Karsten on Free Software

Workshop on “Open Standards for ICT procurement” [updated]

Posted by gerloff on Thursday, December 4th, 2014 0

Yesterday I participated in a workshop on “”Open Standards for ICT Procurement: Sharing of Best Practices”. This was organised by PWC for the European Commission’s DG CNECT, and forms part of an EC-funded project on “Guidelines for public procurement of ICT systems“.

The invitation read:

Under Digital Agenda, the European Commission commits itself through Action 23 to provide guidance on the link between ICT Standardisation and Public Procurement in order to help public authorities use standards to promote efficiency and reduce lock-in.

As a matter of fact, using ICT open standards results in:
– Higher savings when procuring ICT

– An increased level of competition among suppliers

– Being compliant with EU Public Procurement directives

Not much to quibble with here, except perhaps a slightly excessive use of bold font. As the goals for the event, the invitation stated:

– Share some good practice examples about ICT procurement;

– Stimulate the debate around the next steps / new ideas for DAE Action 23;

– Present a first set of insights on the state of the art of ICT public procurement using standards through Europe.
Best practice examples have been carefully selected to match the needs and wants of all potential participants.

So, how did this go? For some of the talks, I’m really not sure what to make of them. This goes especially for the presentations of EU-funded projects like Fi-Ware, on which the EC has so far spent EUR 300 million, according to the CNECT person on the panel. Most of the Fi-Ware stuff is apparently meant to be Free Software. When I asked about specific licenses, and where to find code, the speaker replied “oh, it’s all open source”. I did end up finding something called the “catalogue of generic enablers“, which has links to source code for a bunch of projects, under various licenses. Well, that’s something – but I’ll leave it to others to decide whether this is worth the money invested.

Some talks were more valuable, like the one on standard contract clauses for software development contracts, which enable public bodies to re-use and share the software they (i.e. the taxpayers) have paid for. And some were quite excellent, such the one by Linda Humphries. Linda is a Senior Technology Adviser within UK’s Government Digital Service. She talked about the UK’s Open Standards policy (which she helped to build), and the effects of that policy.

My favourite moment of the day came when I tweeted that under the new policy, more than half of the government’s IT spending is going to SMEs. [Update: Stephen Quest has kindly pointed out that this refers only to the UK Government’s IT spending on cloud services. It’s still an impressive figure. — thanks!] One of Linda’s colleagues in GDS pointed me to a page that doesn’t just show more figures. It also has the raw data on government IT contracts, by month, in CSV. I wish more governments were like this.

Quite a few of the participants commented that the main target audience of the workshop – people who are actually doing public procurement in ICT – wasn’t really there.

As so often, the real value of the event was in the people who were there. The workshop provided an opportunity for the small community pushing Free Software and Open Standards in procurement to meet and share updates. I managed to introduce a few people, especially from the Commission, to outside experts they should definitely be talking to.

What else could the Commission do to drive the take-up of Free Software and Open Standards in public procurement?

At the workshop, DG DIGIT’s Pierre Damas talked about updates he’s making to the Commission’s notoriously weak “open source strategy“. He specifically mentioned that in future, EC developers (perhaps even including contractors) will be allowed to contribute to outside Free Software projects, and that the EC would adopt a “free software first” policy for internal developments. Both steps are obviously useful, though a good time to take them would have been perhaps a decade ago.

From the presentations and several private conversations, it became clear that the EC’s main problem is their reliance on proprietary document formats. Awareness of this seems to be slowly growing, though I have yet to see any concrete steps proposed to deal with the issue.

Oh well, here at FSFE, we’ll keep pushing. If you’d like to support our work on public procurement, please sign up as a Fellow, or make a one-time donation. Thanks!

Preview: what FSFE did in 2014 [update]

Posted by gerloff on Monday, December 1st, 2014 0

The year is almost over, and it’s reporting season. Here’s a sneak peek at list of things we achieved in 2014. A full report will follow shortly.

We want to keep doing these things, and more, in 2015. To continue operating at our current level in 2015, we will need €420,000. We have already secured €230,000 from our Fellows, donations, and merchandise sales. We need another €190,000 to finance our work next year. If you like what you see here, please consider joining the Fellowship or making a donation!

