Recently, somebody with a MacBook complained to me about their VPN not working right. It appeared that their DNS queries weren’t being routed through the VPN, but were getting sent to their ISP. If you’ve read my article on the dangers of public Wi-Fi, then you know that a VPN is supposed to tunnel all network traffic through the VPN’s servers, including DNS queries. But this guy’s MacBook apparently wasn’t doing that, even with the VPN on.
Now, I’ve never owned an Apple device, let alone a MacBook – Apple products are too expensive for my taste – but I did research online about this issue, and it turns out that it’s a common problem facing MacOS users. MacOS has a funny and opaque way of performing DNS queries. Because of this, it’s really hard to control where your DNS queries go on a MacOS device, including whether or not the VPN gets to control it.
Now, I actually didn’t find this the least bit surprising. Apple has done something like this on MacOS before, and it was even more egregious than merely not letting DNS queries get routed through VPN’s. So I explained all this to my annoyed friend and realized he was probably going to ask: “Isn’t this is bad for the security and privacy of people who use VPN’s on MacOS?” I preempted him and said: “Yes, this is bad for the security and privacy of people who use VPN’s on MacOS.” Then that got me thinking: Can you trust your devices? And that’s what we’ll be talking about today.
You can’t do it all yourself, but you can try with everybody else
Ever heard the saying “No man is an island?” Well, the same is true for technology. You have to trust somebody, otherwise you’d never be confident your tech is working the way it’s supposed to. It would be nice to live in a world where we fully understand every single thing our devices do, how they work, and how to control them completely; but we don’t live in such a world, so we have to make do with what we got.
Now, my friend above decided to trust Apple, thus he bought a MacBook and uses MacOS for his device. If it’s good enough for him, then it’s good enough for him. And whenever Apple screws him over, like they did last year, well, it’s good enough for him (I guess). But for someone like me, I can’t trust Apple – it just ain’t good enough for me – so I use Linux instead. Linux doesn’t have the money, influence, nor manpower that Apple does, but they do have something that allows me to give them more trust than I give Apple: transparency. See, MacOS is closed-source, so nobody other than authorized Apple staff can read MacOS’ source code to see what MacOS is doing under the hood. Linux, on the other hand, is open-source, so anybody can read the source code, including you and me.
ʕ·ᴥ·ʔ: Okay, but what if I can’t understand the source code, or just don’t have time to read it? I’m not a programmer; I’m a bear!
Well, you can’t actually read all of that source code yourself. In the beginning of 2020, there was 27.8 million lines of code in the Linux kernel alone, not to mention the rest of what makes a fully functional operating system! You can’t read and verify the safety of all that code, and neither can I, but we do have one important thing going for us with Linux: We can do the best that we can to read and verify as much as we can or as much as we’re willing to, as can everyone else on the planet. You might not trust Linus Torvalds, the creator of the Linux kernel; you might not trust all of the other Linux maintainers and contributors; or all of the other people around the world who are reading, verifying, and writing Linux code; but if we’re all using Linux as our operating system, then we’ve all got an incentive to make sure that it’s secure and works correctly.
And that’s the power of open-source: You don’t have to trust a big, profit-motivated company that hides its code from the outside world; you can trust that thousands of other people around the world are using the same code you are, and therefore have an interest in keeping it safe and secure, just like you. And, you can also always help out too.
It’s still company even if it’s a small crowd
Of course, you need more than just an operating system to make a device useful. You need apps – the programs your device uses. You might replace closed-source Microsoft Office with open-source LibreOffice, which certainly gets the job done. How about dropping Microsoft’s, Android’s, and Apple’s built-in email apps for the open-source email apps, Mozilla Thunderbird and FairEmail? You might think that Google Chrome is open-source, but it ain’t; and neither is Apple’s Safari. So how about using Mozilla Firefox instead? There’s an open-source project to replace most closed-source apps out there; you just need to put some effort to look around and find them.
Other than maybe Firefox, none of these open-source projects will have the number of maintainers and contributors that Linux has, so there won’t be as many eyeballs watching and improving the source code of these projects, but I’d say they’re still preferable to trusting some profit-driven company that may sell your data and hide their mistakes. It might take some testing, trying things out, and research on your part, but the rewards are usually worth it: you get an app that an entire community is using and contributing to, rather than an app that is completely hidden and controlled by some big company that may not have its users’ – your – interests at heart.
