Free Software

Degooglifying (Part II): Feed Reader

February 7, 2012 8:35 am by Blaise Alleyne

This post is part of a series in which I am detailing my move away from centralized, proprietary network services. Other posts in this series: email.

Next to email, replacing Google Reader as my feed reader was relatively easy, though I’ve chosen to use the move as an opportunity to clean out my feed subscriptions, rather than doing a straight export/import. I’ve replaced Google Reader with two free software feed readers: Liferea (desktop) and Tiny Tiny RSS (web).

A reading list can be very personal, and it can also be very misleading out of context. For example, my reading list suggests all sorts of things about my religious and political views, about the communities to which I may be connected, etc. Though, it would take some analysis to try and figure out why I subscribe to any particular feed. Is the author’s view one I espouse and whole-heartedly hold as my own? One I find interesting, challenging, or thought-provoking? Or one I utterly disagree with yet want to learn more about?

There is something private about a complete reading list, much like the books you might check out from the library or the videos you might rent from a store. As we get more of this content through the internet, it’s easy for these lists (and even more behavioural data about how we interact with them) to be compiled in large, centralized, proprietary databases, alongside all sorts of other personal information that would not be available to a traditional Blockbuster or public library. Besides the software fredom issues, this is another revealing personal dataset that I can claim more control over by exercising software freedom, rather than dumping it into a big centralized, proprietary database. Both software freedom and privacy issues are at play here.

Desktop Client: Liferea

Liferea is a desktop feed reader for GNU/Linux. Google Reader was my first feed reader, so a desktop feed reader was a bit of an adjustment, but there are a few things I really like about it:

  • Native application: It integrates well with my desktop, with something like Ubuntu’s Messaging Menu, and it’s a client that feels somewhat familiar in GNOME.
  • Control over update frequency: One of the things that bugged me about Google Reader is it constantly checks for new content, whether or not you want it to. Sometimes, I don’t want to see anything new until tomorrow. It’s nice to be able to click update, read, and then let it be until I choose to update again. (Though, the downside is missing material if you don’t update often enough.)
  • Integration with Google Reader / Tiny Tiny RSS: This is a killer feature. You can use Liferea to read feeds through the Google Reader API, and recent versions have added support for a tt-rss backend as well. This helped with my transition because I could use Liferea as a front-end for Google Reader before I was prepared to migrate my feeds, to test it out, to ease the transition, etc. And, I will be able to use Liferea and tt-rss together to have both desktop and web-based clients.
  • Embedded Web Browser: This is also a killer feature. Websites that don’t have full-text feeds and only offer a content snippet are annoying in Google Reader, because you have to leave Reader to see the full content. But, in Liferea, you can tell it to automatically load content for a feed using the embedded web browser instead of just viewing the snippet, or hit enter on any feed entry to load the URL using the embedded browser. It even has basic tabbed browsing support, so you don’t have to flip back and forth between your web browser and your feed reader. This makes reading content from non-full-text feeds easy without leaving Liferea.
  • Integrated Comments: Liferea can detect comment feeds on many blogs, and it shows a handful of comments underneath entries. Combine this with a quick enter key to visit the web page with the embedded browser, and you no longer have to leave the feed reader to participate in the comments. This is a nice step up from the usual isolation of a feed reader from comment threads.
  • Authentication support for protected feeds: This is a useful feature for subscribing to protected content, such as an updates feed on an internal wiki.

I tested Liferea as a Google Reader front end, then migrated subscriptions group by group (giving me a chance to re-organize, though I could have just used an OPML export/import), and once I upgrade to Liferea 1.8, I’ll connect it to tt-rss.

Other Desktop Clients: RSSOwl is a free software, cross-platform (Windows, Mac OS X, GNU/Linux) feed reader, which also has Google Reader integration. I have only tried this briefly, so that I could recommend it to Windows users.

Web Client: Tiny Tiny RSS

Tiny Tiny RSS is a web-based feed reader, similar to Google Reader, but free software that you can run on your own web server. There are some feeds I read all the time, and others I’ll skim or catch up on when I have a chance. For the must-read feeds, it makes a huge difference to be able to read them from my mobile computer. With Google Reader, I used grr, and there is a mobile web interface. I migrated my must-read feeds to tt-rss instead of Liferea so that I’d have easy access to them while away from my laptop, while still having the ability to use Liferea when on my laptop with it’s tt-rss integration. I’m moving more and more feeds into tt-rss, though I plan to leave some less frequently updated, less important feeds or feeds that are difficult to read from my mobile in Liferea only.

Some cool features:

  • Publish articles to shared feed: Google Reader had a shared articles RSS feed, and I’d piped that into blaise.ca. tt-rss has a similar RSS feed, which I’ve also been able to include on my website
  • Mobile web interface: tt-rss has a mobile web interface for webkit browsers powered by iUI. With Macuco on my N900 or the Android web browser, it works quite well — though, only for full-text feeds.
  • Filters: With tt-rss, you can create filters on feeds. So, for example, I am automatically publishing articles from the Techdirt feed that I’ve written, or I can auto-delete posts for a particular series or author that I’m not interested in to custom tailor a feed to my interests. It’s very useful for automating certain actions or reducing noise on a high-traffic feed.
  • Custom CSS: I suppose you could customize Google Reader’s styles with a GreaseMonkey script or something, but tt-rss offers custom CSS overrides and multiple themes out of the box, which is great for setting some more readable default colours.
  • API: tt-rss has an API, which allows for Liferea integration, an Android client, etc.
  • Authentication support for protected feeds: Like Liferea, tt-rss provides support for feeds requiring authentication.

