Protect your freedom and privacy…

Last month:

To make software freedom a regular part of the discourse and response to massive spying, we need to go a few levels deeper on how software freedom and vulnerability to snooping interact. But much more than that, we need to implement and deploy free network services such that they are a real option for the masses and thus pertinent in a non-theoretical fashion. Can we use news such as the disclosure of PRISM (even if that turns out to be fake, there will be plenty of others) to motivate building and adoption of free network services?

How’s that going? The FSF has launched a surveillance campaign, unsurprisingly putting freedom front and center (title of this post cribbed from their headline “Protect your freedom and privacy; join us in creating an Internet that’s safer from surveillance”):

If we want to defang surveillance programs like PRISM, we need to stop using centralized systems and come together to build an Internet that’s decentralized, trustworthy, and free “as in freedom.”

Lots of guides to protecting your privacy are appearing, mostly recommending and explicitly mentioning free software in some way.

PRISM ⚡ Break almost exclusively recommends free software (the current exceptions are two meta-search engines), explains what free software is at the bottom of the page, and gives the following rationale at top:

Stop the American government from spying on you by encrypting your communications and ending your reliance on proprietary services.

Tactical Tech’s quick guide to privacy-respecting alternatives also almost exclusively recommends free software (the current exception is again a meta-search engine) and says in the introduction:

We recommend using Free and open-source software tools, because their security credentials and weaknesses can be independently verified and using them can make surveillance or invasion of privacy much more difficult.

Freedom of the Press Foundation’s Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance discusses free software extensively (including ways in which it is not a panacea) in the Software You Can Trust section, and notes (emphasis added) that:

Like all good cryptography software, Tor is free software, complete with an open bug tracker, mailing lists, and source code.

It also explains how to use OTR (encrypted chat) with Google and Facebook’s proprietary services (more on that below).

EFF’s Technology to Protect Against Mass Surveillance (Part 1) mentions that certain programs are free and open source software, but doesn’t explicitly say anything about the pertinence of that characteristic. It mentions a few proprietary services which offer “host-proof” backups, and concludes with:

Creating host-proof applications is challenging and involves trade-offs. For example, a host-proof service can’t easily search through your data, because it can’t read the data. And it can’t help you recover your data if you forget or lose your password, though there are ways the service could help you create your own password-recovery options.

There have been attempts to create host-proof services beyond the realm of backups, including host-proof web-based chat like Cryptocat. We’ve heard from people who are doing exciting work in this area, targeting host-proof social networking and online collaboration, as well as host-proof online storage with 100% open source client software. We expect to see a lot of announcements in this area. If demand for these technologies continues to increase, we could see a new wave of more privacy-protective communications tools.

As with using OTR to encrypt chats so that a service provider can’t tell what you’re saying, client-based encryption generally mitigates one privacy threat, whether the service is proprietary or not (but the service still knows who you’re communicating with, how much, when, etc).

These guides aren’t remotely mass media, but hopefully they’ll be sources used by mass media. I don’t know how that’s going, or whether software freedom is included in polite policy discourse in response to PRISM, or whether any of this is having a discernible impact on adoption and developer attention. Anyone care to research that?

Also let’s make sure software freedom is a leading part of the discourse about privacy, but not fall into a trap of making surveillance mitigation/privacy protection the leading argument for software freedom. Evan Prodromou has a pertinent quote in a recent interview:

Phew! That’s such a dangerous topic. There’s a real hazard of focusing the discussion on what’s wrong with centralized social networking—privacy violations! stifled innovation! government surveillance! unfair playing fields!—and just getting people really bummed out before they ever even start thinking about what the alternatives could be.

It’s like opening a box full of spiders and snakes right someone’s face and yelling BOOGETY BOOGETY BOOGETY. People just want to get the hell away from you; they’re not going to stop to listen to whatever it is your selling, no matter how great it is.

Query By Interview: What are git-annex and pump.io, really?

