Software Engineer Nikita Prokopov delves into how programs have changed over recent years from doing our bidding to working against us, controlling us. This adverse change has been ushered in through requiring accounts, update processes, notifications, and on-boarding procedures.
This got so bad that when a program doesn't ask you to create an account, it feels refreshing.
"Okay, but accounts are still needed to sync stuff between machines."
Wrong. Syncthing is a secure, multi-machine distributed app and yet doesn't need an account.
"Okay, but you still need an account if you pay for a subscription?"
Mullvad VPN accepts payments and yet didn't ask me for my email.
These new, malevolent programs fight for attention rather than getting the job done while otherwise staying out of the way. Not only do they prioritize "engagement" over its opposite, "usability", they also tend to push (hostile) agendas along the way.
Previously:
(2025) What Happened to Running What You Wanted on Your Own Machine?
(2025) Passkeys Are Incompatible With Open-Source Software
(2024) Achieving Software Freedom in the Age of Platform Decay
(2024) Bruce Perens Solicits Comments on First Draft of a Post-Open License
« Software Developers Show Less Constructive Scepticism When Using AI Assistants | China Cuts Open New Robot on Stage to Prove Authenticity »
Related Stories
Bruce Perens is working on licensing for a new, post-Open Source era to take open source licensing past the apparent stalling point it has reached on its way towards software freedom. As he noted earlier, current licenses are not meeting that goal and businesses have either found loophole or just plain been allowed to ignore the licensing. A move more towards a contract is needed.
At the link below is the first draft of the Post-Open License. This is not yet the product of a qualified attorney, and you shouldn't apply it to your own work yet. There isn't context for this license yet, so some things won't make sense: for example the license is administered by an entity called the "POST-OPEN ADMINISTRATION" and I haven't figured out how to structure that organization so that people can trust it. There are probably also terms I can't get away with legally, this awaits work with a lawyer.
Because the license attempts to handle very many problems that have arisen with Open Source licensing, it's big. It's approaching the size of AGPL3, which I guess is a metric for a relatively modern license, since AGPL3 is now 17 years old
The draft license is quite long since it covers quite a few scenarios.
Previously:
(2023) What Comes After Open Source? Bruce Perens is Working on It
(2018) The Next 20 Years of Open Source Software Begins Today
Here are two related essays on software freedom in light of the current environment where platform decay has become the norm.
Lead developer of Linux-Libre, FSFLA board member, and previous FSF board member, Alexandre Oliva wrote a piece back in June about platform decay (also known colloquially as enshittification) and how to fight it through software freedom. It's from his May 5th, 2024 LibrePlanet presentation with the same title ( video and slides ). This weekend, developer Daniel Cantarín wrote a follow up addressing the nature of software freedom and the increasing communication, philosophical, and political barriers to actually achieving software freedom.
The two essays are essentially in agreement but raise different points and priorities.
Alexandre Oliva's essay includes the following:
[...] Software (static) enshittification
Back in the time when most users could choose which version of a program they wanted to run, upgrading software was not something that happened automagically. Installing a program involved getting a copy of its installable media, and if you wanted to install a newer version, you had to get a copy of the installable media for the newer version.
You could install them side by side, and if you found that the newer version was lacking some feature important to you, or it didn't serve you well, you could roll back to the older version.
This created a scenario in which the old and the new versions competed for users, so in order for the newer version to gain adoption, it had to be more attractive to users than the older one. It had to offer more interesting features, and if it dropped features or engaged in enshittification, it would need even more interesting features to make up.
This limits how much enshittification can be imposed on users in newer versions. It was much harder to pull feature from under users in that static arrangement.
Software (dynamic) enshittification
But now most users are mistreated with imposed updates, and since they are required to be online all the time, they are vulnerable all the time, and they can't go back to an earlier version that served them well. The following are the most enshittifiable arrangements to offer computing facilities to users. Most enshittifiable so far, Homer Simpson would presumably point out.
Apps that run on remotely-controlled telephones (TRApps) and that are typically automatically updated from exclusive app stores, and their counterparts that run on increasingly enshittified computers (CRApps) are cases in which the programs are installed on your own computer, but are controlled by someone else. They've come to be called apps, so that you'll think of them as appliances rather than as something you can and should be able to tinker with.
Web sites that, every time you visit them, install and demand to run Javascrapped programs on your computer, are a case in which, even if the program is technically Free Software, in this setting, someone else controls which version you get to run, and what that version does.
And then, there are the situations in which, instead of getting a copy of a program, you're offered a service that will do your computing for you, under somebody else's control, substituting software that could have been respectful of your freedom. [...]
Andrew Eikum has updated his blog post on passkeys. The revised title, Passkeys are incompatible with open-source software (was: "Passkey marketing is lying to you"), says it all.