Public procurement [update]

We pushed hard for the European Commission to improve the way it acquires software, in order to open up opportunities for Free Software and Open Standards. Using the EU’s “freedom of information” mechanism, alongside parliamentary questions from MEP Amelia Andersdotter, we got the Commission to release documents about the way its contracts with Microsoft and other providers of non-free software are structured. We also obtained a document outlining the EC’s desktop software strategy for the coming years. This effort has opened the doors to several meetings with high-level IT decision makers in the Commission and the Parliament, and has enabled us to start a constructive conversation with them about what steps to take next. The Commission has asked us to provide input to the next version of its “open source strategy”

Free Software Pact / Ask Your Candidates

For the European elections in May 2014, we organised the Free Software Pact campaign together with the French Free Software association April. We invited candidates in those elections to sign the pact, asking them to commit to using their European Parliament mandate to promote Free Software. 33 of the pact’s signatories are currently serving as Members of the European Parliament. We will repeat this effort for other elections. Preparations are currently under way for Switzerland’s 2015 elections. With more resources available, we could put more time into following up with signatories, and using the contact we’ve built through the campaign to let them know what they should do in order to improve the situation for Free Software.

Compulsory Routers

In 2013 and 2014, we have followed developments on the issue of compulsory routers. We have published position papers, and documented the arguments and the process in both German and English. We supported other organisations with arguments and technical expertise, such as the Federation of German Consumer Organisations. Germany’s ministry of economics is currently working on a draft law to enable free router choice for consumers, and prohibit compulsory routers.

Information materials

We are currently sending out ten information packs per month on average. People can order these free of charge through our website. Both our introductory Free Software leaflet and our F-Droid leaflet are available in five languages. We recently added a flyer on “email self defense” in German and English; demand for this has been so great that we have already done three print runs of this. Volunteers distributed this flyer at the premiere screenings of the movie “Citizenfour”.

Public relations for Free Software

We continously work to push the Free Software across Europe, in local languages wherever possible. During the past year, our monthly newsletter was translated into six languages on average.

Device sovereignty

On “trusted computing” and “SecureBoot”: In 2014, we discussed this issue with Germany’s Federal Information Security Office, and with the ministries of economics and interior. At the EU level, we initiated conversations about alternatives such as CoreBoot. We are pushing to ensure that consumers have the possibility to install alternative operating systems on the devices they buy and own. Our goal is to use the progress we have made in Germany to create progress in other european countries, and finally put device owners in full control of their hard- and software.

Events

We explained Free Software in talks, workshops, panel discussions, radio shows and several times on TV. In addition to the usual IT conferences and events, we expanded our reach to cover street festivals in Munich and Düsseldorf (Germany). This new outreach angle worked well, and we want to be present at many other such events this year.

Free Software Legal Issues

FSFE facilitates the world’s largest network of legal experts on Free Software, with currently more than 360 members (up from 320 last year). Participating experts come from a wide range of backgrounds, from corporate legal departments to lawyers in private practice, and engineers with legal skills. The network serves to develop and spread best practices around Free Software, and increase acceptance. Several participants have called the network’s annual meeting, the Free Software Legal & Licensing Workshop, the best event of its kind in the world.

Document Freedom Day

Working with volunteers from around the world, our Document Freedom Day campaign explained and promoted Open Standards at 51 events in 21 countries around the world.

Help keep us going!

If you’ve made it all the way down here, you probably really are interested in the work we do at FSFE. So let me just point you to the Join the Fellowship and Donate pages again.

Thank you for any support you can provide!

Free Software for the European Parliament: FSFE comments at DG ITEC forum

Posted by gerloff on Wednesday, November 19th, 2014 0

Today, the European Parliament organised a conference to inform MEPs about the IT services available to them. It featured a panel discussion led by Adina Valean, the new EP Vice President in charge of ICT, with a contribution from Giancarlo Villela, the director of the EP’s IT department.

After the panel discussion, I got the chance to contribute a few brief remarks. Here they are.

FSFE is a charity that works to put users in control of technology. Free Software means being able to use, study, share, and improve your software.

The EP has taken some important steps towards Free Software and interoperability: It has committed to being able to receive and send documents in the Open Document Format (ODF). The Parliament has also released some Free Software of its own.