Interview with Joey Hess on the GitMinutes podcast about git-annex, which many may have learned of recently via PRISM ⚡ Break, where it is listed as an alternative to legacy silo cloud storage.

You can also watch Hess’ video explaining his already very successful fundraising for further work on git-annex.

Also check out a new text interview with Evan Prodromou about pump.io on opensource.com:

As for what I hope to do differently: I really want pump.io to become one of those essential pieces of infrastructure for development. We have great, rock-solid servers like memcached or RabbitMQ that implement certain kinds of data routing. I think pump.io can be part of that toolset.

pumped


Bangkok, Thailand, February 2005 by Brian Jeffery Beggerly / BY

As of yesterday (2013-07-10) identi.ca is running pump.io. Congratulations to Evan. Try out pump.io on another site run by Evan (identi.ca isn’t accepting new registrations) or install on your own. Report issues, send pull requests.

I created a replacement autonomous microblog group on another public StatusNet server, at least until pump.io supports groups and feeds.

There are several trend-ish things that are topical here, highlighted as differences between StatusNet and pump.io:

Software license

StatusNet was licensed AGPL (strongest copyleft), pump.io Apache 2.0 (modern permissive) under the rationale that pump.io needs to gain the widest possible adoption, in competition with legacy silos. The Franklin Street Statement encourages developers to:

Use the GNU Affero GPL, a license designed specifically for network service software, to ensure that users of services have the ability to examine the source or implement their own service.

But, considering network effects, this is not strategic for some kinds of software, as the FSF’s guide to choosing a license has long said:

The second [case where copyleft is not appropriate] is projects that implement free standards that are competing against proprietary standards, such as Ogg Vorbis (which competes against MP3 audio) and WebM (which competes against MPEG-4 video). For these projects, widespread use of the code is vital for advancing the cause of free software, and does more good than a copyleft on the project’s code would do.

In these special situations where copyleft is not appropriate, we recommend the Apache License 2.0. This is a permissive, non-protective software license that has terms to prevent contributors and distributors from suing for patent infringement. This doesn’t make the software immune to threats from patents, but it does prevent patent holders from setting up a “bait and switch” where they release the software under free terms, but require recipients to agree to royalties or other nonfree terms in a patent license.

Will anyone write applications on top of pump.io, or that implement its API, licensed AGPL? GNU MediaGolin, an AGPL’d media sharing web application, is rumored to have someone working on the latter.

There are probably two “trends” of note here. First, among the people explicitly thinking of free-as-in-freedom network services, there’s probably a greater appreciation of the challenge of network effects than there was several years ago. Or as I’ve been saying the last couple, “the greatest threat [to freedom] is obscurity, not proprietary versions” (cf “the greatest threat to artists is obscurity, not piracy”, when “we” are giving unsolicited advice to legacy culture industries).

Second, and much more widely noted, is the preference of (supposedly young, but I’m doubtful) web developers for permissive licenses. If true, this would make a permissive license all the more necessary to establish a standard, and hopefully contribute to non-obscurity among developers.

Content license

All posts on identi.ca while it was running StatusNet were released under CC-BY. There is no default license for posts on identi.ca now, ie “all restrictions remain”. The rationale for this is that pump.io supports messages limited to groups (identi.ca only supported public, and one-recipient direct messages, though the latter weren’t regularly used), and a public license would not be appropriate for private messages. I say the two are orthogonal, and it is too bad to see them conflated, but admittedly it is very easy to do, maybe easier than explaining the difference. The Franklin Street Statement avoids the issue with:

Data available to all users of the service should be available under terms approved for Free Cultural Works or Open Knowledge.

Arguably this does not facilitate taking all one’s interactions with one. But “social” may be a field in which we should act as if knowing about copyright is already like knowing about East German passports, ie ignore all copyright and related restrictions (while adhering to orthogonal privacy norms and regulations).