Update: After reading more of the spec authors’ comments on open-source Passkey implementations, I cannot support this tech. In addition to what I covered at the bottom of this blog post, I found more instances where the spec authors have expressed positions that are incompatible with open-source software and user freedom:
When required, the authenticator must perform user verification (PIN, biometric, or some other unlock mechanism). If this is not possible, the authenticator should not handle the request.
This implementation is not spec compliant and has the potential to be blocked by relying parties.
Then you should require its use when passkeys are enabled … [You may be blocked because] you have a passkey provider that is known to not be spec compliant.
I suspect we’ll see [biometrics] required by regulation in some geo-regions.
I’ll leave the rest of the blog post as it was below, but I no longer think Passkeys are an acceptable technology. The spec authors’ statements, refusal to have a public discussion about the issues, and Passkey’s marketing, have all shown this tech is intended to support lock-in to proprietary software. While open source implementations are allowed for now, attestation provides a backdoor to lock the protocol down only to blessed implementations.
So long as the Passkey spec provides the attestation anti-feature, Passkeys are not an acceptable authentication mechanism. As a result, I’ve deleted the Passkeys I set up below in order to avoid increasing their adoption statistics.
Passkeys are cryptographic credentials marketed as operating through locally executed programs to provide authentication for remote systems and services. They are sometimes additionally tied to biometrics or hardware tokens. The jury is still out as to whether they actually improve security, or will merely continue as another vehicle for vendor lock-in. It's looking more like the latter.
Previously:
(2024) Why Passwords Still Rock
https://hackaday.com/2025/10/22/what-happened-to-running-what-you-wanted-on-your-own-machine/
https://archive.ph/6i4vr
When the microcomputer first landed in homes some forty years ago, it came with a simple freedom—you could run whatever software you could get your hands on. Floppy disk from a friend? Pop it in. Shareware demo downloaded from a BBS? Go ahead! Dodgy code you wrote yourself at 2 AM? Absolutely. The computer you bought was yours. It would run whatever you told it to run, and ask no questions.
Today, that freedom is dying. What's worse, is it's happening so gradually that most people haven't noticed we're already halfway into the coffin.
The latest broadside fired in the war against platform freedom has been fired. Google recently announced new upcoming restrictions on APK installations. Starting in 2026, Google will tightening the screws on sideloading, making it increasingly difficult to install applications that haven't been blessed by the Play Store's approval process. It's being sold as a security measure, but it will make it far more difficult for users to run apps outside the official ecosystem. There is a security argument to be made, of course, because suspect code can cause all kinds of havoc on a device loaded with a user's personal data. At the same time, security concerns have a funny way of aligning perfectly with ulterior corporate motives.
[...] The walled garden concept didn't start with smartphones. Indeed, video game consoles were a bit of a trailblazer in this space, with manufacturers taking this approach decades ago. The moment gaming became genuinely profitable, console manufacturers realized they could control their entire ecosystem. Proprietary formats, region systems, and lockout chips were all valid ways to ensure companies could levy hefty licensing fees from developers. They locked down their hardware tighter than a bank vault, and they did it for one simple reason—money. As long as the manufacturer could ensure the console wouldn't run unapproved games, developers would have to give them a kickback for every unit sold.
(Score: 1) by fen on Friday November 21, @12:34PM (2 children)
Ego leads to all these problems.
(Score: 5, Insightful) by Thexalon on Friday November 21, @12:46PM
I'm pretty sure the problem is that customer data is generally thought to have commercial monetary value, so tech businesses feel obligated to steal as much of it as they can get their grubby little paws on, and encourage their customers to generate as much data for their businesses as possible.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 1, Touché) by Runaway1956 on Friday November 21, @01:20PM
I should get rid of my tools then?
https://egopowerplus.com/ [egopowerplus.com]
I'm going to buy my defensive radar from Temu, just like Venezuela!
(Score: 4, Interesting) by SomeGuy on Friday November 21, @01:14PM (2 children)
I remember when one could just sign up for an account without need of an e-mail or anything else. You got a password in return, and that was it.
The only reason you should need to give an e-mail address is if you want alerts or if they really need a contact address. Now, if and only if an e-mail address is given, it becomes important to send an e-mail to verify the e-mail address just to make sure the account is not spamming someone that doesn't want it.
But along the line people figured out they could sell e-mail address.
And now days, many online accounts sell cell phones by requiring so-called 2fa authentication "becauseyoucantbetoosafethinkofthechildrenpollywannacracker".
(Score: 1, Interesting) by Anonymous Coward on Friday November 21, @02:10PM (1 child)
You must be old here.
These days it is a phone number they want. And an email address. And a real name. Real address. Blood type. Finger print. Face print. Anal print. Vein print.
Stuff it, just send us your DNA and we'll code a key for you that does a random check to make sure it is you.
The future is over rated.
