Freedom in the “cloud”?

It’s come to the point that I was asked to explain what I consider necessary prerequisites for an open, free, sustainable approach towards what is often called “The Cloud” or also “Software as a Service” (SaaS).

To be honest, it took some time for me to make up my mind on the matter, and I considered many of the inputs that I’ve seen so far, in particular the Franklin Street Statement on Freedom and Network Services to be good enough for some time.

Clearly I’m sympathetic to the fundamental ideas behind Diaspora, ownCloud and so on. In fact, I myself am currently dedicating my life to the creation of a solution that should empower users to take control over some of their most central data – email, calendar, address books, tasks, see “The Kolab Story” – and thus to provide one puzzle piece to this picture.

So yes, I have developed an opinion by now and obviously I see attempts at “openwashing” such as “Open Surface” by Microsoft to be falling dramatically short on several accounts.

So what do I think constitutes a socially acceptable and sustainable approach to “Cloud Computing” or “SaaS”?

I think it may be simpler than what I initially thought. There are two primary points that now seem most relevant to me:

Right to restrict

Users must be able to restrict access to their own data, especially by their service provider. Participating in social networks, or enjoying the convenience of having your data available at all times should never have to come at the price of giving up privacy. So users must be given a choice to restrict access to their data as much as they consider necessary or desirable, from fellow users, and their provider. Similarly, they should never lose the right in their data simply because they use a certain service.

Freedom to leave, but not lose

Users must be able to switch between providers, or even to host their own data, if they so choose. And they must be able to do so without losing their network.

They should still enjoy the same level of interconnectivity and not be penalized for having switched providers in the form of having to convince all their contacts and friends to switch, as well.

Software such as StatusNet which is powering allows to set up your own instance – this is a step in the right direction.

From these follow a couple of necessary conclusions to get to this point:

Free Software necessary, but not sufficient

Free Software is a necessary, but not a sufficient condition. Without the software being Free Software, the Freedom to leave, but not lose is exceedingly hard to implement. So in my view the GNU Affero General Public License (AGPL) is strongly preferred, followed by the GNU General Public License (GPL) Version 3, but ultimately any Free Software license will do. Implicitly therefore I am also not adverse to allowing companies to differentiate themselves to some level on code, as long as that does not violate the principles above.

Decentralized & Federated

In order to allow switching without losing the network, any software in this context should be designed federated and decentralized, based on protocols that allow such interconnectivity as well as re-discovering users that have moved.

Open Standards

In order to facilitate the connection of services and providers, as well as allow for innovation and differentiation, a certain level of freedom to experiment is necessary. So software and services should provide truly Open Standards with ongoing interoperability work through plug-fests and automated test suites which give some indication on how well which services actually interoperate.

Transparent Privacy Policies

In order to have control over data, users first need to understand what they are (or are not) allowing the provider to do, which is typically not the case. Most users have never read the 20 page privacy statements which are written in ways that make telephone books seem an entertaining read. So we need a way to simplify this.

A set of standardized privacy policies, maybe with a simple visualization approach similar to what Creative Commons came up with, would be a very useful step forward here.

No change of policy without explicit consent

And naturally it should be illegal to change privacy policies on users without their explicit consent. They need to know what is changing, and how, and what will be the resulting level of privacy they enjoy – in the same clear, transparent and understandable manner.

Because much of this is fuzzy in the sense of being open to interpretation and evaluation, these will require monitoring, either through existing consumer protection bodies, through antitrust or standardisation groups, an existing or new NGO dedicated to this work, or something else. Off the top of my head I cannot think of a body that has both the mandate and competency to fulfil such a task.

So while I have some ideas, I obviously still don’t have all the answers.

Be Sociable, Share!

About Georg Greve

Georg Greve is a technologist and entrepreneur. Background as a software developer and physicist. Head of product development and Chairman at Vereign AG. Founding president of the Free Software Foundation Europe (FSFE). Previously president and CEO at Kolab Systems AG, a Swiss Open Source ISV. In 2009 Georg was awarded the Federal Cross of Merit on Ribbon by the Federal Republic of Germany for his contributions to Open Source and Open Standards.
This entry was posted in Collaborate in Confidence, Fellowship, Free Software Business, Free Software Foundation Europe, Open Standards, Political Commentary. Bookmark the permalink.

139 Responses to Freedom in the “cloud”?

  1. Good thoughts all around. :-)

    Regarding transparent privacy policies, you might be interested in

    One minor quibble: I think that requiring consent before a policy change is perhaps an unreasonable burden. Would not requiring a reasonable notification period (e.g. a months notice) combined with the freedom to leave be sufficient?

