I actually agree with them on that point: most online services today are not freedom enhancers but freedom eroders. This was equally true of the overwhelming majority of software produced in the 80s and 90s and even much of it that is produced today. Some who have seen the doors close on certain business models framed around proprietary software have tried to dodge this by creating online services instead. Still others have seen the potential of online services and in their excitement and hurry have not considered the implications to the rights and freedoms of those who will use and perhaps even come to rely on their service.
I do believe that there is answer for this, however: Freedom Services. Just as with Free software and its commitments to use, modification and redistribution we need a set of commitments for online services to meet. Then we need to create those services and get people using them.
For the last couple of years, I've been rolling around in my head the question of what those commitments would look like. As we work on exposing online services in our Free software products more and more this becomes a rather more pressing question. Here are my thoughts as they currently stand on what those commitments should be for a service to be considered "Free as in Freedom":
- Specification: A full specification of the service's complete API must be freely available to all for reference. The specification must also be unencumbered so that anyone else may implement and extend it if they so choose without restriction.
- Implementation: A reference implementation of the full specification must be made available under a Free software license so that others may study, use and extend it freely.
- Privacy: A commitment must be made to all users of the service that privacy related issues, such as use or sharing of the user's information, is openly and clearly documented and that any privacy infringing action the service provider partakes in is opt-in by the user. This includes any actions taken by the service outside the scope of the Specification.
- Data Integrity: A commitment must be made to all users of the service that the data they create is theirs. This means the user must have the ability to easily have their data exported at their request in a useful format to a location of the user's choosing (e.g. a local file or even another service) as well as have the ability to remove any and all information generated by the user of the service from the online service at their request. Should the service shut down for any reason, the user must have a reasonable opportunity to retrieve their data.
Is this even possible? identi.ca comes close, though there is no data export function. opendesktop.org comes close as well, though there is a missing Free software implementation of the specification. So we have gaps to fill and many services to erect beyond that.
A registry of services that match some or all of the above commitments could be quite useful to those of us who care and would like to educate others about the issues as well. It sounds like a job for the FSF or FSFE to me! :)
What would you add or subtract from the commitments listed above? What services would you most like to see completely opened up?
15 comments:
Frank should really open "open"-desktop. Every time he is confronted with the idea he talks about open protocols .. that just isn't good enough.
http://autonomo.us/2008/07/franklin-street-statement/
There is another challenge in creating services that don't tie the user down and that is architecture. There is a real challenge in creating services in which user's data is not only technically free but which the user can actually use freely. I don't know whether Google Wave will be a success but it is clearly an attempt to tackle the technical problem of combining the interactivity of single-server social networking type frameworks with data-freedom of an inter-server protocol such as email. However successful Wave is, there are other areas where a similar synthesis of functionality needs to be achieved.
Somehow I feel that google tries their best to come close to your expectations.
Wave in particular, has all (?) of your expectations.
But yes, we need to put our heads together and come up with a good specification of "freedome services".
@alien: i see there's a draft spec of the federation protocol. does that cover the entirety of the API?
is there a data and privacy guarantee that meets the requirements listed in the blog entry?
is there a reference implementation of the google wave software that i can use under a f/oss license?
While there in free software are very strong incentives to use the gpl, I can't see how cloud computing in the same way could be made attractive as a free (as in freedom) service.
Free software has the big advantage that if you want to built on it, you can, but you have to share your part as well, but with cloud computing, you aren't really obliged to do anything except if you are building your site with gpl code.
While the idealist inside me would shriek with joy seeing a label of freedom on cloud computing, the pragmatist doesn't really believe it's going to catch on before somebody is getting something out of it. As in more than a shiny label.
A direction you might want to look at, is the fact that a lot of cloud computing is based around user generated input, and since users don't respond well to being taken advantage of, free licensing of the uploaded data such as creative commons seems to be pretty crucial to the success of a lot of online services.
While the software used to run cloud computing would in an ideal world be open, I would argue that it's a lot more important that the data uploaded to the service is kept under the ownership of the users.
Positive: Every point you made in this post.
Negative: Sounds a bit too close to "Freedom Fries" for my taste.
By the way, is the irony lost on everyone else that we're all commenting on this via a google blog instead of something like Wordpress? Oh, hang on, *my* blog's at Blogger, too. Dangit!
@aaron
Data and privacy guarantee - I frankly do not know. I personally do not have the patience of reading through EULA's or terms and conditions etc.
@reference implementation -
http://code.google.com/p/wave-protocol/
I am not a Java guy (Frankly I run away from java code) so I cannot verify if it the entirety of the protocol.
The client API is here:
http://code.google.com/apis/wave
PS: I am not a google employee! And some times I am known to put both my feet into my mouth.
I think you should change your 1st and 2nd right like this:
0. Right to start and stop using the service at any time; upon the termination of service, ALL data must be erased (at least this must be an option). By all, I mean even if some legal entity requires the vendor to provide information, all they have should be some log of apache about when the users log in and out.