These are very good beginnings. But there remains further work to do:

We need to enable interaction with citizens: You can’t force citizens to buy certain products in order to interact with you. Please make sure that the EP is fully accessible for citizens and public bodies that use Free Software. It’s currently very difficult for Free Software users to watch live streams from the Parliament.

As the EP continues to digitise, rely on Open Standards and Free Software. Make sure that Parliament doesn’t get locked into certain vendors and service providers. Today’s star gadget is tomorrow’s landfill. Today’s best-in-class app will be an old hat tomorrow. Stay independent as you digitise. Free Software and Open Standards let you do this.

Here in the Parliament, the DebianParl project has built a fully free and open desktop for MEPs and staffers. It works great; but to become fully usable, DG ITEC needs to offer access to mail servers via the standard IMAP protocol. That’s a simple step to take, and it should be taken as soon as possible.

You can count on the European Parliament Free Software User Group (EPFSUG) to help you in this effort, and I’m glad to offer FSFE’s support as well.

Let’s be clear. The European Parliament is the EU’s greatest democratic institution. European citizens are right to expect the Parliament to live up to this standard. Let’s all work together to help the Parliament on this path.

Some common-sense recommendations on cloudy computing

Posted by gerloff on Friday, November 14th, 2014 0

Today, Brussels-based lobby organisation ECIS released a report on
“cloud” computing and interoperability. It highlights the importance
of open standards, open data formats, and open interfaces in a world
where more and more of our computing happens on machines owned and
operated by other people.

The report is aimed at public and private organisations that want to
rent computing resources rather than buying the necessary hardware
themselves. It covers three different scenarios – Software as a
Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a
Service (IaaS).

The main report highlights questions that buyers —
including public sector procurement people – should ask before
signing on the dotted line.

The policy recommendations that come with the report common sense, and
boil down to caveat emptor. For example, the report asks policymakers to
“[e]stablish sets of criteria that help customers analyse and evaluate
migration and exit concerns before adopting and deploying cloud
computing solutions.” This basic bit of due diligence – assessing the
future cost of getting out of the system you’re buying – is something
that FSFE has long asked public bodies to undertake.

While the recommendations are hardly revolutionary stuff, Europe’s
public sector would be much better off if it took this advice to
heart. In reality, the most common scenario is likely to be an
underinformed public sector buyer facing a highly motivated vendor
salesperson. In order to avoid falling into future lock-in traps, it
will be essential to properly train procurement staff.

The report does have a couple of shortcomings. The authors are not
named, so the content perhaps deserves additional scrutiny. More
importantly, the report makes no mention of the data protection issues
that come with moving your data, and that of your customers, through
different jurisdictions. In the accompanying press release, ECIS gloss
over this issue with a tautology:

“[T]he value of the cloud lies in its global nature, and
fragmenting the cloud will inhibit the cloud.”

I asked about this issue at the event where the report was presented,
prompting the speaker, IBM’s Mark Terranova, to take prolonged
evasive action. There currently is no good answer to this
question. Buyers and users of these services should acknowledge that
as a problem.

At the heart of all this is the question of control. When you’re a
company that signs up for a service, who has control over your data,
your software, and your processes?

Even more lock-in?

While these services offer ease and flexibility, they also come with
the potential for even greater lock-in than the traditional model.
Being able to take your data to another service provider isn’t
enough. You also need to be able to carry along the associated
metadata that actually makes your data useful – if you just receive
your data in one big pile, a lot of the value is gone. If you’ve built
applications on top of your vendor’s service offering, you’ll want to
be able to move those to a new platform, too. Ian Walden pointed out
that these aspects don’t usually receive enough attention in contract
negotiations.

Pearse O’Donohue, who just moved from being Neelie Kroes’ deputy head
of Cabinet to a post as Head of Unit in DG CNECT, said that in the
EC’s own procurement, transparency and vendor-neutrality would be very
important in the future. He noted that with new EC, responsibility for
the EC’s procurement has moved from DG ADMIN to DG CNECT, under
Commissioner Oettinger and Vice-President Ansip. O’Donohue
highlighted that the new Commission is committed to “practicising
what it preaches” in public procurement.

Now that would certainly be welcome.

Evaluating Free Software for procurement

Posted by gerloff on Thursday, July 3rd, 2014 0

When you’re a public body, how do you evaluate Free Software solutions, and how do you procure them? Recently I’ve been getting this question fairly regularly. Here are the main resources I point people to.