  2. evanh says:

    I know it’s common enough to maintain existing customer plans for those still using said plans while not offering it to new subscribers. Even to the point of not even notifying existing customers that there is newer options available.

  3. evanh says:

    To put it mildly, anything short of a consent is an abuse of power.

  4. Matthew C. Tedder says:

    I have a design in a Google Doc that attempts to meet all of this and more. It’s P2P and federated, based on clear text documents over HTTP 1.1. The notation I call, SIN for Semantic Information Notation. It enables users to specify what (not where) they are looking for. Data is redeemed by its association with other data–super and/or sub-attributes. So you can create a form in a wiki-like manner, the data entered is abstracted such that it can be brought back to whatever other forms (or queries) request it by what it is. Re-design the original form (or create other forms) and there is no need to worry about anything like table structures. Hierarchies are built upon view, not built into the data store. This is tremendously more powerful than SPARQL and non-rigid like ontologies on the Semantic Web. Also, Semantic Web ontologies tend to be widely misused in practice. Everybody needs custom variations of the ontology. It’s a nightmare, if you ask me.

    A SIN server consists stores attribute/value pairs. However, each attribute may have zero or more value instances. Each value instance may have zero or more sub-attributes or super-attributes. I designed the notation using characters that will require easy human readability/editability–translated less need to escape, not having to remember to close braces/tags, etc, and not having to search through masses of text to find the spot you’re looking for. This also grants the easy ability to merge/update. For example, a SIN resources is called very much like you call a web page or a file/folder via WebDAV.

    If you call, it sets the SIN document’s root two levels below the SIN server’s root. That place is presumed with the notation such as:

    ~school+resources/multiplication+table/heading: Multiplication Table
    /* if there is an enter after the colon, then the value begins on the next line and is multi-lined. */
    /* btw, WTF don’t compilers accept embedding /* comments */ within other /* comments */ ? */

    I specified a complete set of rules. It’s easy to learn and even easier to use. For example, the colon can be replaced with “>” where the value is actually a query pointing to information out there. Or, ” links). URLs would be of little to zero importance. The returned documents may provide back any mix of literal values or references. This is useful for load-balancing. I also built a mechanism to facilitate sorting client-side, since the server’s job is merely to filter. Again, whether you are a client or a server is just a matter of the operation at hand at the time. They both send and receive the same documents via GET and PUT requests.

    Underlying this, the data store is capable of exceptional performance. It’s columnar, which already tends to provide some 10+ times read performance. I designed it without the ability to delete. Rather, an optimization process finds and re-links same-values to one location in storage. When the value changes, its reference is actually pointed to another place. And, for performance it can be broken up by ordered ranges of attribute labels in addition to simply having > links intermingled.

    Security is like this: Every user, access point, and node may have stamps and filters. Stamps are attributes that are automatically added to any data entered thereunder. Filters are criteria by which to filter. So, for example, a user may have has name and the date/time as user-level stamps. The access point may add a user-type attribute (for example) that stamps either “customer” or “employee”, for example. And getting to data through particular nodes may also filter. For example, perhaps only employees are allowed to see certain information. Customers may go through certain nodes depending on what they are looking for, such as women’s verses men’s products. And of course, they can add their own additional criteria such as, no polyester.

    The information network would be global and Free. It would enable all kinds of information, services, and other kinds of resources to be queried globally and yet reduced by the sub and super attributes one is seeking. For example, a query for a product named “hammer” in the city of Nutville might return those from various hardware stores and department stores, bars, and perhaps even a social club. Refine down to only see alcoholic beverages” and it might reduce to two or three bars that server a “hammer” drink. Then explore the other info available on those to decide which bar you want to visit. It’s a vastly superior method to the currently predominant method that sells us things like cars with few selling points beyond the hot girl standing in front of it. Why, in the Internet age to do have to manually seek out the products we are seeking and endure unwanted sales people and advertising getting everywhere in the way of our lives and work.

    Sorry for the long post. I feel passion on this topic. I also think that this information network (if implemented) could revolutionize the global economy and add a new methods of raising capitol for ventures. The size of an economy is measured by how many ends are met by means. Think of how many more could be matched which a producer can simply query for what people are seeking that is not yet sufficiently met? And imagine when people can query for the resources they need to build a new business to fulfill a market need. Let’s say there’s 6,000 people looking for a certain style of wooden chair for a certain price range. They’ve registered their queries and you can query to find this out. But you need the right kind of wood, the right people with the right skills, and perhaps some tools. It all needs to fall within a certain price range. And, you need to finance this venture. You can query for all of that. When met, you have a new business. The risk can be greatly reduced to investors and creditors as all of this information is transparent to them all. They can query to work history and reputationally related attributes of the workers and the suppliers.