As with Liferea, tt-rss gives me control over how frequently updates run, since I schedule the update job. But that control also comes without the downside of missing content if I’m away from my feed reader for a while; unlike a desktop client that needs to be open to retrieve new content, tt-rss does so in the background from the server, so it can still track new entries while I’m away. It has the benefits of Google Reader’s persistent background updates, while still giving me control over frequency and scheduling. I have the update job set to run a few specific times through the day, and tt-rss gives you the option to set an even longer update interval for any given feed.

While I was initially migrating from Google Reader to Liferea, Tiny Tiny RSS is quickly becoming my primary feed reader, while Liferea will become my primary desktop client for tt-rss and home for less frequent/important/non-full-text feeds.

Other Web Clients: NewsBlur is another web-based, free software feed reader, which is based on a more modern web stack and seems to have some neat features. I have yet to try it, and I’m not sure of the state of its mobile or API/desktop integration, which are two things I really like in tt-rss. It’s worth taking a look at though for sure. NewsBlur.com has a hosted service, if you aren’t able to run your own web server or don’t have a friend who’s running one.

Conclusion

My migration away from Google Reader is essentially complete. I have less than a dozen feeds remaining there, but mostly old or broken feeds. I no longer log into Google Reader to read anything, though I’ve got one more round of cleaning to do to empty my account. I’m currently split between Liferea and tt-rss, but with Liferea 1.8, I’ll be able to integrate the two. I also have other libre options to explore with NewsBlur and RSSOwl.

There is nothing that I miss about Google Reader, and if anything, with an embedded browser, native desktop options, integrated comments, control over update scheduling, feed filters, and authentication support for protected feeds, I have a lot of useful features now that I didn’t have with Google’s proprietary service — nevermind more software freedom and less surveillance.

Creative Commons Attribution-Share Alike 2.5 Canada Permalink | Comments (3)

Can Facebook Really Bring About A More Peer-to-Peer, Bottom-Up World?

February 6, 2012 11:19 pm by Blaise Alleyne

This post originally appeared on Techdirt

Mark Zuckerberg’s letter to shareholders included in Facebook’s IPO filing contains a pretty bold vision for Facebook to not just connect people and enable them to share, but to fundamentally restructure the way that the world works:

By helping people form these connections, we hope to rewire the way people spread and consume information. We think the world’s information infrastructure should resemble the social graph — a network built from the bottom up or peer-to-peer, rather than the monolithic, top-down structure that has existed to date. We also believe that giving people control over what they share is a fundamental principle of this rewiring.

We have already helped more than 800 million people map out more than 100 billion connections so far, and our goal is to help this rewiring accelerate. [emphasis added]

That sounds pretty lofty, but if you recognize that Facebook provides a social networking service that hundreds of millions of people use — but forget for a moment that it’s Facebook — it’s quite a bold “social mission.” And there are many examples of how the service has been used as a key tool in affecting change on everything from opposition to the Canadian DMCA to the Arab Spring. There’s no doubt that the service makes it easier for people to organize in a more bottom-up way.

But, once you remember that it’s Facebook we’re talking about, the vision sounds more problematic. Could Facebook ever truly bring about a peer-to-peer, bottom-up network? The notion seems to be an inherent contradiction to Facebook’s architecture — as a centralized, proprietary, walled garden social networking service. Facebook may enable a more bottom-up structure, but it’s a bit disingenuous for Zuckerberg to decry a monolithic, top-down structure when Facebook inserts itself as the new intermediary and gatekeeper. As a centralized, proprietary, walled garden service, Facebook is a single point for attacks, control, and surveillance, never mind controversial policies or privacy concerns. Facebook may enable a more bottom-up and peer-to-peer network compared to many things that came before, but there is something fundamentally at odds with a truly distributed solution at the core of its architecture and its DNA.

To realize the full potential of bottom-up, peer-to-peer social networking infrastructure, we need autonomous, distributed, and free network services — the sort of vision that StatusNet/Identi.ca or Diaspora have tried to bring about. Rewiring the world to create a more bottom-up, peer-to-peer network is a bold vision for Zuckerberg to put forth — and one that Facebook has advanced in many ways — yet it’s fundamentally at odds with the reality of Facebook as a centralized and proprietary walled garden.

Read the comments on Techdirt.

Creative Commons Attribution-Share Alike 2.5 Canada Permalink | Comments Off

Degooglifying (Part I): Email

January 27, 2012 6:58 pm by Blaise Alleyne

I’ve begun to write about free (libre) network services, and the hazards of being a tenant on the web instead of a property owner. I began slowly moving away from Google in 2009, but I’ve accelerated that process since the launch of Google+. I thought I’d begin to share my process of degooglification.