Development hosting

StatusNet used the hosted version gitorious, which is free software, pump.io uses the hosted (only?) version of github, which is not. In this case, developers are users, and the Franklin Street Statement says:

When deciding whether to use a network service, look for services that follow the guidelines listed above, so that, when necessary, they still have the freedom to modify or replicate the service without losing their own data.

This highlights

  1. the power of network effects even when the “protocol” (git) is distributed,
  2. longstanding complaints about the UX of FLOSS,
  3. paucity of completely distributed end user applications (again think of git as a “protocol” here); in theory bugs should live in git, and there are experiments along those lines, but for now people love github’s centralized issue tracker, and there are many analogues to this situation, and
  4. paucity of competitive free software services (which at this point may require a significant organization to provide, in tension with the next point).

Your own computer

Before the above quote about what kind of services to look for, the Franklin Street Statement says not to use services:

Consider carefully whether to use software on someone else’s computer at all. Where it is possible, they should use Free Software equivalents that run on their own computer. Services may have substantial benefits, but they represent a loss of control for users and introduce several problems of freedom.

It also says:

Develop software that can replace centralized services and data storage with distributed software and data deployment, giving control back to users.

pump.io is pushing both of these, relative to StatusNet:

  1. Federation works differently, and better, in my limited experience so far
  2. Evan is doing his part to prevent a dominant instance of pump.io (not allowing new registrations on identi.ca, and providing several alternatives)
  3. pump.io is leaner in multiple respects, making it more feasible to deploy and manage on a tiny server
  4. Evan is apparently looking to promote lots of tiny pump.io installations with a crowdfunded hardware project

I think services running on other people’s computers are going to be extremely important for a long time, but anything that makes it more feasible for many more people to control their own hardware directly is good.

The Beginning

Of a bright future? I’m excited about pump.io, and hope you are too. Try it out — and check out other federated social web efforts.

3 notes from Evan on mitigating mass spying

Free network services entrepreneur and autonomo.us participant Evan Prodromou on privacy and cloud services:

Like many Americans, I’m furious to find out that our government has been using massive data mining of cell phones and cloud services to spy on citizens. I encourage people to contact their representatives and let them know that it’s unacceptable.

I think there are a few simple things that people can do today to mitigate the problems with data services and privacy.

  1. Disconnect. If you’re like me, you check out new services when they come out, and maybe you never go back. It’s a good idea to delete these old accounts to prevent misuse. I’ve found the “apps” pages on Twitter and Facebook a great way to find social apps I no longer use and easily disable them.
  2. Minimize. Take a look at your profile data on Facebook, Twitter, Google+ and LinkedIn. What’s the minimum amount of data that you can share and still have it be useful for friends? Remember, privacy settings only control what other users can see; the cloud service is still storing all that data.
  3. Install. If you haven’t already, take a few minutes to set up your own social presence on the Web. I of course recommend trying pump.io, our great social networking software, but you can try anything from simple blog software to one of the social platforms listed by the W3C Federated Social Web community group. Storing data on a system you control means spooks can’t requisition it from a big cloud provider.
  4. Share. Let your friends and family know that they should be careful with cloud data. (After all, the data they share is usually going to include something about you.)

I think that if we take this opportunity to do some basic data hygiene, the privacy catastrophe that we’re only just learning about can lead to something healthy for the Internet and for society.

Regarding services he runs, Evan says:

We’ve never had a request from the NSA or any other government organization to turn over data from identi.ca or status.net or any of the E14N pump servers.

Finally, a good thought for people wanting to cheaply run their own services:

One thing I’ve talked a bit about is partnering with a hardware company to provide a home pump.io server using a Raspberry Pi.

I realized this morning that this would be a great project for Kickstarter. What do you think?

Yes. There have been and are many projects along similar lines, but none yet using pump.io, and more importantly, none yet achieving mass adoption.

Also see Reducing vulnerability to massive spying with free network services?

Reducing vulnerability to massive spying with free network services?