Hardware is a little, uh, harder
Alright, that settles our software issue, but what about hardware? Well, there is open-source computing hardware out there, like an Arduino or a Raspberry Pi, but those don’t have anywhere near the computing power that the latest and greatest computing hardware have. For light computing, those will work great. For anything heavier than that, not so much. In the future, more high-power computing hardware like RISC-V might become popular and easily accessible to the masses, but for now they’re not. So common consumers like you and me are left with big oligopolies like Intel, NVIDIA, and AMD. In other words, pick your poison.
ʕ·ᴥ·ʔ: I’m picking…
Having said that, some poisons you definitely should avoid.
ʕ • ᴥ •’ʔ: Ah, haha. I was just about to pick a random poison to get this over with. But, okay, please do go on. Hehe.
Just like how some software might stab you in the back (MacOS, I’m looking at you), some hardware might, too. For example, here is a budget phone brand, Tecno, that came preinstalled with malware even before you bought it. Think that only happens with cheap hardware? Think again, because Apple and Amazon only buy the best hardware, and once bought malware-infested video servers. So some poisons are definitely worse than others, and unfortunately there is no sure-fire way to tell which is which. You just have to figure it out and make intelligent guesses on your own. Having said that, you might have noticed that the last two examples I gave of hardware stabbing their owners in the back were all Chinese hardware. Tecno? A Chinese phone brand. Those Apple and Amazon video servers? Made in China. Maybe, just maybe, avoid stuff that’s made in China (if you can). If you can’t, at least avoid Chinese hardware brands. Non-Chinese hardware brands like Nokia and Apple have at least some quality control over their made-in-China products.
Trust, but only when you need to
So maybe you’ve already got hardware that you don’t trust.
ʕ·ᴥ·ʔ: I do!
And maybe you’ve got no choice but to use software that you also don’t trust.
ʕ·ᴥ·ʔ: Thaaat’s me!
Well then, in that case, the best that you can do is minimize your exposure to danger.
- For example, if you have a data-hogging Tecno phone, disable mobile data when you’re not using it, or even turn airplane mode on or turn the phone off entirely when you don’t need it.
- If you think your Android phone is constantly tracking your location, turn location services off and disable saving location history on your Google account. Again, you can always turn airplane mode on or turn the phone off when you don’t need it.
- Your company might require you to use Zoom, but nobody said you can’t use Signal for personal use.
- Got a second Android phone and think you’re tech-savvy enough? Install the open-source LineageOS on the second phone and use that whenever you don’t need Android. I’ll talk more about LineageOS in an upcoming article.
- Speaking of using two different operating systems, I’ve talked about multi-booting Linux before. You can use Linux whenever possible and Windows or MacOS only when necessary. Any bad hardware will sure have a harder time stabbing you in the back when you’re running different software that it may not have accounted for.
- Lastly, don’t forget to stay dumb and disconnected! Even the worst, most evil device can’t hurt you when it’s off. It may also not be able to hurt you when it’s got no internet connection. And the simpler (the dumber) the device, the less it can do to you. I mean, you can’t install malware on a Post-It note, can you?
ʕ•ᴥ•̥ʔ: CAN YOU?!
No, Kuma, no you can’t.
ʕ·ᴥ·ʔ: Phew!
You can, however, leave it lying around for all to see how many dumpsters you eat junk out of every day.
ʕ·ᴥ·ʔ: Hehe. That’s okay. I got nothing to hide.
Yep, totally. Not even a few jars of honey you ate that belonged to–
ʕ º ᴥ º ,’ʔ: Nobody! I ate a few jars of honey that belonged to nobody! Uh, I found them in the dumpster! Just a few jars of honey, lying in the dumpster, and I took ‘em! That’s all!
Yep. You got absolutely nothing to hide…
Got something to hide? Don’t want Big Brother watching your every move? Got nothing to hide but don’t believe that enough to not keep coming back to my website? Then consider subscribing! You’ll be notified of new articles – and only new articles – once a month. I’m not a profit-driven company out to sell your data to the highest bidder, so just drop your email address down below. Or better yet, don’t take my word for it, and subscribe to my RSS feed with your open-source RSS reader. You can find a link to my RSS feed in the site menu.