To be clear, I still generally trust and respect Google, and I do believe they’re generally less evil than most, but…

  1. Despite great support for open source software, they remain a proprietary software company at their core. Google is a friend to open source infrastructure, but not to free (libre) network services. Specifically, it’s the proprietary network services I’m degoogling from.
  2. The sheer amount of data — email, contacts, documents, calendar, RSS feeds, social graph, phone calls, photos, GPS location, nevermind web searches… — aggregated into a one single account with a proprietary service provider is an obviously bad idea. Even if Google never intends to do anything bad with it, they can make mistakes. Even if Google never does anything bad itself, it’s a single vector for attack from an outsider. And it’s not your account.

Email is one of the easiest services from which to degooglify. It’s also a good example of a multi-step transition.

Changing the front-end

The first thing I did was to stop using the Gmail web interface. I configured my Gmail account in Thunderbird, which I was already using for other email accounts. Google’s commitment to data portability often makes it easy to switch your front-end software before switching the back-end, which can make a transition much smoother. Rather than cutting over cold turkey, you can ease into a new interface. My Gmail account is still active, but it rarely sees any important email anymore. I’ve transitioned 99% of my email to other accounts on domains I control (like this one).

Changing the Backend

Gradually, I started using my blaise.ca email addresses instead of my Gmail account, until eventually I wasn’t getting much email through Gmail anymore. With my Gmail account configured in Thunderbird, it was easy to archive the contents on my computer. You can access Gmail labels as IMAP folders and just copy email from one account to another, and Thunderbird will even offer to synchronize a local copy of your Gmail account. I never used Gmail contacts, but an export and import to Thunderbird would get your data out (more on contacts another time). Lastly, I’m still monitoring my Gmail account via Thunderbird, but I could set an auto-reply and/or forwarder if I really wanted to force that last 1% over. I will probably do that eventually.

Other Considerations

There are a few other perks of a Gmail account that are pretty easy to get from libre alternatives:

  • Hosted: Not everyone is going to run their own mail server, or have a friend or family member who does. But there are hosted, libre services, like riseup.net
  • Storage space: in 2004, 1 GB of email was a huge game changer. Today, it’s not very hard to get that kind of storage space on a server for cheap.
  • Chat: Google uses the open standard XMPP for its chat service. I run my own XMPP server, and there are public Jabber services like jabber.org. I’ve simply added my Gmail contacts to my blaise@blaise.ca XMPP account. More on chat another time.
  • Conversations: The Conversations add-on provides Gmail-style conversations inside Thunderbird.
  • Spam filtering: Gmail has a good track record on spam filtering, but SpamAssassin, ClamAV and a greylisting policy can produce great results on your own server nowadays. I don’t get any more spam to my blaise.ca inbox than I do to my Gmail inbox.
  • Webmail: I love Thunderbird, but not everyone wants to use a desktop client, and you’re not always on your own computer. Roundcube is already a great free software webmail client, and it hasn’t even hit 1.0 yet. Many hosting providers already offer Roundcube to their customers.
  • Mobile: With IMAP, my email is easily accessible from and synchronized between Thunderbird, Roundcube, and my mobile computer’s IMAP client.

Email is probably the easiest thing to degooglify. It can be a smooth, gradual transition, and there are lots of good alternatives, as well as benefits from leaving Gmail. Over the next while, I’ll share my ongoing efforts to degooglify other aspects of my online life.

Creative Commons Attribution-Share Alike 2.5 Canada Permalink | Comments (5)

Explaining Distributed Social Networking Services

November 19, 2011 6:26 pm by Blaise Alleyne

Via the FreedomBox Foundation, J David Eisenberg has created a great comic introduction to distributed social network services. Distributed systems are an important part of free network services.

Creative Commons Attribution-Share Alike 2.5 Canada Permalink | Post a Comment

Google+ exists to organize people, but I don’t want to be “organized”

November 11, 2011 12:27 am by Blaise Alleyne

There are many things I like about Google+, but, beyond being yet another proprietary social networking service, something just doesn’t sit well with me about Google’s primary purpose. Comments by Brad Horowitz that Google+ will be connected to everything Google are a good example of what concerns me:

Google+ is Google itself. We’re extending it across all that we do — search, ads, Chrome, Android, Maps, YouTube — so that each of those services contributes to our understanding of who you are [emphasis added]

Maybe I’m naive or wrong, but it never seemed like the primary motivation behind Gmail was to sell more ads. It felt like an innovative email service that Google was able to monetize with relevant, contextual ads, not merely a means to improve Google’s ad business. But Google+ feels different. Google’s primary interest is to get access to more social information, not to create a better social networking service. Buzz or Google+ are just the means for Google to gather social data.

As Fred Wilson said with respect to Google+ as an identity service:

It begs the question of whom Google built this service for? You or them. And the answer to why you need to use your real name in the service is because they need you to.

Google is often pretty good at aligning its interests with that of its users. For example, the more useful their ads are to users, the better Google does. Or, the better your web browser is, the more you use the Internet, the more Google thrives. But with Google+, it feels like the desire for an identity data mining tool well precedes their desire to provide a useful social networking platform.

Google+ is not first and foremost “a place for friends” or a way for student life to find expression online. From Google’s hyper-engineer perspective, we are just things to be organized in the process of organization the world’s information. They’ve organized web sites, photos, maps, calendars, videos, books — now, they’re just organizing people.

