Evaluating a device for freedom
The Aleph Objects LulzBot AO-100 3D Printer was the first device to receive RYF certification.
The fight for software freedom is multifaceted, and having the right devices is key. Most devices contain features which can be used to restrict their use, or even worse, for spying on the owner. This is why in 2013, the FSF’s licensing and compliance team started the Respects Your Freedom (RYF) certification program. It encourages the creation and sale of products that will do as much as possible to respect your freedom and your privacy, ensuring that you have control over your device.
When we evaluate a device for certification, we assess four general categories: hardware capabilities, software licensing, compiling/installation, and product presentation.
The first step is to open up the device and identify each integrated circuit (IC) inside, and determine its capabilities. Usually, any IC with relevant functionality will be marked and identifiable. Once these components are identified, we seek out various documentation, including data sheets and product descriptions. We need to understand what the IC can do, if it can be reprogrammed, and whether the secondary embedded processor exception might apply, which would allow certification: this exception is for ICs within which software installation is not intended after the user obtains the product.
Next, we move along to the software. We must make sure that all the code needed to use the device is fully licensed as free software. Although
string are useful tools for verifying licensing, we’ve increasingly been relying on license scanning programs like the scancode-toolkit. If problematic files are discovered, they will need to be removed by the retailer. This can be a very tedious process, but every removed nonfree file helps the community both upstream and downstream. Once the code is verified, we compile and install it, to make sure the customer can do so themselves.
For a device to be certified, all of the programs included with it must have accurate instructions for compilation and installation. The instructions should be practical and written for the widest audience, but may require a minimum of technical know-how from the user, such as executing programs on a command line. The evaluation process involves building from source and loading it onto the device. For peripherals and less complicated devices, being able to install and use the device with a computer running an endorsed distribution suffices.
Finally, we address how the device is presented to the recipient. The certification program is designed to never direct a user to anything nonfree. This includes not only the source code, but also the compiled program, advertisements, product documentation, Web pages, and product packaging. For a vendor interested in promoting software freedom, these steps may seem quite natural, and may already be in place for their products.
The RYF process does not end there: the price of freedom is eternal vigilance, and so the community is invited to point out any issues we may have missed. A key criterion is a commitment by the retailer to correct any freedom issues in the device, so if a package, firmware, or hardware component is found to be nonfree or violates the user's privacy, we invite reports to be sent to email@example.com and to the retailer directly.
Now that you have an idea of how the program works, if you come across a product that might meet our criteria, please encourage the vendor to apply at firstname.lastname@example.org. For vendors wishing to sell a product in a manner that respects the rights of its customers, and that comes with only freedom inside, this program is for you. You can learn more about the RYF certification program and view currently certified devices at ryf.fsf.org.
Illustration Copyright © 2020, Free Software Foundation, Inc., by Raghavendra Kamath, Licensed under Creative Commons Attribution 4.0 International license.