I own an E51 smartphone. It is running Symbian S60 3rd Edition Feature Pack 1.

This smartphone does no more allow you to install .SIS files which are not cryptographically signed. Previously it was able for everbody to self-sign .SIS files, such that you were able to install them onto the Symbian platform.

However this was changed recently. So in future you will be charged if you want to install free software on your phone.

They will argue, that this what I write here is not true. However they lie. Effectivly it is exactly as written here.

Nokia is guilty choosing Symbian for their phones. They are therefor guilty to create devices which take away the freedom of the users, that means you. They will tell you, that the old process was too dangerous, so they had to change it. That is wrong. First, the process was not so bad, and second there would be many option to improve the process, but they decided to close it down as tight as possible (which does not improve security a lot, but it gives them the opportunity to charge more money).

Note that I know a method which even works better than code signing. It does not need code signing (but it needs a lot of cryptography). It keeps your freedom and allows for third party control (it would even give authors a way to control the spread of their works!). It even protects you better than virus scanners and would be able to get rid of them. However nobody is interested in such a method. They will say, it cannot be done this way, as nobody will pay for it. The opposite is true: If we would be able to get rid of all those wrongly designed workarounds (like Virus scanners, Personal firewalls etc.), there would be enough money to operate a security infrastructure which gives back control to the users (I do not think it would cost more than 10% of what is spent for security today). However nobody would be able to press money out of others (as this method even works in anonymous networks), so this is not opportune.

For companies like Nokia it still is better to take away freedom from their customers than support their customers in gaining freedom.

What happened?

www.symbiansigned.com closed the Open Signed Offline methods. They did this, not to protect you. They did this to harm you. Because too much free software is out there taking away monetary opportunities from them.

The old process

  • To be able to install a .SIS onto S60 3rd FP 1 it must be signed.
  • In the signature, there is a security context (capabilities) what the application is allowed to do.
  • To create the signature, the signature must certified by Symbian. So you need to create your signature, upload it to Symbian and let it certify there.
  • The signature was only for one single phone (based on the IMEI), such that you were able to sign your own .SIS file for your own phone only. No way to create a .SIS file which can harm phones you do not own (as you do not know the IMEI of those other phones).
  • So there is no security threat. As all owners of phones only need one single signature, the load on the Symbian Web-Page was low to negligible.

The new process

  • You cannot create your own signature anymore. So no offline signing anymore.
  • You only can take your application, upload(!) it to Symbian and let it sign there to your IMEI. This way all your works belongs to Symbian afterwards. (Think about it, it's the fact.)
  • If you have a too rapid development cycle you will be slowed down, as noted on the web page www.symbiansigned.com/app/page/public/openSignedOnline.do
  • You can only sign files, you created yourself. Files from other developers can no more be signed this way.
The drawback of this method is, that a very high load is imposed on the web pages at Symbian. In peak hours they will no more be able to sign hundreds of applications per second, therefor they must start to charge.

This method also does not work for bigger binaries (I don't think they will be able to sign a .SIS with 1 TiB). Such a size will not happen you think? Wrong. 15 years ago, my high end Unix workstation (worth $20000) had less CPU, less RAM and less storage than a typical smartphone of today. In 15 years your phone will have 1 GB of memory and several TB of storage. However, even this old Unix would be able to sign a 1 TiB .SIS. Symbian will not grow this big. Therefor Online Signing is no replacement for Offline Signing. Period.

The difference

The problem with the old Offline process was, that you can take a .SIS file you legally bought for one phone, and install it legally onto another phone. However they do not want this anymore, as when your old phone breaks they think they are allowed to re-charge you for all the software or features you had downloaded.

They are wrong, as this is fraud!

Think about it: A company creates faulty hardware which breaks, and you are not allowed to re-install your legally bought software onto the replacement phone, as this phone then has another IMEI.

Free software is hindered

Also this hinders free software a lot. Previously a developer was able to create a software for his own phone, put the unsigned software onto his web page and you were able to sign it to your phone.

This path now was disabled. As there is an UUID in the .SIS telling which developer baked the source, you cannot re-sign such a .SIS anymore.

Free software is locked out automatically

The online certificate only is valid for 3 years. That's not a long time. In fact it is quite short.

This way Symbian is able to get rid of free software after 3 years. Perhaps you think, this is no big deal. However, it is.

Free software often is abandoned. For example, some of the best little tools are older than 10 years, and they are still are superior to anything which is available commercially. This is, because they are small and free.

