The future of computing does not look bright
Systems are increasingly locked down, end-users do not know how to use their devices, programs are becoming unnecessarily large and complex, more and more devices are being tracked constantly, and most hardware and software are not being purchased.
But hasn’t it always been like that?
In fact, yes, this is the trend since at least a decade, but it looks (to me) like we are reaching a critical point.
Trusted computing
As Wikipedia summarizes it:
Trusted Computing is controversial as the hardware is not only secured for its owner, but also against its owner, leading opponents of the technology like free software activist Richard Stallman to deride it as "treacherous computing", and certain scholarly articles to use scare quotes when referring to the technology.
The main issue is that the owner of the hardware is considered an attacker too, and that what constitutes a secure Platform is decided unilaterally.
TPM 2
A Trusted Platform Module can be used for multiple tasks that benefit the end user, like generating secure pseudo-random values or storing keys and passwords.
But the user does not control the TPM, and it is, in fact, used against the user, for hiding things from him, like in the case of Passkeys.
Android / iOS
Android and iOS introduced, for good or bad, a lot of restrictions on what the user and programs can do.
For example, it is in general not possible or very hard to have a program running in the background. Just like it is not possible to see what programs are actually running, to decide when to start a specific program automatically, or to make screenshots of whatever is displayed on the screen.
Some of those restrictions are good. There were too many programs that decided by themselves to start in the background and run the whole time, even if they were rarely used. But if the end-user cannot decide what to run and when, what then?
It is also a good thing that a program cannot see what other programs are doing, by making screenshots. But a program should not be able to say that the user cannot make a screenshot.
DRM systems
Digital rights management 🗄️ systems, often abbreviated as DRM systems, might rely on trusted computing, but not necessarily.
DRM as a concept has always been problematic, in particular
-
it is unfriendly for the environment, as it requires buying new hardware or software even if the current one is otherwise up to the task
-
no DRM mechanism actually knows what the actual rights are
-
it does not know if the user has the rights to distribute, for example, a song or image. How does it know if the user is the author or not?
-
it does not know if the legislation in the country the user is currently in permits making a backup of the media
-
it does not know if the user wants to do something for fair use
-
it does not know if the copyright has expired
-
-
backups are harder to do; sometimes, it is simply not possible to create them
-
it generally provides a sub-par experience. You have to insert a CD, write key codes, connect to the internet, execute an activation wizard, use a dedicated program, or do something else, instead of simply doing what you want to do: play the game, watch the video, listen to the music.
-
there are security issues with some mechanisms used
-
SafeDisc 🗄️ and SecuROM 🗄️ have known 🗄️ security issue. Since Windows 10 🗄️ , games using those drivers will not work anymore
-
who does remember the Sony rootkit scandal 🗄️?
-
-
there are compatibility issues. The software might be compatible with the current setup, but the DRM system is not; it requires additional resources, software, or hardware; for example:
-
a CD-ROM drive
-
connection to the internet
-
some systems require a specific piece of hardware, like specific hard drives 🗄️
-
a particular OS
-
some systems, like StarForce 🗄️ have a blacklist of programs that should not be installed on the same device
-
-
modern DRM systems have embarrassing false positives 🗄️ and those can lead to data loss 🗄️ that the end-user cannot recover.
Do those artificial restrictions affect me?
In multiple ways!
I have older programs that still work, but I’ve lost the license key, and it is not possible to buy a new one.
I have older programs that still work, I have the license key, but I cannot activate them because the DRM system needs to communicate with a server that no longer exists.
In both cases, I’m officially unable to install the program again.
I have games that require inserting the CD, but most computers do not have a CD drive anymore. I can install the game from the backup I made of the CD (a simple copy of the content), but the copy is not recognized by the game as a CD for starting the game.
I cannot do proper backups of different media, but it’s not because I lack the hardware.
I want to print a black-and-white document, but the printer claims that the red ink, which I almost never use, is empty. On older printers, this would not have been an issue; now I’m forced to buy new cartridges every time, even if I don’t use them.
| Note 📝 | Yes, I am aware that not every printer behaves this way. I’ve changed my printer after I discovered this behaviour with one that behaves as expected. |
Android phones prohibit me from making screenshots for fair use, backups, and documentation purposes.
I have digital books that I cannot read on the device of my choice, although I have compatible eBook readers.