First stop: A guideline from the European Commission on “public procurement of open source software“. This answers most of the fundamental questions, such as “is it ok for us to just download a program?” (yes), or “How can we specify that we really want Free Software and Open Standards?”. When it comes to evaluating potential solutions, the EC guideline is pretty curt.

The UK government has produced an “Open Source procurement toolkit“. This is a very useful resource. It highlights Open Standards and the need to avoid lock-in. The documents in the toolkit are clearly structured and well written.

They sometimes make the common mistake of describing “open source” and “commercial software” as opposites. Lots of commercial companies that have successfully built their business around Free Software would beg to differ. But this is a minor quibble with a generally very useful resource.

So let’s say you’re putting out a call for tender for a Free Software-based solution. How do you evaluate and compare the different bidders? Here, the Swedes have some helpful advice for you. In early 2011, one of Sweden’s two national procurement agencies launched a number of Free Software framework contracts. They specified some pretty detailed criteria for evaluating suppliers. Some of them are pretty nifty: In one example, bidders can score the highest number of points if they have committed code to a project, and the project has accepted and integrated it.

The original documents are in Swedish (of course), and have been translated into German. If you read neither language, this presentation by Daniel Melin has a pretty good overview. You’ll also want to check out this write-up of Sweden’s and other countries’ public sector approaches to procuring Free Software.

Thankfully, there are many other useful resources on this topic. If you want to see your favourite one included here, please get in touch!

Free Software in the Church: From principles to practice

Posted by gerloff on Monday, June 30th, 2014 0

Several interesting conversations resulted from my visit to the European Christian Internet Conference. One of them was with a pastor (and computer scientist) who works in the church administration of the Rhineland in Germany. He shared with me a draft strategy (pdf, in German) to move the churches in his region towards Free Software. He asked me to comment, and I’m happy to do so.

The pastor will also be joining one of FSFE’s upcoming Fellowship meetings in Düsseldorf, Germany, to get more input from the Free Software supporters there. I love seeing connections like these come together.

The first problem he’s encountering with the strategy is getting his superiors to understand that IT is actually part and parcel of what the church does in this world, and should follow the organisation’s guidelines.

Eine IT-Strategie als eine „Ordnung“ der Kirche dient dazu, den Verkündigungsauftrag der Kirche zu unterstützen. Sie ist eine menschliche Ordnung, die der presbyterial-synodalen Ordnung der EKiR Rechnung trägt und selbst soweit es geht den Auftrag der Kirche widerspiegelt.

This is perhaps the most difficult challenge to overcome, and he’ll need to do some more work to explain this. Explaining ethics-based software to an ethics-based institution shouldn’t be too hard; but it still requires effort.

Next, the strategy document brings up cost as a key point in favour of Free Software:

Da der Einsatz von IT der Verwirklichung des Auftrages der Kirche dient und kein Selbstzweck ist, unterliegt der Einsatz von IT der Wirtschaftlichkeit, damit die Kirche als gute Haushälterin der ihr anvertrauten Gaben diese soweit wie möglich für Verkündigung, Seelsorge, Diakonie und das Eintreten für Frieden, Gerechtigkeit und Bewahrung der Schöpfung einsetzen kann.

Free Software is very often cheaper to deploy and use than non-free programs. But for us at FSFE, that’s never the primary argument. Instead, we always first talk about how Free Software empowers users and puts them in control of their computing. If you say “this is cheaper than that”, that’s both easy and pretty convincing – until the competitor decides to dramatically lower his prices, or presents an alternative calculation with a different methodology.

We’ve learned that Total Cost of Ownership in particular is a pretty insidious concept. It sounds perfectly reasonable, but since there are many different ways to calculate it, the competitor with the bigger PR budget will eventually win out.

So instead of cost, the strategy should highlight how Free Software and the Church’s ideas fit together, and why Free Software is a fundamentally better choice. This is also why the strategy document would be more effective if it used the term Free Software rather than open source.

So now we’ve dealt with the principles. Off we go with the practical stuff:

IT-Anforderungen sollen durch Standardanwendungen, die ggf. angepasst werden, abgedeckt werden. Proprietäre Software und Infrastruktur kommen nur zum Einsatz, wenn Standardlösungen nicht die notwendigen Anforderungen erfüllen können. In der Regel begründen nur spezielle kirchliche Anforderungen die Notwendigkeit von Eigenentwicklungen.