Maybe Google+ is really no different from other Google services. Maybe I’m just different. I don’t want my relationships with other people, my identity, to be treated as ultimately just data to harvest, information to organize, inputs to a proprietary Google algorithm, a way to teach Google about me as some sort of data structure. Google+ seems to exist more for Google than it does for me.

I don’t want to be treated as just a thing to be organized.

Creative Commons Attribution-Share Alike 2.5 Canada Permalink | Comments (1)

A Unified Vision for Free Network Services and Mobile Computing?

September 6, 2011 8:30 am by Blaise Alleyne

A couple years ago, I would have said that network services and mobile computing were two new frontiers for software freedom, two new challenges, two new battles. But, despite some key differences, these two areas are so closely related and that I think we need a unified vision for addressing these as two parts of a whole.

Companies like Google have a unified vision. Look at Chrome or Android from Google’s perspective: the purpose of a mobile computer is simply to increase access to proprietary network services. These open source operating systems are designed to run proprietary applications and connect to proprietary network services. From Google’s perspective, mobile computing and network services go hand in hand — open source software is a way to increase the adoption of mobile computers complementing their proprietary network services. While Google’s goal is not software freedom, we should take note of how their strategy involves both mobile computing and network services together. We can’t effectively free one without freeing the other.

The free software movement needs a unified vision for network services and mobile computing. But what might that look like? StatusNet has an Android client, as does Libre.fm, but these are just more convenient ways to access network services from a mobile computer — not network services designed for mobile computing.

Look at the kinds of proprietary network services companies are developing for mobile computing. Google Latitude enables social location sharing, combining mobile positioning systems with online social networking. Last.fm’s mobile applications include some features for finding events based on your location. Google Goggles let’s you point the camera on your mobile computer at something and find information on that thing through Google’s search engine. Apple’s Facetime and Google+ Hangouts (not mobile quite yet…) are attempts to bring video chat to mobile and tablet computers. Social networking services like Facebook, Google+, and LinkedIn are focusing in on the mobile space as well.

What does free software have to offer? For location-based services, we have OpenStreetMap. StatusNet offers some location-sharing, but StatusNet for Android doesn’t seem to support this yet. Other than direct map programs, are there libre mobile applications making use of OpeenStreetMap? Could Libre.fm use mobile location data to highlight local free culture events? Regarding something like Google Goggles, are there many libre mobile applications can do something similar with, say, Wikipedia? (Mixare seems like a good example of this.) SIP and XMPP are great for video chat, but I’m not sure many users are aware of public XMPP or SIP services. How can we offer libre alternatives to Skype and Facetime on tablets? What kinds of opportunities are there for libre social networking services, like GNU Social or Diaspora, in mobile computing? What barriers are there to libre augmented reality or location-based services?

More importantly, beyond just emulating proprietary services, where might libre solutions offer new innovations? Where might free software have a distinct advantage, or something unique to offer? On desktop operating systems, the ability to easily distribute and repackage free software lent itself towards the development of package managers — applications that manage all your software installations and upgrades from one place, making it easy to find new software or keep your entire system up-to-date from one application. Meanwhile, on proprietary operating systems, you often have different update managers for each proprietary vendor. and upgrades often involve a purchase and don’t come as easily. Similarly, free software desktop operating systems provide much more desktop integration, as free software applications each contribute to a corpus of tools for the operating system, and distributions can customize software packages to make them work well together. On proprietary systems, each proprietary vendor tries to carve out their own space, and the distributor has limited options to customize software packages from other sources (or you end up with one company’s vision being ruthlessly enforced on any players in the ecosystem, as with Apple).

What kinds of advantages does free software have in developing a comprehensive approach to network services and mobile computing? Is it that libre solutions are often more distributed and less subject to surveillance or external control? That the user isn’t just a product for advertisers? I’m not sure yet myself, but this is something I think software freedom advocates need to consider more directly. Proprietary mobile computing offers convenient vertical integration with proprietary network services. What unique advantages does free software have at the intersection of mobile computing and network services?

Software freedom advocates need to think about network services and mobile computing together. If you take a look at the FreedomBox Foundation, for example, there are a lot of great ideas floating around about free network services… but there seems to be little mention of mobile computing. Yet, people are increasingly interacting with network services through their mobile and tablet computers, rather than just on their laptops. Bradley Kuhn offers another example. He never ceases to share excellent insights on software freedom for mobile computers and network services, but usually as two separate topics. For example, in a March 2010 post entitled Musings on Software Freedom for Mobile Devices, Kuhn writes:

We can take a page from Free Software history. From the early 1990s onward, fully free GNU/Linux systems succeeded as viable desktop and server systems because disparate groups of developers focused simultaneously on both operating systems and application software. We need that simultaneous diversity of improvement to actually compete with the fully proprietary alternatives, and to ensure that the “mostly FLOSS” systems of today are not the “barely FLOSS” systems of tomorrow. [emphasis added]

He’s absolutely right here, but network services form a third necessary category of software for success in the mobile space. In the same way that a libre desktop OS needs libre applications, a libre mobile OS needs libre network services. In a sense, to talk about software freedom on mobile computing without mentioning network services is like talking about building a free desktop operating system without mentioning the applications. And the interdependent relationship between mobile applications and network services is much more complex than application level software for a desktop OS.