And probably many other things. I bet many people are affected in even more ways, probably even without realizing it, because these inconveniences are considered normal.
Most people find it normal to have to
-
continuously install updates
-
restart the computer or single programs to fix stability issues
-
watching ads and being interrupted when watching a movie or reading an article
-
dealing with spam
-
waiting for the device to start
-
throwing devices away because there is a new version
CD requirement in Games
Many games require the installation CD to be inserted.
For some older games, it might have been a way to avoid filling the drive of the computer. I have a couple of games compatible with Windows 3.1; they simply searched for the required files on all available drives, so copying the content of the CD to an internal drive was a sufficient workaround for not having to insert the CD every time.
But at least since Windows XP, most games on disc have more strict requirements, and really want to find the original disc, not even a backup copy, even if the game does not need to read any file from it.
Movies on DVD and Blu-ray
Many commercial DVD movies use Content Scramble System (CSS) 🗄️ to prevent users from playing the content on DVD, unless they use an approved DVD player (hardware or software).
This meant that it was possible to reproduce a DVD on Windows, but it was not on Linux systems, as no company developed a player for those other systems.
With the advent of DeCSS 🗄️ , it has finally been technically possible for the end-user to view bought movies on their preferred devices and systems.
I also possess a commercial DVD that looks different from all the others. It does not use CSS, and it does not have the common structure of a commercial DVD video.
I’m not sure how to play it; this is the directory and file structure of the disk:
.
├── AUTORUN.INF
├── config
│ ├── config.ini
│ ├── discnav.ico
│ ├── display.ini
│ ├── images
│ │ ├── bg.jpg
│ │ ├── bgtext.jpg
│ │ ├── digitalcopy.jpg
│ │ ├── errorbg.jpg
│ │ ├── errorclose.gif
│ │ ├── help.jpg
│ │ ├── mainmenu.jpg
│ │ └── moreinfo.jpg
│ ├── install.htm
│ └── start.htm
├── discnav.exe
├── DVDROM
│ ├── iTunesInfo.xml
│ └── Media
│ └── FeatureMovie
└── wmv
└── SWATH_PC_DEU.wmvThe only hint I have is the "Digital Copy" label on the disk, I never heard of it before, supposing this is it, Wikipedia has an article on it; I guess that the short story is that I can toss the DVD; a DVD that requires the internet to work is not something I’m interested in.
If every DVD or Blu-ray used this "Digital Copy" mechanism, I guess I would not have bought a single movie in my entire life.
On the other hand, although I dislike the protection mechanism used on commercial DVDs and Blu-rays, they have certain advantages over streaming services or all other digital offerings that require you to use specific software or hardware. Thus, since I am able to play DVDs and Blu-rays on the devices I want (with one exception), offline, and at any time, I prefer those as a media format for the movies I want to buy.
Game consoles
They often used dedicated hardware and systems that did not have much in common with a computer, so it should not come as a surprise that it is not that easy to execute your own programs.
In the meantime, most consoles are as powerful as a generic computer; they might even use an operating system that can run on a computer. For example, the operating system of the PlayStation 4 and 5 are based on FreeBSD 🗄️, and on the PS3, it was officially possible to install a Linux systems 🗄️ .
Nevertheless, the systems are locked down.
It is not (officially) possible to
-
make a backup of the system
-
backup and restore save games, or game progress
-
copy the games to the internal drive so that you do not have to insert the disk or cartridge every time
-
install a compatibility layer (or emulator) for an older system so that you can play the game you have bought for the previous console generation on the current one
-
screen recording
I am sure that there are many other interesting use-cases; those are the first that came to my mind.
Synology hard disks
At some point, in 2025, Synology decided that only their hard drives would work on their NAS systems 🗄️.
The economic backlash was big enough that they partially reverted their decision 🗄️.
It is for this and other similar reasons that I never tried to use or buy a NAS, but always preferred to use an old computer.
I’m surely missing a lot of nice features, and maybe even spending more time configuring that system compared to attaching a black box on my network, but at least I do not have to worry about updates, lock-in, and backward compatibility.
EME, CDM, and Widevine
There is also DRM on the web 🗄️.
Mostly for videos, the content provider decides if the device is worthy of accessing specific content.
The main issue is that the component that does the DRM is closed source, and it is not possible to create alternate browser 🗄️, even by asking nicely.
Since it was always bad, why am I worried?