Three points deserve improvement here. First, what are “standard applications” and “standard solutions”? Better to talk about “Free Software applications / solutions”, with a footnote pointing to the Free Software definition. Many similar documents also talk about programs and solutions under “OSI-certified licenses“.

Rather than saying that “proprietary software will only be used if standard solutions (i.e. Free Software solutions) cannot meet the necessary requirements”, those who want to deploy non-free software should be asked (or, if possible, required) to first conduct a thorough review of potential Free Software solutions, and document why none of them are suitable.

Sometimes organisations have requirements that aren’t met by existing software. In cases where the Church is paying for new programs to be developed, it should make sure those programs are published as Free Software, and should get hold of the copyright on the code.

Open-Source-Lösungen sind zu präferieren, offener Quelltext ermöglicht im Zweifelsfalle, nachvollziehen zu können, wie die Software funktioniert. In der EKiR erarbeitete Lösungen kommen wiederum der Allgemeinheit zu Gute (Apg 20,35). Bei Beschaffungsmaßnahmen sind Ziele der Nachhaltigkeit und des gerechten Wirtschaftens zu bedenken und in die Abwägung zur Wirtschaftlichkeit einzubeziehen.

Preferring Free Software solutions in principle is a statement of intent, not a strategy. If the idea here is to provide more reasons for using Free Software, then there are many good arguments. The ability to review the source code is just one of them, and for this particular organisation, it’s probably not the strongest one. In particular, it would be wise to follow the practice recently adopted by the UK government, and figure future exit costs into the price of any new solution.

Um einen offenen und barrierefreien Datenaustausch zu ermöglichen, sollen zukünftig das „Open Document Format“ (ODF) sowie offene-Standards (XML) verwendet werden.

A clear preference for ODF as an Open Standard is great. However, there are other document types out there. There’s nothing on how the organisation will get from its current dependence on proprietary file formats to the future Open Standards practice. The UK government’s proposal on “Sharing or collaborating with government documents” is an excellent reference here.

Dokumenten-Management- und Archivierungssystem: Der Aufbau eines öffentlichen, zentralen Dokumenten-Auskunfts- und Archivierungssystems (s. Open-Data-Konzept) ist in Abstimmung mit den entsprechenden Fachabteilungen anzustreben,[…]

If you’re talking about long-term archiving, formats based on Open Standards aren’t only the sensible choice – they’re the only choice. Think of the Church what you will, but unlike the IT industry, at least they don’t define “long term” as “the next five years”.

While this strategy draft still needs quite a bit of work, it’s certainly going in the right direction. I very much welcome the commitment of this pastor to make a real difference in his organisation, and I’m grateful for the chance to support this effort.

Talking to the Church about Free Software

Posted by gerloff on Monday, June 30th, 2014 0

Telling lots of different kinds of people about Free Software is one of the parts I like best about my work with FSFE. Recently I was invited to deliver a keynote at the European Christian Internet Conference. It’s a small event that has been running for a long time. A core group of ca. 50 people from (mostly protestant) churches from around Europe meets to discuss Internet-related aspects of their work. Maybe a third of the participants are priests; others are laypersons working with their local congregations.

I broke my talk down into two parts. The first one was a general introduction to Free Software: The idea, its history, what Free Software is doing today, and how the licenses work. With the second part, I focused on power, technology and surveillance, and the role that churches might play in righting the wrongs that governments are perpetrating against their people.

What stuck out with this group was the strong focus on ethical questions. I highlighted that Free Software and the ideas which the Church espouses go together very well: Sharing, helping each other out, and making sure that everyone can participate in society. If churches can agree that they should only buy Fair Trade coffee that respects the integrity of the producers, then they should also be able to agree to use only Free Software, which respects the integrity of its users. (If you read German, have a look at LuKi’s pages.)

The issue of surveillance resonated strongly with the participants. Priests often discuss highly intimate matters with people in their congregation, and these days, they find themselves doing so by electronic means. How is this confidentiality supposed to work if the priest knows that one or more governments are recording the conversation? And on a larger scale, how can we have a just society if those in power help themselves to near-total insight into the lives of everyone else?