    I do also think we need a better form of identity. In my view, it should be anonymous yet persistent identity. That is, we should know who a person is in terms of the reputation of their on-line handle. But we must not be able to trace that back to the physical person, without his/her consent. I think OpenID can evolve to provide this.


  5. JohnF says:

    Very interesting premise.

    I’ll stick with having software and data own servers, thank you very much.

    I use GMail, but every piece of mail is copied to my own servers. If Gmail goes away, I still have my data. Ok .. my email address just disappeared. I could easily fix that by setting up my own server if I felt it was a risk.

    The data on my servers are all backed up offsite, if my house burns down I can get it all back. And have tested it so I know it works.

    I really hardly every need access to ‘everything everywhere’, many that think they do might just need to plan a bit better.

    Looked into if for our business, and found it was just too expensive. It sounds cheap, but depending on how much you want to use your own data, it starts to get very expensive very quickly. And the cost to rewrite everything for some proprietary platform just wasn’t worth the cost.

    Yawn … another technology looking for a problem to solve.

  6. Richard says:

    Interesting question: would a Meta GPL be needed here?

    If one were to write a piece of Free (GPL/AGPL) software to make a cloud-based social network, then how do we guarantee that users have the freedom to keep their network. In order to enforce the Users’ rights to access the data of other Users (to keep their networks), then we might have to make the software itself non-free.

    Consider a cloudy-version of Facebook. Let’s call the community-developed, Affero-GPL software “CBS”, and
    imagine that this is taken up by many companies, eventually including a large, dominant company called “Cloudbook”.

    1. At the moment, the AGPL merely requires that, if Cloudbook, the company alter the source-code of the
    CBS software, they must release the new source.

    2. If the creators of CBS want to make the cloud truly free, then they need to require much stronger conditions, namely that by granting companies such as Cloudbook the right to run (and modify)o CBS, Cloudbook must perpetually provide open access to its data, and allow all users to continually access it, gratis. This is what guarantees users the right to keep their network.

    So, software that is truly Free at the Cloud level would seem to conflict with Freedom 0 (“The freedom to run the program for any purpose.”) in order to guarantee what I might call “Freedom -1″, aka the freedom to access your content and networks at all times and at zero cost, no matter where it is hosted.

    FWIW, I asked RMS a similar question in person recently; his reply (I hope I don’t oversimplify) was that there is indeed an ethical clash, but that software licenses can’t solve everything…

  7. Pingback: Freedom in the “cloud”? « freedom bits | The P2P Daily |

  8. Bradmac says:

    Hey Matthew,
    Sounds cool, have you got a link to your online documentation?

  9. Jonathan says:


    It’s an interesting post. I always have ambiguous feeling toward cloud services: being able to access your data from anywhere is really tempting but the privacy loss and the lock-in that use to come with it are not acceptable.

    As for the transparent privacy policies, Aza Raskin proposed time ago a set of icons, similar to the ones used by Creative Commons, to help web sites advertise their privacy policies:

  10. greve says:

    Thanks so much for the truly insightful comments, everyone.

    In particular the privacy icons are great to see. Was wondering why no-one had proposed something like this before, now turns out I just missed it. :)

  11. Pingback: 451 CAOS Theory » 451 CAOS Links 2011.08.05

  12. Jon says:

    Seems like you entirely described the OpenStack cloud platform by Rackspace.

    Portable, open source, community driven (with the funding company only as a contributer) and decentralized.

    I just find it weird you have no mention of them!

  13. Pingback: P2P Foundation » Blog Archive » Freedom Conditions for Cloud Computing

  14. Pingback: Links 11/8/2011: Desktop Summit, More Linux Tablets | Techrights

  15. Freedom is at risk help us fight them.

  16. Pingback: Hook’s Humble Homepage :: Free Software and law related links (cca.) 19.VII.2011 - 31.VII.2011

  17. ** islamabad escorts ||escorts in islamabad call us 03211777714 **[
    { }
    ]*escorts in islamabad*

  18. ** Escorts in singapore|| Pakistani escorts in singapore call us +6584010039**[
    { }
    ]*escorts in singapore*

  19. Sana says:

    Awesome Post. I really Like it.
    Vip Escorts In Lahore

  20. Your rest and fulfill with the escort carrier is her intention. What we’ve got amassed in Gurgaon escort carrier and what’s our key to success and grow to be a pinnacle carrier issuer in Gurgaon is simplest possible by way of with the help of our superb escort girls provider.

  21. Your rest and fulfill with the escort carrier is her intention. What we’ve got amassed in Gurgaon escort carrier and what’s our key to success and grow to be a pinnacle carrier issuer in Gurgaon is simplest possible by way of with the help of our superb escort girls provider.