1. Right to extend the service to one's own server, and host all one's data from there. This can be achieved through either the source code of the service being offered, ready to install (short of like chipmark server side) or a branch of the service can be installed on user's server.
I totally agree with 2 and 3 though
concerning 4. data integrity
you mention being able to export one's data.
Now it would be nice to have the ability to import one's data.
That would mean having a standard format for online data.
eg. for identica/twitter like things:
- data on one's profile (name,photo..)
- all one's posts data (optionally w or without posts of other people on one's wall/page + with their name anonymized or not...)
...
same for youtube-like sites... e-mail like sites...
yr.no comes close. It is an open weather forcast service in Norway. The api is documented at http://api.yr.no/weatherapi/documentation .
I have a small problem with "export data". Do we have an open document format for each and every service? I am assuming, for example, identi.ca, a simple text line separated file will do. But complex services like Facebook?
What I am getting at is, we need a generic format which we all should agree with.
@Magice "Right to extend the service to one's own server... This can be achieved through either the source code of the service being offered"
+1
This is pretty close to what I was trying to get at. Not only that you can copy the service and that you can "get at" your data but that the service is truly free to spread and interact.
seems to me there are 2 separate issues here: freedom of data, and freedom of service.
I don't see that storing my emails or documents on Google rather than on my hard drive is much different from storing my money in the bank rather than under the mattress. I need to be sure I can get my money/data in/out and that I can receive/transfer it from/to anyone I choose without the service imposing any restrictions. I also need to be assured the service is safe and secure (tho recent events in the banking sector do make one wonder ...).
This is essential for the service to be attractive to customers and hence viable. But as to how the service actually operates, does this matter? Who cares how a bank's ATM operates so long as you can get your cash out of it? If you don't like the way it operates you move your money elsewhere. If a software service doesn't have a feature I want/need or has lots of features that I don't like, I go elsewhere. So the essential thing is to have choice and not a monopoly.
With software services you always have that choice, because you can always buy/rent your own server and run your own service on it. If you want to collaborate with others on that and they like what you're doing, they will join you.
I think you're exaggerating the problems. I don't see how storing my mail or docs on Google 'erodes' my freedom, but if I do I don't use Google's services - end of problem.
@pr: "If a software service doesn't have a feature I want/need or has lots of features that I don't like, I go elsewhere."
nearly all of what you said had been said in the past about free software as well. "who cares, let's be pragmatic" with the assumption that the ability to take pragmatic decisions doesn't require some guarantees to personal freedom. that is, of course, a fallacy.
i completely agree that with services you should have the ability to "go elsewhere", but for all practical purposes that means you need access to your data. so far we agree, and that was covered in my list of freedoms.
then i need to be able to read that data and use it in another service of similar design. i need an API description for that, otherwise i need to change every single tool ever integrated with that service to match my new choice. this isn't practical in the least. so an API description is in the list of freedoms.
further, to read my data, i need to be able to, well, read it. which means the data format itself needs to be documented. once again, we're back to an open documentation of the API and data systems, preferably with code to back it up.
with an open code base, we have a far firmer guarantee to service choice.
as for privacy, i want to be able to have a say in what is happening with the data i am sharing with that service. they may have requirements ("mine your email so we can show you ads") but i should be informed clearly about all such actions.
if there is no value put to that by the consumer (probably because nobody has posed the question and so people don't think about it; it's not that they don't care!), services won't do so and we won't have a choice of a service that respects privacy or operates with us as their user in a true partnership.
now, while services can certainly decide NOT to engage in the attributes of freedom, i'd like to know which do so that i can patronize them (as i do with identi.ca instead of twitter, for instance) because i care about these things.
perhaps you don't, which is of course your option. personally, i believe we each have a right to live and behave as equals in society and that our choice of technology tools should not interfere with that equilibrium simply because some have ownership of the tool and others don't.
we're not talking about hammers and nails here, we're talking about thoughts and ideas. the former builds the physical structures in our society, the latter guides how we build them and enables us to do so free of tyranny.
@aaron: "then i need to be able to read that data and use it in another service of similar design. i need an API description for that, otherwise i need to change every single tool ever integrated with that service to match my new choice. this isn't practical in the least. so an API description is in the list of freedoms"
not sure I understand what you're getting at. Take email. My access to webmail is via an AJAX browser program, with js probably minified so that it's not easy to read. So this access is not open/free in the free software sense. However, if I also have full access to my emails via IMAP, I can copy/dump my entire email folders to any other storage device I choose. So, if by 'API' you mean 'data should be retrievable in a standard format that can easily be used by another similar service', then I agree. Talk of 'API' will put most people off - 90+% of the population don't even know what an API is, so are unlikely to demand they have one :-)
"as for privacy, i want to be able to have a say in what is happening with the data i am sharing with that service. they may have requirements ("mine your email so we can show you ads") but i should be informed clearly about all such actions."
there, I fully agree - tho have to admit I do not always read T&Cs as thoroughly as I ought . . .
Post a Comment