FSF executive director (and autonomo.us participant) John Sullivan quoted in The Atlantic Wire:

“Massive privacy intrusions like this are to be expected when people shift from storing their media locally and using local software, to storing them on other people’s servers and using hosted (Web) applications. Giants like Microsoft, Facebook and Google are vulnerable to government requests for user data, and there are better, more secure ways to share information online.” Decentralized (and yeah, much more obscure) programs like GNU MediaGoblin, StatusNet, Diaspora, pump.io, Tahoe-LAFS and SparkleShare are better options, he added.

PRISM was recently revealed to be an electronic surveillance program run by the United States National Security Agency (NSA) since 2007, in collaboration with major telecom and net services companies, allegedly including Microsoft, Yahoo, Google, Facebook, Paltalk, YouTube, AOL, Skype, and Apple.

EFF and others are leading the traditional contract your representatives response — please do that, wherever you are in the world. The UK government reportedly participates, and doubtless many others collaborate in some way or otherwise massively snoop.

Network-aware software freedom is no magic bullet against mass surveillance — large fractions of any society can be turned into informants without computers at all, and forthcoming, pervasive physical monitoring will be possible via tiny devices, some of them mobile. And of course many choke points in physical and other (e.g., certificate authorities) infrastructure exist that make the state empowered spy’s job easier.

But software freedom can make the spy’s job harder. How much harder? What is our scope for action and advocacy? Not just short term, but long term? How much would various arrangements of free network services help?

Massively centralized but Franklin Street Statement* compliant Software-as-a-Service providers. In the short term, probably no effect; Google-FSS could be just as easily compromised. In the long term, software freedom would reduce one tendency toward mass centralization — consider for example WordPress, which is free software: wordpress.com is probably by far the largest host of WordPress-based sites, but also only one of thousands — taking us some ways down path to…

Lots of FSS compliant I/P/SaaS providers. In this scenario the spy’s costs presumably go up. Providers are vulnerable to regulatory and (il)legal pressure to cooperate with spies, but there are lots of providers to compromise, in a variety of jurisdictions.

Everyone provides their own services on hardware they control. Presumably this maximizes the spy’s costs: it must target individuals it wishes to spy on, or attempt through regulation to ensure most devices people use facilitate spying (which seems a tall order and dystopian; but perhaps the case can be made that non-spy devices should be illegal in order to satisfy the security state and the entertainment marketing industry: what a deal!).

Numerous other factors that directly or indirectly bear on software freedom which the FSS alludes to (extent to which services communicate in a decentralized fashion: federation, P2P…) and does not (governance of services: some organizational contexts could be less vulnerable; communications infrastructure architecture) would also effect the vulnerability of free network services.

To make software freedom a regular part of the discourse and response to massive spying, we need to go a few levels deeper on how software freedom and vulnerability to snooping interact. But much more than that, we need to implement and deploy free network services such that they are a real option for the masses and thus pertinent in a non-theoretical fashion. Can we use news such as the disclosure of PRISM (even if that turns out to be fake, there will be plenty of others) to motivate building and adoption of free network services?

John Sullivan mentions some in the quote above. Also see Jitsi and other free communications tools mentioned in Free, open, secure and convenient communications: Can we finally replace Skype, Viber, Twitter and Facebook?

*5 years old, the FSS needs to be re-evaluated and refreshed. If you’d like to help please join the mailing list.

Jitsi 2.0

Probably the most feasible Skype-replacement for all just released version 2.0:

Among the most prominent new features you will find quality multi-party video conferences for XMPP, audio device hot-plugging, support for Outlook presence and calls, an overhauled user interface and support for the Opus and VP8 audio/video codec.

Get Jitsi. If you don’t, watch Free, open, secure and convenient communications: Can we finally replace Skype, Viber, Twitter and Facebook? as mentioned previously.

Free, open, secure and convenient communications: Can we finally replace Skype, Viber, Twitter and Facebook?

Recent FOSDEM panel Free, open, secure and convenient communications: Can we finally replace Skype, Viber, Twitter and Facebook? (watch video recording there or download) didn’t directly answer the question posed, but is highly recommended.

