Tivoisation explained - implementation and harms

Tivoisation explained - implementation and harms


To think about what free software licences should do about tivoisation, we have to understand what problems we're trying to prevent, and how it works - so that we can ensure that it doesn't work.

How tivoisation works

Tivoisation is a technique that manufacturers use to produce a computer, to sell to you, whose software they can update but you can't.

There are three elements involved in tivoisation:

  1. The manufacturer puts a chip in the computer which checks any software before it is run and which will only allow authorised software to be run.
  2. The chip can recognise authorised software by, for example, comparing a checksum (like a fingerprint) to a list of authorised checksums, or by checking for an encrypted signature.

  3. The manfucturer withholds the information which you would need in order to make software authorised.

    By doing this, the manufacturer can still publish new versions of the software in the future. They just have to embed the encrypted signature in their new version, or send a remote command which would add the checksum of the new version to the list of authorised checksums.

    However, if you try to use a modified version of the software, or try to run some third-party software, the computer will refuse to function fully, or will simply not run the software at all.

Controlling your own computer

The name "tivoisation" comes from a computer called the Tivo which comes with the above restrictions (at least from Series2 models onwards). The Tivo contains spyware and blocks the copying of information even when you are legally allowed to copy that information.

The operating system installed on each Tivo is GNU+Linux, so if you buy a Tivo, you have access to the human modifiable source code and permission to modify it. But, if you try to use a modified kernel, the computer will not start. (As described in this article, midway in the 3rd paragraph.) So tivoisation prevents you from being able to use software that doesn't contain spyware or wrongly imposed restrictions.

Sustaining the free software movement

The second reason why free software licences should prohibit tivoisation is that tivoisation burns the environment in which free software flourishes.

Normally, when our software spreads, we gain more developers (individuals plus companies) as some of the users will know how to program, and they will make small or large changes. Also, many of the people who make changes will publish their improvements so that everyone, including the non-programmers, can benefit from the general ability of the community to modify the software. By making computers non-programmable, tivoisation makes free software users non-programmers.

So with tivoisation, the ability of the community to choose the direction the software develops in is inhibited, and the link between the spread of our software and the growth of our developer community is cut. If a million people bought Tivos, there would be an extra million GNU+Linux users in the World, and we would gain zero developers.

This is unfortunate to any degree, but it can also become particularly problematic if it becomes widespread.

If we accept this behaviour from hardware manufacturers, we will get more of it because hardware manufacturers have no reason to turn down the opportunity to have more power over their customers. If tivoised computers become the norm and the era of programmable computers fades into history, free software development and users's control of their computers will be in trouble.

What do we have to think about

While GPLv3 is being drafted, we have to think about how many different ways tivoisation can be done and whether or not there are ways that it can be done, or the same problems can be caused, that the current language could be improved to block.

Of the three components of tivoisation mentioned above, item #3 is the problematic one. If manufacturers implement elements #1 and #2, but told each customer the (possibly unique) encrypted signature, or how to add new checksums to the list of authorised checksums, then there would be no problem. The computer would only run authorised software, but you could decide what is authorised.

Indeed, allowing elements #1 and #2 is important because they can be used for security purposes. I could configure my computer to only run signed software, and then I could sign all the software on my computer. Then, if a virus ever modified the software on my computer or added a new program, it wouldn't run. Or as a network administrator, I might also use this for multiple machines within one organisation. So elements #1 and #2 must not be inhibited by any method of blocking element #3.

What discussion draft 2 of GPLv3 says

So, discussion draft 2 of GPLv3 blocks item #3 by saying that when you are required to distribute a program's source code, you must include:

...any encryption or authorization keys necessary to install and/or execute modified versions from source code in the recommended or principal context of use....

This only applies to people distributing hardware plus software where the hardware is configured as in step #1 above. If you are just distributing software, then the number of keys that are necessary to install and/or execute the software is zero. So this language only applies to a small number of hardware manufacturers, probably less than ten.

That sentence I've quoted is from the definitions of "Corresponding Source" in discussion draft 2 of GPLv3. Richard Stallman has said that in discussion draft 3, this will probably be moved out of that definition and into the section on distributing binaries.

Your comments on this issue are sought at the gplv3.fsf.org comments portal.

For more information about GPLv3, see FSFE's GPLv3 project.

(I had help in writing this from the people on the fsfe-uk and fsfe-ie mailing lists. Those links point to the archive of the relevant discussions showing the people and their comments. Thanks.)