It’s not just a question of which libre network services are missing, or which libre mobile applications are missing, but how libre mobile applications and network services can complement each other and work together. Success in one area depends on success in the other. We need to approach network services and mobile computing not just as two separate challenges, but as two parts of a whole, with a comprehensive vision and shared strategy. What might that look like?

Creative Commons Attribution-Share Alike 2.5 Canada Permalink | Post a Comment

Four Criteria for Free Network Services

August 2, 2011 8:16 am by Blaise Alleyne

I’m increasingly critical of network services — software that you use on someone else’s server to do your own computing. We rely on computers more and more for our work, social lives, civic engagement, health, education and leisure, and more and more that means relying on networking services rather than our own personal computers. There are serious trade-offs to living as a tenant online, rather than a property owner. I’ve been reconsidering the network services I use and rely on, especially in the shift to mobile computing.

The work of Autonomo.us has heavily influenced my thinking. Also of note is Stallman’s essay on software as a service (though he does more to identify the problems than recommend solutions). I essentially agree with the Franklin Street Statement from Autonomo.us. As a user of network services, I’ve narrowed it down to four major criteria to look for when deciding whether to trust a service on freedom and autonomy.

  1. Free (libre) software
  2. Control over data
  3. Privacy / Encryption
  4. Distributed Systems

Note: This is more of a working list than an attempt at a formal definition. For example, I’m not sure that #3 and #4 should be required, even though I believe they are important. Feedback is welcome.

1. Free (libre) software

Free (libre) or open source software licenses designed for network services, like the GNU AGPL, help guarantee the software will respect users’ freedoms. The arguments for software freedom have been addressed at length elsewhere, but the freedom to run the software yourself is particularly relevant here since, unlike desktop software, you often have the choice of letting someone else run the software for you. Even if you don’t run the software on your own server, having the freedom to do so ensures that you can still run the service in the event that the service provider shuts down — a frequent concern with proprietary web startups after acquisition or failure. And, even if you can’t run the software yourself, with all four freedoms, chances are someone else will. The broader case for software freedom is made at length elsewhere.

Network services should respect users’ freedoms. LibreProjects.net has a good list of free web services and alternatives.

2. Control over data

If users want to leave a service provider, can they take their data with them? Open standards are important. Open standards allow other software to read and understand your data. Open standards also allow you to mix the software you use on the client and server or across multiple devices more easily. Not only does this make migration more realistic, but it makes transitions smoother.

Google’s network services aren’t often free (libre) software, but Google does have a strong commitment to open standards and making your data easily available. I’ve used many Google services from non-Google clients: Gmail from Thunderbird, Evolution and Modest; Google Calendar from Lightning, Evolution, and my N900; Google Reader from Liferea and grr; Google Talk from Empathy, Pidgin, and my N900, etc. I’ve been able to switch my client-side software before changing the back-end. This makes it possible to transition to new services gradually, in smaller steps, with less disruption.

Facebook has a download feature, but it’s slow, and it just chucks all of your data into a giant zip file rather than putting it into formats that other software or services could understand. Facebook has also actively blocked services that export your data to other providers. Your data is available for download, but not in a very useful way.

Migrations are not always planned. On your own server, you have the master key. With a service provider, if you lose access to your account because it’s cracked or cancelled suddenly, will you also lose access to your data? Or will you have an up-to-date copy locally? Open standards often help make it possible to keep a local copy up-to-date, but this isn’t always the default way we use these services. A synchronization service will typically maintain a complete local copy of your data, but services intended to be accessed through the web often require additional client-side set up
on the user’s part to make this happen (e.g. using Thunderbird or OfflineIMAP to keep a local copy of your Gmail email, or using Google Sync to keep a local copy of your calendar and contacts). Or, the services may only offer data dumps as backup. Does a service let you keep a complete local copy of your data easily in your everyday usage? Even if you primarily use the web interface, setting up a desktop client for regular use can help maintain a local copy of your data without having to consciously download backups.

Lastly, public data that is intended to be shared should be available under a free and open licence. Identi.ca uses CC BY for public user data. Libre.fm focuses on freely licensed music. This gives control over public content to the community, rather than just the service provider.

Network services should let users control their data, using open standards to give users control of their personal data and free licences to give the community control over public data. Despite having a very mixed record on other criteria, Google is a good example of open standards done right. Free (libre) and open source tools are also usually good with open standards. Identi.ca is a good example of licensing public data freely.

3. Privacy / Encryption

My concern with privacy isn’t so much what a service provider’s policies are, but who has access to the data in the first place.

With the launch of Google+, I’ve been quite relieved that I’ve moved a lot of my important data out of Google over the past few years. It’s one thing for Google to have my email or my social graph or my documents, but the volume of data that would be in one place using all of Google’s services is astounding. Google is generally a well-meaning company, but I wouldn’t want any single organization to have everything that Google might have: my email (love letters, job applications…), address book (contacts and their private information), documents (budget, resume, business plans), calendar (activities, habits, regular whereabouts), RSS feeds (passions, interests, and political, intellectual, religious leanings), instant messaging (chat logs with friends, lovers, co-workers), my social graph (strong ties, relationships), my phone calls (the ability to recognize my voice from Google Talk or Google Voice), my photos (facial recognition and identification of my family, friends, colleagues) — nevermind all of the revealing personal information contained in web searches! There are lots of questions regarding each type of data and whether or not you’d want to trust it with someone else, but the aggregation of all of it into a single account is a more noticably bad idea. It’s a recipe for disaster in the event of a privacy leak or breach, oppressive government actions, a supeona, the loss or revocation of your account, etc.