Small software often is free, as you would not pay for such a small tool. Even if it is very helpful, it is far too small to be sold alone. To be sold, it must get bigger. It must get bloated. And if it is bloated, you will refuse to use it, as it is bloatware and therefor hinders you instead of improving your business.

There is no need to re-create this tool, as it is perfectly doing what it was designed for. So it will be left alone.

But now the 3 year limit kicks in. After 3 years, the tool can no more be installed. It is very likely that the original developer has gone by, and another developer cannot take over, as the .SIS cannot be re-signed due to the changed UUID. Therefor the .SIS must be re-compiled.

Well, no big deal you think? Wrong again. Think about it. 3 years is a long time when it comes to updates. The SDKs were updated several times then. Function which were used by the old applications were "improved" or are now deprecated. So you cannot just re-compile the software 3 years later with your current SDK. You need to do so with the environment you had 3 years ago!

This will be simply not possible. Also there is a lot of software out there which is free, but it is not open source. So you simply cannot re-compile it. As you cannot re-sign it, you even cannot revive it.

You cannot. But Symbian can. As all software was uploaded to Symbian, they are now able to sell you, what previously was free. You think, they are not allowed to do so? They are! As the software was free, they can charge for re-enabling the software. But they will do this in the back, not openly.

How Symbian makes a Cash Cow out of Symbian Customers

Will Symbian directly charge you for installing Software to your phone? No.

Will Symbian earn money when you install Software on your phone? They already do.

How?

Well, this is easy to explain. They own the signature key. Therefor they can charge a lot. They already do. They charge over $200 per year (Plus a lot additional costs) for freely signed software. Alternatively they will charge $20(!) for each signing request (which is a lot more than free software authors can afford). This is not payed by you. It's payed by the programmer. Well, Symbian is not interested to charge you directly, as long as they get the money somehow.

The free alternatives are not suitable for creating signed .SIS files on demand. So each user must sign the .SIS files individually. Which is a major burden.

This burden could be automated. However Symbian works against this. Free tools to automatically sign apps for your own phone are steadily disabled. Well, they will say, that it's not their fault. They lie. They are not interested in such tools. So they will not allow anybody to create one. If they would be interested, they would provide free vendors with an API which allows you to automate the signing process. It's easy to create such an API, it is standard and convenient, and can be done within a few "student hours", so it's cheap to support (if not free, there will be enough people out there happily maintaining such an API for no money at all).

But they do not want to do so. They will tell, that it's impossible. However this is a lie. Code signing isn't difficult, it is proven for many years now. And it can be implemented on user's demand. The only thing which stands against this is, that they then are not able to press money out of innocent people. That's the real answer why they close down free code signing and therefor they will take away your freedom to use your smartphone as you want to use it.

And this only is for starters

Note that this is not the end, it's only the start. Symbian owns the key. They can change everything. They are in charge. Not you. And nobody else.

Who does evil things is evil. Symbian already did evil. Therefor Nokia is evil likewise. They cannot change that. As they already did it.

And: Do not trust them what they tell you. You can have security with no impact to open source and free programs. But they are simply not interested in. And as cellphones are intimate devices, they can control your behavior by not allowing you certain things. Perhaps you don't think that's important. But keep in mind: We are only at the beginning, and they will do this slowly, such that you cannot see this easily.

If you want to really make the test, then write down, what you will not bear ever. Things which must not happen at all. Things which are important to you today. Then, in 20 years from now, read this paper again. Check what then is violated but you have accepted it. Even though that you think today, you will never be able to bear it. Perhaps you will then re-think and detect, how they got you to accept this all. And you will be a little bit more aware of what's really going on.

(For example: In 1990, would you ever have allowed anybody to track your position all time? Today you carry your cellphone. And in Germany it is the law that you must be tracked and this information then must be stored for 6 months. Well, you can switch off your cellphone. How often do you do this to protect your privacy? Please be honest!)

Note that it is not really planned. There is no "evil mind" controlling us. It's just as it evolves. We cannot change this. However we can try to slow them down. This is: Abstain from buying Symbian based smartphones! If you do, then abstain from buying software (just use the phones as they come out of the box). Do not let them gain more money, as success will speed up the process.

-Tino, 2008-03-07, Updated 2008-04-28 for typos
PS: Note that I already spent over 1 day trying to install a .SIS package with a signature which "timed out", because SymbianSigned closed doors and disabled all workarounds recently. There still is the way to "Time warp" devices, however this is extremely annoying and this hole eventually will be closed, too (new devices know their manufacturing date, so you eventually will be unable to time-warp them before they were build. This effectively locks out any software with a timed out key before the device was build).