Category: 
Opinions
Tagging: 
gplv3
tivoisation
tivoization

Author information

Ciaran O’Riordan's picture

Biography

Free Software advocate, active on political campaigns such as that against software patents in Europea, and interested in free software licences

Most forwarded

Interview with Dave Mohyla, of DTIDATA

Dave Mohyla is the president and founder of dtidata.com, a hard drive recovery facility based in Tampa, Florida.

TM: Where are you based? What does your company do?
DTI Data recovery is based in South Pasadena, Florida which is a suburb of Tampa. We have been here for over 10 years. We operate a bio-metrically secured class 100 clean room where we perform hard drive recovery on all types of hard disks, from laptop hard drives to multi drive RAID systems.

Anybody up to writing good directory software?

Since the very beginning, directories (of any kind) have had a very central role in the internet. (I have recently grown fond of Free Web Directory. Even Slashdot can be considered a directory: a collection of great news and invaluable user-generated comments. As far as software is concerned, doing a quick search on Google about software directories will return the free (as in freedom) software directories like Savannah, SourceForge, Freshmeat and so on, followed by shareware and freeware sites such as FileBuzz, PCWin Download Center and All Freeware (great if you're looking for shareware and freeware, but definitely less comprehensive than their free-as-in-freedom counterparts).

Interview with Mark Shuttleworth

Mark Shuttleworth is the founder of Thawte, the first Certification Authority to sell public SSL certificates. After selling Thawte to Verisign, Mark moved on to training as an astronaut in Russia and visiting space. Once he got back he founded Ubuntu, the leading GNU/Linux distribution. He agreed on releasing a quick interview to Free Software Magazine.

Is better education the key to finding better software?

I read David Jonathon's article Anybody Up To Writing Good Directory Software? the other day, which got me thinking about software directories in general. As David mentioned, many of the software directories one finds when doing a quick google search are free as in beer, not as in freedom. But what interests me is the software directories that already exist, providing a combination of both free as in beer software, and open source software. Sites such as Freeware Downloads and Shareware Download don't advertise themselves as providing free as in liberty software, but each of them have a good selection of open source software available... if you know where to look.

Most emailed

Free Open Document label templates

If you’ve ever spent hours at work doing mailings, cursed your printer for printing outside the lines on your labels, or moaned “There has got to be a better way to do this,” here’s the solution you’ve been looking for. Working smarter, not harder! Worldlabel.com, a manufacture of labels offers Open Office / Libre Office labels templates for downloading in ODF format which will save you time, effort, and (if you want) make really cool-looking labels

Creating a user-centric site in Drupal

A little while ago, while talking in the #drupal mailing list, I showed my latest creation to one of the core developers there. His reaction was "Wow, I am always surprised what people use Drupal for". His surprise is somehow justified: I did create a site for a bunch of entertainers in Perth, a company set to use Drupal to take over the world with Entertainers.Biz.

Update: since writing this article, I have updated the system so that the whole booking process happens online. I will update the article accordingly!

So, why, why do people and companies develop free software?

More and more people are discovering free software. Many people only do so after weeks, or even months, of using it. I wonder, for example, how many Firefox users actually know how free Firefox really is—many of them realise that you can get it for free, but find it hard to believe that anybody can modify it and even redistribute it legally.

When the discovery is made, the first instinct is to ask: why do they do it? Programming is hard work. Even though most (if not all) programmers are driven by their higher-than-normal IQs and their amazing passion for solving problems, it’s still hard to understand why so many of them would donate so much of their time to creating something that they can’t really show off to anybody but their colleagues or geek friends.

Sure, anybody can buy laptops, and just program. No need to get a full-on lab or spend thousands of dollars in equipment. But... is that the full story?

Fun articles

Santa Claus - the most successful open source project

It dawned on me the other day, as I was shopping for the dozens of gifts it seems I have to buy every December, that Santa Claus is the most successful open source project in history. (Bridget @ Illiterarty would agree with that). Santa Claus is essentially a marketing development that is embodied by everyone who stuffs a sock, gives a gift, hosts a dinner or wishes Merry Christmas over the holiday season.

Most emailed

Editorial

When I first started thinking about Free Software Magazine, I was feeling enthusiastic about the dream. I had Dave, Gianluca, and Alan willing to help me, I had established members of the free software community willing to help me out, I had writers volunteering their time and energy for free, and I had a generous offer from OpenHosting for servers, all before I'd proved myself. There was a sense of excitement in the air, and I thought maybe, just maybe, I could make this work.

Free Software Magazine uses Apollo project management software and CRM for its everyday activities!