Furthermore, some things I simply don’t want on someone else’s computer ever. I’ve felt comfortable trusting service providers like Google with my email in the past, but I’ve never been comfortable trusting them with my entire address book — that’s not just my data, but other people’s private information too. Similarly, I would never want my personal journal on someone else’s computer — that’s just too private.

However, Mozilla does a fantastic job of handling private data. With Mozilla Weave (i.e. Firefox Sync), not only is it free (libre) software that you can run on your own server, but your data is encrypted on the server. A user has two passwords — one to authenticate with the server, another to encrypt the data locally. Since encryption happens locally, the server only sees the encrypted data and never sees your second password. Mozilla doesn’t even ask for the information to decrypt your Firefox Sync data. You can use their server to sync your data across computers, but it’s only ever decrypted on your computers, not the server. If you use Mozilla’s server instead of your own, Mozilla still won’t have access to your data.

I wish more services providers would do this. I understand it doesn’t work for services that are meant to be accessed directly on the server through the web, but at least for synchronization services it seems like a privacy no-brainer. Funambol, for example, is a great libre software data synchronization server for mobile devices, but I don’t think their gratis service at my.funambol.com encrypts your data. I suppose they have a web interface on their server, but I’d rather run my own Funambol server in the absence of Weave-style encryption, whereas I don’t mind using Mozilla’s Firefox Sync service at all.

Encryption of data in transit is another concern. Does a network service or web application offer encrypted methods of communication? Or is your private data being transmitted out in the open? Gmail now offers HTTPS by default. Facebook and Twitter offer an “Always use HTTPS” setting. The EFF has developed a Firefox add-on that uses HTTPS wherever possible. I’ve started using basic StartSSL Class 1 certificates, which are available at no cost to individuals, in order to encrypt traffic on my home servers.

A good network service should take privacy seriously, and offer encryption wherever possible. I’m not sure that this should be a requirement for a free network service, but it’s an important consideration before using a service hosted by somebody else. However, a service that may fail to adequately protect your privacy as a hosted service could still provide an acceptable self-hosted solution.

4. Distributed Systems

Email is a common example of a distributed set of protocols. If Bob uses Hotmail and Sally uses Gmail, they can still communicate with each other. Telephony provides another example; Bell customers can phone Rogers customers, and vice versa. This is the ideal — choosing a service provider independently from the people with whom you want to communicate. Distributed systems strengthen the Internet, creating fewer points of failure or censorship, more opportunities for expression and innovation, more freedom and autonomy for users. This isn’t always relevant for network tools or synchronization services aimed at individuals or small groups compared to social network services and communications tools.

Most online social networking services are walled gardens. Facebook users can only talk to other Facebook users, MySpace users can only talk to other MySpace users, etc. In this environment, social pressure has negative effects on freedom and autonomy. You might not feel comfortable using Facebook, but if that’s where your social circles are active, you’re faced with the choice of being left out or using a service provider with which you’re uncomfortable.

Google Talk makes it clear that it doesn’t have to be this way. Rather than developing their own proprietary walled garden instant messaging service, Google used the open standard XMPP (aka Jabber) for its chat service. With XMPP, you can chat with people on other servers. I have a Jabber account on my own server (and there are dozens of public Jabber servers), and I can still talk with (or call) people on Gmail Chat. I’ve left Google Talk, but I’m not cut off from Google Talk users. Compare that to Skype, which has so far relied on a proprietary VoIP protocol that only lets Skype users call other Skype users (short of bridging to traditional telephony).

In the social networking space, there are efforts like GNU Social/StatusNet and Diaspora to develop distributed solutions. StatusNet has already had some success implementing an open standard for distributed status updates. I’m curious whether Google+ might advance the cause of distributed social networking services (even slightly), given Google’s commitment to distributed systems and open standards elsewhere, and their development of new standards like OpenSocial.

Social network services should be distributed, allowing users to communicate across service providers. Email, traditional telephony, XMPP/Google Talk and GNU Social/Diaspora are all good examples of this. I’m not sure that this should be a strict requirement for a free network service, but the freedom to run the software on your own server is pretty useless for some social applications if you can’t communicate with people on other servers.

Conclusion

Identi.ca, the flagship StatusNet site, is a perfect example of a free network service. It’s free software (AGPL), implements open standards and documented APIs for accessing your data, they’ve pioneered an open standard for distributed networking, and public updates are licensed freely. I’m happy to use Identi.ca.

Mozilla’s Firefox Sync is a good example of a free network synchronization service. Data is encrypted, it’s free software that can be run on another server, and bookmarks are stored locally in a format that other applications can read. I’m comfortable using Mozilla’s service for Firefox Sync.