Because systems are getting locked down year after year. For example, Google announced that it is not possible to install an application on Android devices if not through their store or adb, and also developing programs will have additional restrictions, like submitting an identity profile to Google.
Another issue is that users do not know how to use their devices/do not know how their devices work. One of the reasons is that most user interfaces hide a lot of important information.
Phones in particular are hard to use after five or more years, or use as a generic computing device.
On one hand, the operating system does not give much flexibility, functionalities like
-
autostart of programs
-
automatic reboots
-
control over background applications
-
OS updates
-
backing up programs
and many others are not available to the end user.
On the other hand, hardware is difficult to repair or reuse
-
most hardware is tailored for a specific device; it cannot be used between different devices
-
most phones do not have a removable battery
-
many phones that have a removable battery do not start if the battery is not inserted
Thus, even if you buy the hardware and software, you are much more limited in what you can do.
The same patterns are being used more and more on PCs.
Most of all, I am worried because I am being forced into an ecosystem I do not want to be part of.
Like most people, I need money for living. I get the money by working. I need a bank account.
| Note 📝 | I was told it is not necessarily true that I need a bank account; I could be paid in cash. I’m not sure if this is true, and it is not completely beside the point, but I’m still going to argue that to live in today’s society, you need a bank account. |
All banks I am aware of are transitioning to mobile applications for "security". One can either use the application directly or use it as a second-factor authenticator for logging in on the computer.
Those applications want to ensure that the device they are installed on is secure. This is often done by using the Google attestation service, plus, it might use other "handwritten" verifications.
On my devices, the application of the bank I am currently using does not work, because (pick at least one)
-
I have no Google Services
-
I have an OS that is too old
-
I have an alternate OS
-
I have administrative rights on my device
Other things I have experienced (not first-hand, sometimes by helping someone else):
-
the device is a Huawei phone with Android, and workarounds like GBox and MicroG are not always enough
-
the device has an "unusual" or too small screen size, even if there is more than enough space to show the whole content
-
there is at least one application installed that the bank does not like
-
the device does not have Android (or iOS) as an operating system
-
the Google Attestation Service does not report the device as secure for unknown reasons
Even if the devices I’ve used are "perfectly secure", as in they have no known vulnerabilities, or that the known (and mostly unknown) vulnerabilities cannot be exploited (the device is, for example, air-gapped), and meet all other requirements for running correctly, I cannot use them.
This is the issue with Trusted Computing; it acts against my interests.
And while it is possible to say "buy a new device", there are multiple issues with this approach:
-
how long will the new device be supported?
-
what about environmental issues?
-
do all other (old and new) applications work on the new device?
On a computer, thanks to
-
VirtualBox and other virtual machines
-
projects like
dosboxandwine -
efforts at retro-compatibility in some environments, on top of my head, Windows and the Linux kernel, C and C++ language and compilers, and so on
-
efforts to keep command-line interfaces stable, especially for decade-old programs (that are still maintained) like the POSIX command-line utilities
I can still use older systems and programs (or newer programs that work the same way) without issues. Thus, in general, a newer machine is a superset of an older one. On a phone, or in general with trusted computing, but more on that later, this is not true.
I currently have an issue with the bank, because I am being forced to, but there are other places where applications are being pushed continuously.
It is an issue I was always aware of, and because having administrative privileges offers multiple advantages, I always avoided using those programs.
The second most prominent example I have are public health insurance companies.
Some of their applications want to ensure a "secure environment" too, and so they do not work on my devices. As I did with the bank, I complained because I am not able to use certain features, but it did not help. At least I am not being forced to use the application as long as I avoid certain features, and as long as the website works both from the computer and on the phone.
Transport Companies are also pushing for applications; in some places, it is getting harder to buy physical tickets. For example, Ryanair 🗄️ is forcing everyone to use their application.
One should not be surprised that, in general, an application does not work as well as a printed piece of paper. I’ve read (and had) too many experiences where the application crashed at the wrong moment, or the bought ticket temporarily disappeared.
Of course, using the phone instead of printing things can have multiple advantages. For example, there is less waste, no need to waste ink and paper, and the chances of losing or forgetting the ticket might be smaller than forgetting the phone.
On the other hand, why not just give the user an image, a PDF document, and/or a passbook file to save on the device pkpass?
I’m pretty confident that, if the battery is not empty, I’ll be able to show an image at any time. I’m not as confident that a third-party application works correctly the moment I need it.