The most useful role I can see for the church in this debate is to leverage its position as a moral institution. Church leaders need to step up and speak out against mass surveillance, again and again, until we have ended the practice.

Four social rules for a “No Asshole Zone”

Posted by gerloff on Friday, June 6th, 2014 0

Free Software needs a strong community. If we fail to attract everyone willing to work for Free Software, we’re shooting ourselves in the foot. Also, we’re probably not being as friendly and open towards people as we should be, morally speaking. That’s a serious failure for a community where morals matter.

The low share of women participating in the community (oh, where to start with the links? I’ll just pick this one by Jodi Biddle) is an especially egregious problem. I’m sorry to say that FSFE is doing no better in this regard than the overall community, much as we want to.

One easy step that we’ve already taken is to update our internship page to say that when choosing between two or more similarly qualified candidates, we’ll prefer female applicants. Yes I know, hardly revolutionary – but you have to start somewhere.

I just came across Sumana Harihareswara’s keynote at WikiCon 2014, titled “Hospitality, Jerks, and What I Learned“. The whole text is interesting, and I recommend you read it in full.

In one section, Sumana talks about constructing a “No Asshole Zone”, and specifically focuses on four social rules that help people to work in public – something that sometimes includes failing and showing ignorance. The rules are:

No feigned surprise. No well-actuallys. No back-seat driving. And no sexism, racism, homophobia, and so on.

It’s important to realise that these rules aren’t specifically about being more welcoming towards women. They’re about being more welcoming towards everyone. They’re about making our work more productive and satisfying.

A more detailed explanation

Feigning surprise. When someone says “I don’t know what X is”, you don’t say “You don’t know what X is?!” or “I can’t believe you don’t know what X is!” Because that’s just a dominance display. That’s grandstanding. That makes the other person feel a little bit bad and makes them less likely to show you vulnerability in the future. It makes them more likely to go off and surround themselves in a protective shell of seeming knowledge before ever contacting you again.

Well-actuallys. That’s the pedantic corrections that don’t make a difference to the conversation that’s happening. Sometimes it’s better to err on the side of clarity rather than precision. Well-actuallys are breaking that. You sometimes see, when people actually start trying to take this rule in, that in a conversation, if they have a correction, they struggle and think about it. Is it worth making? Is this actually important enough to break the flow of what other people are learning and getting out of this conversation. Kind of like I think we in Wikimedia world will say “This might be bikeshedding but -“. It’s a way of seeing that this rule actually has soaked in.

So far, so good. But what happens when someone fails to stick to these rules?

I think it’s also important to note, well, how do these rules get enforced? Well, all of us felt empowered to say to anyone else, quickly and a bit nonchalantly, “Hey, that was a well-actually,” or “That’s kind of feigned surprise, don’t you think?” And the other person said sorry, and moved on. I can’t tell you how freeing it felt that first week, to say “I don’t know” a million times. Because I had been trained not to display ignorance for fear of being told I didn’t belong. […]

If you don’t understand why something you did broke the rules, you don’t ask the person who corrected you. You ask a facilitator. You ask someone who’s paid to do that emotional labor, and you don’t bring everyone else’s work to a screeching halt. This might sound a little bit foreign to some of us right now. Being able to ask someone to stop doing the thing that’s harming everyone else’s work and knowing that it will actually stop and that there’s someone else who’s paid to do that emotional labor who will take care of any conversation that needs to happen.

Within FSFE, we put a lot of importance on keeping conversations polite and productive. We already rely quite a bit on FSFE’s staffers and other experienced list moderators to sort out conflicts. However, a lot of our rules are implicit. Sumana’s talk makes some of them explicit, and suggests some useful new approaches we should try.

We’re all Gmail users now – Pt. 2

Posted by gerloff on Tuesday, May 27th, 2014 0

The other day I wrote about how even if you don’t use Gmail, Google still ends up with access to a lot of your personal conversations. My own analysis was pretty poor imitation of the interesting work done by Benjamin Mako Hill. Where he used Python and R, I just fumbled around with Mutt’s limit patterns. Due to the different methodology, our figures weren’t really comparable.

Now I took the time to actually run Mako’s scripts. It turned out to be easier than I thought. The archives I analysed contain data starting in the first half of 2009, but anything before 2010 is patchy. I changed my mail setup at the start of 2010, and most of the mail from before then isn’t included in this analysis.