AGPL network sync services like Funambol and Snowy are also libre services (free software, open standards or documented formats), but in the absence of Mozilla-style encryption, I’d prefer to run them on my own server. The FreedomBox Foundation has been working on an easy way to run libre services from a home server, and make them available to others. I currently use a combination of always-on GNU/Linux home computers available remotely and some dedicated servers that I manage. Even without your own server, you can use free (or more freedom-friendly) hosted services like riseup.net for email, jabber.org or others for instant messaging, my.funambol.com for mobile sync, Mozilla Firefox Sync for bookmarks and browser data, Identi.ca over Twitter, Voip.ms (SIP) over Skype, Libre.fm over Last.fm, etc. If you’re looking to try out some of the self-hosted services, I do have Snowy, Funambol, and Tiny Tiny RSS running on my home server — contact me if you’d like an account to try them out.

The process of disentangling from proprietary network services can take some time, but it’s well worth it for the sake of freedom and autonomy, even when it may be challenging in the short-run. If you can’t leave a proprietary service right away, recognizing where it fails to meet these criteria can help you take some important steps in the meantime.

Creative Commons Attribution-Share Alike 2.5 Canada Permalink | Comments (7)

Lawsuit Averted As WordPress and Thesis Settle Differences Over Themes And The GPL

July 27, 2010 10:00 am by Blaise Alleyne

This post originally appeared on Techdirt.

Free (libre) and open source software is one of the best examples of an alternative to restrictive copyright, but even within these communities there can be heated debates about licensing. The WordPress community just witnessed such a debate between the founder of WordPress, Matt Mullenweg, and the developer of a popular premium WordPress theme, Chris Pearson, over whether or not themes are subject to the GPL (WordPress’ license). The GPL applies to derivative works of a program—requiring that they, too, must be licensed freely—but Pearson maintained quite publicly that he wasn’t subject to it and could use a proprietary license for his theme. This caused tension between him and Mullenweg, until last week, when Pearson gave in and switched to a split GPL license.

Without getting too bogged down in the legal details and community politics, the dispute is of interest for a couple reasons. Although some open source developers believe the GPL is too restrictive, copyright enforcement is approached in a very different way by free software projects than proprietary software companies or the entertainment industry. Mullenweg had sought a legal opinion from the Software Freedom Law Center over a year ago, and they agreed that the PHP part of a WordPress theme (which interfaces directly with WordPress code) is subject to the GPL, while JavaScript and CSS are not. Pearson disagreed, relying on some pretty novel legal arguments, but those were countered by others in the community. Mullenweg began to put more social and business pressure on Pearson, offering to pay for people to move away from Thesis to premium WordPress themes fully available under the GPL, and speaking publicly about how he felt Thesis was hurting the community by violating the license. Things became pretty heated, and the two squared off in a joint interview, failing to reach any visible consensus. It seemed like a lawsuit from Mullenweg would be the only way to resolve things—something he’d been trying to avoid at all costs—but a week later, the legal conflict was averted as Pearson switched to a split GPL license (i.e. PHP is GPL, as required; proprietary license for the rest). It was messy, but very different from the sue-first-ask-questions-later approach of so many copyright holders, and a lot less messy than a lawsuit could have been. The business and social pressure caused some tension in the short-term, for sure, but ultimately led to a resolution without nearly as much pain or division as a lawsuit within the community might have caused.

This kind of disagreement also highlights the fact that free software licenses (like the GPL) and the free culture licenses they’ve inspired (like some of those offered by Creative Commons) are ultimately hacks on a restrictive copyright system; they’re merely tactics to reverse the negative effects of overly restrictive copyright, but not at all the ideal scenario. For example, we’ve seen concerns over how Creative Commons licenses act as a contractual layer on top of copyright, and non-commercial restrictions can also be a source of tension. Sometimes these disputes help a community to better develop its position on copyright and licensing, but other times, they’re a sign that these licenses are still just a hack on a less than ideal system.

It’ll be interesting to see how Thesis fares in the long-run with a split licensing approach compared to other premium themes that are 100% GPL. Regardless, it’s nice to have a more or less happy ending where the community was able to resolve things without getting the courts involved.

Read the comments on Techdirt.

Creative Commons Attribution-Share Alike 2.5 Canada Permalink | Post a Comment

New Canadian Copyright Bill C-32: The Good, The Bad, The Ugly, And What To Do About It

June 2, 2010 8:28 pm by Blaise Alleyne

As expected, the Canadian government tabled a new copyright bill today. Despite the consultation last summer, rumour has it that Canadian Heritage Minister James Moore and Industry Minister Tony Clement—the two cabinet ministers responsible for copyright (who seemed to understand the new opportunities technology presents)—couldn’t come to an agreement, and the Prime Minister’s Office sided with Moore’s more hard-line approach. Yet, it appears Clement’s influence was not lost. The proposed legislation, Bill C-32, actually contains many good provisions… but strict digital lock restrictions threaten to undo them all.

Fair Dealing—There’s An Exception For That

The current Canadian concept of fair dealing is more limited that the American doctrine of fair use. The Supreme Court has repeatedly ruled that it should be interpreted broadly, but present law restricts fair dealing to just five categories—research, private study, criticism, news reporting, and review. NDP Member of Parliament Charlie Angus had tabled a private member’s bill to introduce flexible fair dealing back in March, but with Moore’s vision winning out over Clement’s, Bill C-32 rejects flexible fair dealing.

