RMS and Clipperz Promoting Freedom In the Cloud 156
mbarulli writes "Clipperz and Richard Stallman recently launched a joint call for action to bring freedom and privacy to web applications. 'The benefits of web apps are many, but quite often users lose their freedom to study, modify and discuss the source code that powers those web apps. Furthermore, we are forced to trust third parties with our data (bookmarks, text documents, chat transcripts, financial info ... and now health records!) that no longer resides on our hard disks, but are stored somewhere in the cloud.' Clipperz and RMS urge web developers to adopt the new AGPL license and build their applications using a 'zero-knowledge architecture,' a framework for web services that has been derived from Clipperz online password manager. A smooth path toward web apps based on free software that know nothing about you and your data."
Hear hear ! (Score:5, Interesting)
Especially when one considers the evergrowing warnings about google products and sites like facebook (which makes its money out of selling private information to advertisers without even making an attempt at disguising the fact) - we need, in this age of web-apps, to push for greater openness in their design.
It's no longer just about the source code, it's about every single aspect of our lives. Dr. Phill may get hits from doing shows about how people misrepresent themselves online - but the fact that his investigators are able to find out enough about a person to 'figure out the lies' just tell you how dangerous the system already is - and that is third parties, imagine the true power that applications like facebook or Yahoo! mail holds... it's scary.
On the other hand, most people could care so little about their privacy these days... one may go so far as to suggest that those who do not care, do not deserve it.
For the rest of us, why not contribute a bit to changing the picture - is there even one solid social networking tool out there that is built on open source ?
Or Not (Score:2, Interesting)
Sorry...I just don't see why I should lose my job writing web applications that will then be released under the AGPL so you guys can "look" at them. My company doesn't sell the info...heck, we don't have a ton of users, but it pays the bills.
Unless you guys want to pay to see the source code, this just turns me off any of the GPL variants more. I'm a fan of BSD - do what the heck you want with it (we've released code that way).
When I see "Clipperz"... (Score:4, Interesting)
...I'm reminded of the sorry attempt by the US Government to introduce its version of DRM known as the "Clipper Chip [epic.org]." The F/OSS community isn't known for its attention-grabbing project names (think Gimp here), so this comes as no surprise. Still, am I the only one who, upon first sight, related "Clipperz" and "Clipper Chip"? Is this the best moniker the Cesares could come up with?
Great ideas! (Score:3, Interesting)
There is the usual problem of developers actually making living working on open source projects, but it can work. I have been working on a project that I will probably release as free for non-commercial use, pay a license fee for commercial use, and release the source code. I would like to use the AGPL, but I do need some income from my project and (A)GPL with alternative license options may not do this for me.
I really like the ideas of "zero-knowledge web apps" and I thin that I will convert my little kbdocs.com demo to use the "zero-knowledge" ideas - if for a learning exercise.
Even if more web apps were open source (Score:5, Interesting)
How do we know that the app we use indeed came from the source they say it did?
With desktop app, one could compile and take an MD5, or just compile and compare to the binaries distributed, or just not use the binaries at all and compile from source for their own use.
With a web app, even if we had the source, we'd still be connecting to a 3-rd party HTTP server, and there is really no way to verify how the "real" program is run.
Re:Even if more web apps were open source (Score:4, Interesting)
When I provide code on my website, I link to a program which displays the code on the screen.
Using the program, you can look at any file (apart from ones that are either in a black-list, such as "settings.php", or ones that have a bit of text at the start "don't show this") any time.
If it gets updated, you can always get the latest version.
Of course, yes, there isn't any real way to make sure that EvilCorp doesn't fuck around and show different code to what is actually being run. But considering you can't update that code on EvilCorp's websever, there isn't anything you can do about it.
With AGPL, you can run the code on /your/ websever.
(The only trouble with the GNU AGPL that I can tell (that is, v3, not v2), is that it explicitly allows mixing with GPL code, and then the entire program is GPL, not AGPL. I personally think it should be the other way around. But meh.)
Don't use web apps for anything important. (Score:2, Interesting)
Re:If you don't want them sharing your data... (Score:3, Interesting)
Even if I don't give them my data, other people will. What's to stop my friends/enemies from posting pictures of me online? With my name in the tag?
AGPL is pointless (Score:4, Interesting)
I'm going to use US copyright law in this comment, but I believe other countries have similar provisions.
US copyright law says that the owner of a particular copy of a program can make modifications to the program in order to adapt it for use on his machine, without violating copyright. The case law has interpreted this to include modifications beyond just what is necessary to make the program run--it includes adding features if those features are necessary for what you are trying to use the program for. See 17 USC 117 [cornell.edu] for the statute itself.
Section 9 of AGPL says this:
But what is modifying? That is defined in section 0:
Because of 17 USC 117, and the interpretation of the scope of that in the case law, most use of AGPL software in a software as a service environment will NOT involve "modifying" the software as defined by AGPL, and you won't be required to make your changes available.
Re:If you don't want them sharing your data... (Score:5, Interesting)
What's to stop my friends/enemies from posting pictures of me online?
This might sound weird, but, how about you yourself?
Re:Screw Stallman, the AGPL , and Clipperz (Score:2, Interesting)
I am really tired of hearing from a guy who's main means of making a living is talking (and for which he makes a good living), telling me to work for free
#1: Trolling. RMS _never_ stated that. Give me just one quote, just one, where he stated that. You cannot, because he never made such a claim.
He makes a good living telling people to give away their work so we can't pay our rent.
#2: Trolling variation on #1: he never said such a thing; in fact: he stated on several occasions that it is perfectly normal to sell your work; he thinks it is highly unethical NOT to ship the source code with the binaries, that's all.
In fact, I would bet he really doesn't have to work another day in his life.
#3: Ad hominem attack. The amount of money a person has in his bank account says nothing about the validity of his statements.
Yes, Stallman wrote some programs before, but I doubt if there is anything really new he has done lately and he doesn't even make his main living from that anyway.
#4: Ad hominem attack. Having writen code recently says nothing about the validity of his claims.
I understand the paradigm of selling support for the application you develop and give away for free.
Unfortunately you do not understand the paradigm of the GPL. Nothing whatsoever in it says you should work for free. It says however to give the source to your customers when they ask for it. Please cut the trolling and the uninformed babbling.
Re:If you don't want them sharing your data... (Score:3, Interesting)
That's a very fair point (and, in fact, the reason I personally left Facebook very soon after joining it).
But in most cases, it's harder for friends to tag you etc. if you don't have an active account yourself.
(As an aside, providing such personal information about others without their consent is pretty clearly illegal in some places, as is storing it by the social networking site.)
Re:"I've looked at Cloud from both sides now" (Score:3, Interesting)
I don't know why I'd want "non-emergency anonymous treatment", but in the event that I couldn't get to my family doctor, I'd simply show my health card and be treated. In Ontario, the card carries my name, photograph and signature.
In order to prevent the kind of "ID Creep" that has occurred in other cases (such as teenyboppers in video stores trying to demand your Social Insurance Number), the health card is not acceptable identification for any purpose except to confirm that I am a resident, and therefore entitled to receive free health care in Canada. The doctor treating me could, with my permission, contact my family doctor and be given access to my records if that was necessary.
Ontario's Personal Health Information Protection Act puts it like this: "Health care providers are not allowed to give your personal health information to people who do not provide you with health care, unless you specifically give them your permission".
That's the law, and there are some pretty severe criminal penalties for disobeying it. Clear enough?