(Score: 3, Insightful) by Hyper on Saturday November 22, @11:50AM
"When a place gets crowded enough to require ID's, social collapse is not far away. It is time to go elsewhere. The best thing about space travel is that it made it possible to go elsewhere." ― Robert A. Heinlein, The Notebooks of Lazarus Long
(Score: 5, Interesting) by VLM on Friday November 21, @03:54PM (2 children)
All the "good" ways to advance or make money have been done. Dying industry. Nothing left to do but screw stuff up.
(Score: 0) by Anonymous Coward on Friday November 21, @09:42PM
And yet, well over a half million US Patent applications are filed every year, so there are plenty of people that disagree with you. Of course many patents never go anywhere, but why bother to file unless you think you have some good stuff?
Ref: https://www.uspto.gov/web/offices/ac/ido/oeip/taf/h_counts.htm [uspto.gov]
(Score: 1, Funny) by Anonymous Coward on Saturday November 22, @12:04PM
Dying industry. Nothing left to do but screw stuff up.
Dear Sir,
Yes, this is very true. It was known last century, and the century before.
US Patent office clerks should all mass resign immediately to avoid being retrenched. They can go find rewarding jobs that will always be needed to be such as ditch digging, fruit picking, and brick laying. On the bright side, with this change they could very well do more for the US than they have done collectively for the last decade.
Signed,
Your Local Friendly Buggy Whip Maker
(Score: 5, Insightful) by corey on Saturday November 22, @02:53AM
Really good write up. He got me hooked when he said “programs”, rather than apps. Takes me back to my DOS days.
He hits the nail on the head. I used to love using computers and this article has helped me actually notice that I hate software these days and kind of don’t like using computers much. At work I’m constantly (multiple times per day) reminded why I hate Microsoft software. The Copilot buttons in every program, the nags for feedback and the weird crap about it all (like how Teams is just a web application running in a browser). I gotta say though, I like FOSS in Linux, because it has none of this crap. It seems like commercial software has adware built in these days. All the upgrade notifications, cross selling, onboarding, request for feedback etc. It’s as if the whole purpose of a company writing software is not to produce a tool for people but rather to maximise engagement and collection of personal data via a seeming tool - just like Facebook. Facebook is the tool but the purpose of it is not to connect you with people but to collect personal information for advertising revenue and make money that way.
(Score: 4, Informative) by bzipitidoo on Saturday November 22, @03:01AM (2 children)
"Dark pattern" is a term I've heard for this sort of thing. It has become a common dark pattern to assert that identifying information is needed, when it's not.
(Score: 5, Interesting) by jb on Saturday November 22, @10:05AM (1 child)
That sort of behaviour is what's traditionally called a lie.
In real world businesses, when dealing with things that are simple to understand, if a vendor tells you a lie, from that point on he's no longer your vendor.
Say a workshop manager orders a box of nails. Nails are simple, they have only 4 parameters: material, shaft length, shaft diameter and head diameter. So let's say a vendor advertises 2 inch stainless steel nails of some given shaft & head diameters. The manager buys a box of a thousand. When they show up he opens the box and sees that they're all only 1.5 inches long. Turns out the nails will still do the job and it's an urgent job so he doesn't send them back (and the value of the deal is far too small to bother getting legal involved). Instead he puts the vendor on his blacklist: no more orders for them, ever again. It's really that straightforward.
But it only works because the average workshop manager understands what a nail is, how it works and what makes one nail different from another nail.
Put the exact same manager in charge of procuring software, which he doesn't understand at all, and all of a sudden he ceases to act rationally and just goes along with whatever the vendor says.
Of course, dealing with a dishonest software vendor is just as daft as dealing with a hardware vendor who claims a thing that's only 1.5 inches long is really a 2 inch nail.
But nails have only 4 parameters, all of which are very easy to understand and at least 3 of which are also very easy for an ordinary unskilled person to measure with reasonable accuracy. Software has orders of magnitude more parameters, most of which only a software engineer would understand and hardly any of which can be measured by an ordinary unskilled person in any meaningful manner.
The obvious solution is simple: in a business context, only allow people to make procurement decisions about things they actually understand. You don't need to be a master carpenter to buy a box of nails; but you do need to be a software engineer to make sensible decisions about software procurement.
A better solution would be education: teach the next generation how software works (or how it should work), not just how to "use" it. Of course doing that involves first ridding the world's educational institutions (at all levels) from the extremely unhealthy influence of software vendors. Trouble is, in most educational institutions (at least in the tertiary sector; I don't know enough to comment on modern primary or secondary schools), decisions about technology are also made by people with no idea what they're doing ... so it's pretty much a catch 22 situation.
(Score: 0) by Anonymous Coward on Monday November 24, @02:24AM
This ^^^ for sure.
Tried to upmod you from +5 Interesting by adding an Insightful mod, but it didn't change.
How do we spread this meme, any ideas?