Some overall observations and questions:

  • Call proprietary silos “legacy _” (eg “legacy social networks”) or similarly, the “AOL of _”. Jabber did this with chutzpah for many years, and now it is more or less true (for chat networks).
  • “Federate or die.” This seems more prescriptive than descriptive. Jabber has succeeded as an open standard with lots of free implementations, but federation of large instances isn’t inevitable.
  • Criticality of network effects. In this sense “can we” is nearly identical to “have we”.
  • I don’t understand telecom world at all, but maybe that’s a good thing: attempts to ape telecom do not seem correlated with success.
  • Noted that XMPP- and REST web API-based federation very different (BuddyCloud and StatusNet/pump.io represent similar-looking applications in each category on the panel). What are the reasons for one or the other, how could they interoperate?
  • Even if there were free software as easy to use and deploy (yes, a trick statement) as Skype and Twitter, it’d be an uphill struggle for users interested in such things to find out, let alone to market to everyone else. Regarding the former, panelists introduced Free Your Speech, a blog about using distributed communications tools.
  • Someone asked the obvious question about how WebRTC will be used, not really answered more substantially than ‘we’ll see’.

Also see discussion of the panel at reddit.

Discourse

Discourse aims to be the WordPress of forums.

At first glance from user perspective it has improved on forums more than WordPress did on blogs at the time of its introduction (WordPress’ large improvements over alternatives were ease of installation and good support for a number of features like trackback, comments, and pretty URLs; the bar was low in 2003).

For autonomo.us folk, the interesting thing is that “WordPress of” means:

  • the software is free software, deployable by anyone on their own servers
  • a hosted version and other services are available for-fee

Jeff Atwood writes:

I greatly admire what WordPress did for the web; to say that we want to be the WordPress of forums is not a stretch at all. We’re also serious about this eventually being a viable open-source business, in the mold of WordPress. And we’re not the only people who believe in the mission: I’m proud to announce that we have initial venture capital funding from First Round, Greylock, and SV Angel. We’re embarking on a five year mission to improve the fabric of the Internet, and we’re just getting started. Let a million discussions bloom!

More WordPress-like businesses seems like a great thing for user and community autonomy. The one behind Discourse also has a great name: Civilized Discourse Construction Kit, Inc. Its goal, again from Atwood, is:

to raise the standard of civilized discourse on the Internet through seeding it with better discussion software:

  • 100% open source and free to the world, now and forever.
  • Feels great to use. It’s fun.
  • Designed for hi-resolution tablets and advanced web browsers.
  • Built in moderation and governance systems that let discussion communities protect themselves from trolls, spammers, and bad actors – even without official moderators.

The last bit is very good for autonomy, though the Franklin Street Statement didn’t address it: trolls, spammers, and bad actors make running your own service much more difficult. Why not let Facebook deal with the pain for you? Perhaps future guidance on network services ought encourage developers to ship mechanisms that mitigate these pain points for entities providing free network services.

Some other points of interest:

  • Discourse is a Ruby on Rails application, GPLv2+; contributions require a CLA permitting CDCK to relicense. This may be a case where use of AGPL would’ve been a strong indication that aggressively selling proprietary licenses is part of the business’ plan, and it is good that is not the case.
  • The default content license, only noted in the ToS, is unfortunately non-free (CC-BY-NC-SA); this prevents Discourse from being out-of-the-box FSS compliant, and the meta.discourse.org installation itself uses the default. Hopefully many deployments will bother to change the terms to use a free license.
  • There is a “download an archive of all my posts” button; it is currently greyed out for me, but I only made a first post moments ago. Good that data export is at the very least an intended feature from the beginning.
  • The software is not yet trivial to install.
  • Discourse doesn’t seem to support federation in any way, but that’s not a criticism: it’d be stunning if it did.
  • Some mail functionality is planned. Whether Discourse will destroy mailing lists, even for those who hate forums, prior to the release of Mailman3 is question for the ages.☻