Friday, April 09, 2010

LibrePlanet 2010 Trip Report

Attending LibrePlanet 2010 was an awesome experience for me. I have met lots of very interesting people there. I'd like to thank Mozilla for sponsoring my trip to Boston. Here is my report on Mozilla related topics that were discussed at the conference.

Trip Report

At LibrePlanet 2010 the main subject discussed was the debate about the issues of SaaS ("Software as a Service") for user's freedom and autonomy, which was the topic of Stallman's most recent article and keynote at the conference. It is clear to me that the most relevant Mozilla project (that I am currently aware of) that is related to these issues is Mozilla Weave. There is an increasing perception among GNU activists that the upcoming new challenges for the GNU Project will be around providing solutions for privacy-enabling infrastructure and decentralization of services in order to keep the users in control of their computing and of their private data.

Stallman's SaaS article was first published at Boston Review, where I would suggest you to check the user comments (there are 4 comments only at the time of writing this report) in order to have an idea of the kind of debates that the article has generated. After Stallman's speech - during the questions session - he clearly refused to talk about privacy, as he was more concerned about first discussing the issue of "running your computation on a server that you do not control" and was clearly trying to keep the topic of user privacy - which he explicitely cited as "another important issue" - to be discussed in a potentially upcoming article/speech. After LibrePlanet, I have had the opportunity of discussing these issues in private with Peter Brown, executive director of the Free Software Foundation, during one of my visits to the FSF Office in Boston. He acknowledged that the issue of privacy was intentionally preserved to be explicitely targeted by future FSF campaings and has suggested me to subscribe to the GNU Network-discuss mailing list in order to participate in the brainstorming of new GNU initiatives towards solving these issues.

The upcoming GNU Hackers Meeting during GUADEC 2010 will be specifically focused in "free secure networking and decentralised applications".
There is an interesting, but rather old article - July 14th, 2008 - by Benjamin Mako Hill entitled "Franklin Street Statement on Freedom and Network Services" that is directly related to the subject discussed here.

Encrypted Data Stores

One of the various reasons why users are increasingly adopting SaaS tools is related to a trend to rely on/trust remote servers to make backups of their data. Users are very often not prepared to setup a reliable personal backup routine and even when users do so, it is understandable that they feel that Google (or some other provider of web-based services) might be able to provide a better quality infrastructure on their data centers to (supposedly) guarantee the integrity of user data. By accepting this premise, lots of users are not protecting their privacy and allowing services like GMail to crawl Gigabytes of their private stuff.

To address this issue there has been some suggestions, including the idea of crowdsourcing backups by sharing encrypted data in a p2p network.
I understand Mozilla Weave as a sign of commitment from Mozilla with privacy values and it seems to me that one of the reasons for it having restricting data quota limits might be that it is not a decentralized service. Correct me if I am wrong about it - I am still just starting to learn about it. Could Weave be adapted to run with higher volumes of data in a decentralized architecture? Or would it be wiser to design something like that from scratch instead?

There are some free software initiatives towards that kind of system:

* Tahoe, a redundant, distributed and encrypted filesystem
* The Circle, a peer-to-peer filesystem (discontinued in 2004)

Remote Computing

Running personal computational routines in a server that you do not control was explicitely rejected by RMS in his speech since it has effects to users autonomy and freedom that are similar to those of proprietary software. I think that the current SaaS article is sufficiently extensive in exploring this topic.

Local execution of arbitrary (non-free?) code

An interesting article about a complementary issue that was published by RMS some time ago entitled "The Javascript Trap" deals with the local execution of javascript code automaticaly fetched from a remote webserver on page load. At that time was stated the need for a system that would allow people to have better control of which routines are running on their browser environments and that would perhaps enable them to collaboratively tag "trusted versions" of such scripts. This is a controversial topic that deserves some attention from Mozilla, especially in those cases where highly complex non-trivial javascript applications are delivered to the user's browser environment to handle sensitive user data.
One possible attempt to target this issue could be to incorporate popular javascript libraries such as jQuery in the browser installation and allow updates of these to be better managed by the users - or even possibly allow for local customizations of these modules. Also, I can't avoid mentioning Greasemonkey as a source of personal insight on why people would care about changing webapp behaviours.

Additional comments:

I've just enjoyed watching a related speech by Eben Moglen entitled "Freedom In the Cloud: Software Freedom, Privacy, and Security for Web 2.0 and Cloud Computing".

1 comment:

  1. Hi juca, here is Anderson.
    These issues concerning cloud and Saas are quite complicated from the point of view of user's freedom.
    If you are interested I've seen some very nice articles about Saas and cloud by Cezar Taurion from IBM , his blog is:
    He talks more on the bussines implications of such technology, but he also mention the privacy of the user and etc.