Email since 2010: All mail vs mail handled by Google — Number of mails, overall and from Google

This shows us the absolute number of mails I’ve received and replied to. It tells me that my mail volume is fairly constant over the long term, but that my mail load can oscillate wildly on a weekly basis. And it tells you when I was on vacation these past years.

The share of mail that goes through Google’s servers is pretty low. But how low?

Share of mail going through Google's servers

Between 10% and 15%, that’s how low. As Mako (and me) would expect, Google is somewhat more involved in conversations that I carry on actively (Email with Replies) than in the overall set of email I’ve received. This is because there’s lots of spam and auto-generated mail in the “All Mail” category, and most of it doesn’t go through Google’s servers.

I have no idea what causes the slight uptick in Google’s share among mails I’ve replied to after mid-2013.

Hugo Roy has run Mako’s scripts, and his Google share moves between 25% and 50%. The results that I obtained from Mutt’s limit patterns match the output of Mako’s scripts pretty closely, by the way.

Conclusions

What can we learn from this? A large share of my contacts doesn’t rely on Google for email service. That’s good news.

On the other hand, Edward Snowden telling us that the NSA and its buddies are after our mail apparently hasn’t dissuaded people from using a provider they know is being tapped. Or at least, it hasn’t really increased the number of my contacts who avoid using Google for mail.

Finally, looking at the figures from Mako and Hugo alongside mine, your privacy against the large web companies (and against the spies who hoover up the data they store) largely depends on your environment. If you work in a place where lots of people rely on Google for mail service, your data will end up on the company’s servers. If, on the other hand, your employer and your friends rely on their own servers, or on smaller providers, you have a much better shot at protecting your privacy.

Taking control of your own systems is the easy bit. Persuading everyone around you to do the same is harder, but has a bigger impact.

We’re all Gmail users now

Posted by gerloff on Tuesday, May 13th, 2014 0

Is your privacy important to you? And if so, are you running your own mail server? Good. But if your concern is to keep Google’s tentacles out of your personal conversations, that’s not enough.

Benjamin Mako Hill published a fine project he undertook over the weekend. He wrote a bunch of scripts to check how much of the mail in his archives had gone through Google’s servers.

The answer: About 57% of the mails in his inbox had been delivered by Google. That’s still a conservative calculation, and it’s pretty depressing for someone who goes to the length he does to keep his data private.

Mako’s work inspired me to do the same. It was late and I was tired, so instead of futzing around with Python and R, I decided to simply use the tool I had available anyway, and rely on Mutt’s limit patterns. The archives I analysed go back to September 2009 – not quite as comprehensive as Mako’s own, but still significant.

I used a pretty simple limit pattern:

Limit to messages matching: ~h google.com

which translates to “show me all messages that have the string ‘google.com’ somewhere in the header”.

Out of 140,819 messages, 15,746 matched the pattern. That’s 11.18% – much lower than Mako’s share. Why is this?

Besides the fact that I run my own mail server, the reason is probably that most of my email concerns my work as FSFE’s president. I exchange a lot of mail with FSFE’s staff and volunteers, most of whom use @fsfe.org addresses. These addresses are just a redirect that people can point anywhere they like (hey, if you want one, you can become a Fellow, and support FSFE’s work!).

A few people use them to point to Gmail, but most apparently don’t. A lot of the people I routinely exchange mail with run their own mail server, or host their mail with a small provider. (I assure you that there aren’t a lot of Hotmail users in FSFE.)

The figures above don’t include most public mailing lists that I subscribe to. So I took a look at those, too. Here, I was expecting the share of mail that passed through Google’s servers to be higher. It turns out that the opposite is true: From January 2012 to today, I received 46,163 messages in this folder. Of these, 2,547 have the string “google.com” somewhere in their headers – that’s just 5.52%.

I’m happy to admit that I’m not entirely sure about the methodology. Feel free to criticise and suggest improvements in the comments!

The upshot is that yes, hosting your own server – or keeping your mail somewhere other than the big web service companies – is an important component in reducing your data exhaust. But the size of that reduction depends on the providers used by the people you usually talk to. Privacy, as Eben Moglen highlights, is an ecological issue.

What share of your mail goes through Google’s servers? Post your figures in the comments.