The reason why one is forced to use an application has nothing to do with security, accessibility, or ease of use.
As someone who writes software, I get it. You do want to minimize the number of devices and their idiosyncrasies you have to support, test, and debug.
The main business of most companies is not to write an application, but something else. In this particular case, there is no reason why an old device could not do the equivalent of a printed piece of paper. It is, in fact, a nice use case for an old device instead of throwing it away: use it as a dedicated device for managing tickets. This ensures, for example, that the battery running out is not an issue in most situations, as you are not going to use it otherwise. If configured correctly, like showing by default the wallet with the tickets, it can be given to a teenager, an elderly person, or, in general, to someone who would not use a smartphone otherwise.
Security is just a lame excuse.
So why are companies investing so much energy in programs they give away for free that cost them a lot of money, and possibly some reputation?
The first reason is: everyone else is doing it.
The second reason is: it is "modern" (whatever it means).
And last but probably most importantly, forcing the user to use an application instead of giving him the possibility to bookmark a website or leverage an existing infrastructure, gives the author of the application more control. It can show the user other content (related products, ads) or track information (which can be given to "partners"). It also makes it easier to lock the user 🗄️ in a particular ecosystem.
For the end-user, there are not many advantages.
Why would I need an internet connection to show my ticket? Why does it need to be updated continuously?
An application is, in general, not really environmentally friendly. Even without taking into account that it might force the user to buy a new device, it is another program running and consuming resources, the battery in particular. Plus, people had to develop, debug, and test it. Compared to that, printing a piece of paper or saving an image in the photo gallery is much more energy-efficient.
What could improve the situation?
"Voting with your wallet" is not sufficient anymore. I suspect it has never been sufficient.
Claiming that this can be fixed by not buying certain products does not work. I cannot find the product that is exactly what I want, so I have to compromise one way or another, and every product on the market has some deficiencies.
I would like a phone where
-
I can decide which applications start automatically
-
I can decide which programs runs in the background
-
I can decide which programs can access the network or other resources
-
I can decide if the device should reboot automatically, and under which conditions
-
can do a full system backup locally and restore it, eventually on a second device, even if the author of the program does not like it
-
my device is considered secure if I have no malware on it
-
no settings are reverted silently behind my back
-
firewall able to block single programs, ports, and domains
-
install/configure the same program multiple times, and to be able to isolate them (similarly to Docker, virtual machines, BSD jails, Windows Sandbox, and most well-behaved programs out of the box)
-
small screen
-
no need to be "supported" with security updates by the manufacturer; similarly to computers, the user can install the operating system they want
-
no need for an online account to use the device or to install programs
-
replaceable battery/sim/sd card by simply removing the back cover
But cannot find it anywhere; contact me if you find something similar. But even if it existed, I am part of a minority, no company would be able to live with my once in a blue moon purchase.
Most of the topics I’ve mentioned are important only for some disjoint minorities.
Most people do not care if the drivers are open or closed source, as long as the system works (for some definition of system and works) Most people do not care if you can use a third-party store, as long as the preinstalled store on the device works. Most people are not personalizing their computer or phone. A lot of people change their phone every two, three, or four years; some do not even buy them, but lease them.
Once upon a time, standards had a major meaning, interoperability was important, because no company was big enough that it could ignore the rest of the world. For this reason, there was an incentive to use standard protocols. Today, a handful of gigantic companies control the majority of the stack of technologies, which radically changes how standards are developed and how important they are.
So the only possible way to improve the situation seems to be to have more regulations.
Recently, thanks to regulations, we have
-
the right to repair 🗄️
And we should have batteries that are easier to remove 🗄️ again.
Note that regulations are not perfect. Even with the GDPR, most companies are still tracking their users; at least they are now notified, and there are more situations in which one can opt out. It is heartbreaking to see how many "partners" websites have, for showing me things I’m not interested in. But before the GDPR, it was not better; it was just harder to see what was happening.
Not only users, but also nations are losing control over computing platforms, as they all have in their dependencies one or more of those gigantic companies, all located in America.
It’s a shame that on one side, some governments are trying to use alternative programs, often open source or at least programs that support open formats, but on the other hand, they are not doing much to prevent local companies from pushing their citizens into environments controlled by those gigantic companies.
If you have questions, comments, or found typos, the notes are not clear, or there are some errors; then just contact me.