  22. sometimes people wish provocative and delightful escorts to complete the longing that is the reason you may see our each escorts impeccably appearance as you need. in the occasion that you require going for the duration of a few clean minute with our youthful girl that you can move all through crucial minute with our escort similarly, in mild of the reality that individuals have diverse personalities.

  23. When I was in Bangalore I booked Bangalore Escorts. She has perfect body figure and I was totally satisfied with the services from Female Escorts Service in Bangalore. She has perfect body figure and gave the excellent service to me and satisfied me with the best services.
    Escorts in Bangalore
    Escort Service in Bangalore
    Call Girls in Bangalore

  24. Delhi can turn your whole harsh life to stunning rush. 5 Star inns, Pubs, Night clubs and so forth make this city alive unequaled. In this manner, Delhi Desires brings polite agreeable Delhi escorts for you. There are young ladies in the heaven of Delhi shakes your night to perpetual erotic nature

  25. Lubna says:

    Highly educated with good knowledge Independent Call Girls in Models Town Offer you to fulfill any of your dreams as per requirements +923212777792. this is the best place for those who are searching Delight Younger Girls Escorts in Model Town they are very different from other so Now make your special night with our Service Call

  26. Escorts Services in Mumbai welcomes you all. Myself Priya Sharma, 23 years old Female Escorts working for Escorts service in Mumbai. I have much experienced and I know each and everything that how to satisfy. Mumbai Escorts
    Female Escorts in Mumbai
    Mumbai Escorts Services
    Escorts in Mumbai
    Call Girls in Mumbai
    Independent Escort Service in Mumbai

  27. lahore escorts
    escorts in lahore
    call girls in lahore

  28. I have a great idea about the blog that I am thankful to the blog for you. Russian Escort Service In Gurgaon

  29. This post is very good for us. It has got a lot of benefit from us.I hope that you will be writing this post again My Porn Site

  30. july mukesh says:

    Whatever information you put on your site, the user is very much benefited by this, I give you a lot of money. Delhi Girls

  31. piussaket says:

    Your site is so good I love it very much I highly appreciate your site for thisCall Girls Price List

  32. Welcome to our Independent Andheri Escorts and we hope you will have many enjoyable experiences with madhavipatel Andheri Escorts. Escorts Andheri Escorts Bandra

  33. welcomes youBlue Girl Andheri Escorts to a very beautiful Independent Call Girls and Escort Service. We Provide Female escorts in Andheri working 24/7.I Am Independent Simmy varma. Call Me And Avail Andheri Escort Service At Your Home Or Hotel. My Service Charge Is Low

  34. Welcome to our Independent Andheri Escorts and we hope you will have many enjoyable experiences with madhavipatel Andheri Escorts. So relax, sit back and absolutely take your time to look at this beautiful online boudoir!

  35. Bangalore Independent Escorts I am a very stylish girl who loves to dress up and I respect the outfits I wear I am a very attractive girl 

  36. Select Bangalore Escorts Girls for real life Romance & One night Sexual pleasure. Book Instant Bangalore Call Girls through Phone, WhatsApp or Email though Bangalore Escorts Agency for sensational fun in Bangalore. Escorts in Bangalore offered services 24*7 available for you.

  37. it was worth reading it guys
    Independent Female Escorts in Delhi
    Independent Escorts Service in Delhi

  38. Bhawna Gupta says:

    Bhawna Gupta Available For Everything that you want from a young girl mumbai escorts service

  39. happy wheels says:

    just like the sites I’m seo and I just believe you have other things to worry about.
    geometry dash
    basketball legends game

  40. This is a nice blog and helpful for us
    Islamabad Escorts

  41. Call Girls In Gurgaon,Most of the individuals in Escorts Service In Gurgaon, Hotel Service work and spend more time 24Hrs Female Services.
    Gurgaon Female Escort

  42. independent mumbai escorts at your door step. Or you are one call away from us. Contact now

  43. In Our Escorts Service in Mumbai, We are having the world’s best escorts girls who are young and bold. They are the best in the figure, boys can not control themselves after meeting our Mumbai Escorts girls.

  44. I found your this post while searching for some related information on blog search…Its a good post..keep posting and update the information.
    Escorts Service in Delhi
    Call Girls in Delhi

  45. We have the best girl in our Escorts Service in Mumbai. Girls are beautiful as well as hot. After seeing them you can not stop yourself. They are too hot to handle. They do everything on the bed and satisfy you fully. They got the best figure which will make you crazy and addicted towards them. Once you will spend a time our escorts girls, you never want other girls instead of them.
    Mumbai Escorts
    Female Escorts in Mumbai
    Escorts in Mumbai

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam Protection by WP-SpamFree