But, it does contain a host of new exceptions for parody and satire, education, time shifting, formating shifting, and backup copies. There’s even a new “Non-Commercial User-generated Content” exception (29.21), which would legalize mashups and remixes under certain circumstances.

While the litany of exceptions fails to introduce real flexibility into the law for new innovations, Michael Geist—leading critic of the last, failed copyright bill—still describes this as “a pretty good compromise.” There are those who strongly oppose the uncertainty that comes with flexibility, so maybe the “there’s an exception for that” approach is the best we can hope for right now.

Though not perfect, it’s still a positive development, and definitely an improvement on the past.

Other Good Compromises

Geist notes two other good compromises. As with the last two copyright bills, C-32 would implement a notice-and-notice system for Internet Service Providers to handle copyright infringement allegations, rather than the guilty-until-proven-innocent American notice-and-takedown system, or the insanely disproportionate three-accusations-and-you’re-kicked-off-the-internet approach. Also, a change to the statutory damages provision would finally distinguish between large scale counterfeiting and non-commercial infringement, limiting the latter between $100-$5000 instead of the current $20,000 maximum. While $5000 per infringement is still pretty ridiculous, cutting the maximum down by 75% for non-commercial infringement would be a positive development.

The Downright Terrible: Digital Lock Provisions Undo The Exceptions

The huge loophole in this bill is the approach to anti-circumvention provisions, which would make it illegal to break a digital lock even if what you are doing is otherwise non-infringing. It’s important to understand how this massively undermines any good which might come from additional fair dealing exceptions: if there’s a digital lock, the exceptions are meaningless. Bill C-32′s rigid digital lock provisions undo the exceptions.

  • Want to make a backup copy? There’s an exception for that… unless there’s a digital lock!
  • Want to transfer songs to your iPod? There’s an exception for that… unless there’s a digital lock!
  • Want to make use of copyrighted content in the classroom? There’s an exception for that… unless there’s a digital lock!
  • Want to remix Louis Armstrong with death metal? There’s an exception for that… unless there’s a digital lock!

This has to change. More importantly, it doesn’t have to be this way. Submissions to last summer’s consultation were overwhelmingly opposed to this approach. Other countries have met their international obligations with anti-circumvention provisions that are actually linked to copyright infringement (e.g. New Zealand‘s passed law, India‘s proposed law). With a flexible anti-circumvention provision, the exceptions would apply to digital locks too.

Why should companies be able to rewrite copyright law and trump exceptions simply because they slap a digital lock onto something? If there’s a backup exception, there should be a backup exception. If there’s allowance for parody and satire, no digital lock should be able to take that away. And what’s the use of a format shifting exception if digital locks will force you to repurchase your content to stay legal anyways?

Canada needs to have a flexible anti-circumvention approach that is actually linked to infringement, or none of the compromises in this bill even matter.

Other Nasty Things

There’s an inducement clause (27 (2.3)) which would make it illegal to provide a service online “that a person knows or should have known is designed primarily to enable acts of copyright infringement.” Would the Internet-equivalent of a VCR pass that test? What about BitTorrent? Both technologies can be used to enable acts of copyright infringement, but they also have legitimate uses. How the “primary use” is determined could have significant implications here.

The time shifting provision (29.23) warrants further review, as it contains a variety of conditions under which you can record a program for later viewing. For example, the bill would require that you “keep the recording no longer than is reasonably necessary in order to listen to or view the program at a more convenient time”—seemingly, a requirement to get rid of recordings once you’ve listened to/watched them.

Also, library provisions allowing for distribution are subject to digital locks, and contain a requirement for copies to be destroyed within five days.

There are lots of details like this in this bill that require further study, and most likely revision.

The Strategy: Let’s Make Some Noise

The Conservatives are seeking support on this bill from the Liberals. Liberal Industry critic, MP Marc Garneau, is keen to work with the government to introduce a new law, and is open to the possibility of summer hearings to get it passed. But Clement told the CBC, “I’m not coming down from the mountain with this chiselled in stone… we could seek some consensus and there could be some positive amendments to this bill.”

When I met with my MP, Liberal Joe Volpe, over Bill C-61 in the summer of 2008, his main question to me was whether to scrap the bill or to fix it. Critically, We must let our MPs know—especially the Liberals—which compromises are acceptable, and which undermine the entire copyright bargain. Flexible fair dealing would have been better than a litany of exceptions, but that compromise could work. However, allowing digital locks to undo those exceptions is simply unacceptable.

Conclusion

Politics is the art of the possible, a complex art of balance between ideals and interests. This bill isn’t perfect, but there is a push from both sides of the floor to get it passed. There are a lot of good compromises, but whether or not the bad provisions get fixed could have huge implications on Canadian culture, technology and business in the years to come. Make your voice heard.

Creative Commons Attribution-Share Alike 2.5 Canada Permalink | Comments (4)

Acoustic Assaultcast: Free Culture

May 11, 2010 9:16 am by Blaise Alleyne

Back in March, I was invited by my friend Roman Verzub to the first episode of The Acoustic Assaultcast to talk about music and free culture.

Creative Commons Attribution-Share Alike 2.5 Canada Permalink | Post a Comment
Creative Commons Attribution-ShareAlike 2.5 Canada
This work by Blaise Alleyne is licensed under a Creative Commons Attribution-ShareAlike 2.5 Canada.