summaryrefslogtreecommitdiff
path: root/talermerchantdemos/blog/articles/scrap1_33.html
blob: 4b8280099f6f63df9e87291015bc7cfcbb5284f8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
<!-- This is the second edition of Free Software, Free Society: Selected Essays of Richard M. Stallman.

Free Software Foundation

51 Franklin Street, Fifth Floor

Boston, MA 02110-1335
Copyright C 2002, 2010 Free Software Foundation, Inc.
Verbatim copying and distribution of this entire book are permitted
worldwide, without royalty, in any medium, provided this notice is
preserved. Permission is granted to copy and distribute translations
of this book from the original English into another language provided
the translation has been approved by the Free Software Foundation and
the copyright notice and this permission notice are preserved on all
copies.

ISBN 978-0-9831592-0-9
Cover design by Rob Myers.

Cover photograph by Peter Hinely.
 -->


 <a name="Who-Does-That-Server-Really-Serve_003f">
 </a>
 <h1 class="chapter">
  33. Who Does That Server Really Serve?
 </h1>
 <a name="index-Software-as-a-Service-_0028SaaS_0029-_0028see-also-SaaS_0029">
 </a>
 <a name="Background_003a-How-Proprietary-Software-Takes-Away-Your-Freedom">
 </a>
 <h3 class="subheading">
  Background: How Proprietary Software Takes Away Your Freedom
 </h3>
 <a name="index-spyware">
 </a>
 <a name="index-SaaS_002c-as-distinguished-from-proprietary-software">
 </a>
 <a name="index-proprietary-software_002c-as-distinguished-from-SaaS">
 </a>
 <p>
  Digital technology can give you freedom; it can also take your freedom
away. The first threat to our control over our computing came from
  <em>
   proprietary software
  </em>
  : software that the users cannot control
because the
  <a name="index-ownership_002c-and-users_0027-freedom-2">
  </a>
  owner (a company such as
  <a name="index-Apple-_0028see-also-DRM_0029-2">
  </a>
  Apple or Microsoft) controls
it. The owner often takes advantage of this unjust power by inserting
malicious features such as spyware, back doors, and
  <a name="index-DRM_002c-call-it-_0060_0060Digital-Restrictions-Management_0027_0027-4">
  </a>
  Digital
Restrictions Management (DRM) (referred to as “Digital Rights
Management” in their propaganda).
 </p>
 <p>
  Our solution to this problem is developing
  <em>
   free software
  </em>
  and
rejecting proprietary software. Free software means that you, as a
user, have four essential freedoms: (0) to run the program as you
wish, (1) to study and change the source code so it does what you
wish, (2) to redistribute exact copies, and (3) to
redistribute copies of your modified versions. (See “The Free
Software Definition,”.)
 </p>
 <p>
  With free software, we, the users, take back control of our
computing. Proprietary software still exists, but we can exclude it
from our lives and many of us have done so. However, we now face a
new threat to our control over our computing: Software as a Service.
For our freedom’s sake, we have to reject that too.
 </p>
 <a name="How-Software-as-a-Service-Takes-Away-Your-Freedom">
 </a>
 <h3 class="subheading">
  How Software as a Service Takes Away Your Freedom
 </h3>
 <p>
  Software as a Service (SaaS) means that someone sets up a network
server that does certain computing tasks—running spreadsheets,
word processing, translating text into another language,
etc.—then invites users to do their computing on that server.
Users send their data to the server, which does their computing on the
data thus provided, then sends the results back or acts on them
directly.
 </p>
 <p>
  These servers wrest control from the users even more inexorably
than proprietary software. With proprietary software, users typically
get an executable file but not the source code. That makes it hard
for programmers to study the code that is running, so it’s hard to
determine what the program really does, and hard to change it.
 </p>
 <p>
  With SaaS, the users do not have even the executable file: it is on
the server, where the users can’t see or touch it. Thus it is
impossible for them to ascertain what it really does, and impossible
to change it.
 </p>
 <p>
  Furthermore, SaaS automatically leads to harmful consequences
equivalent to the malicious features of certain proprietary software.
For instance, some proprietary programs are “spyware”: the
program sends out data about users’ computing activities. Microsoft
  <a name="index-Windows_002c-SaaS-and">
  </a>
  Windows sends information about users’ activities to Microsoft.
  <a name="index-Windows-Media-Player-_0028see-also-both-DRM-and-treacherous-computing_0029-1">
  </a>
  Windows Media Player and
  <a name="index-RealPlayer-_0028see-also-DRM_0029">
  </a>
  RealPlayer report what each user watches or
listens to.
 </p>
 <p>
  Unlike proprietary software, SaaS does not require covert code to
obtain the user’s data. Instead, users must send their data to the
server in order to use it. This has the same effect as spyware: the
server operator gets the data. He gets it with no special effort, by
the nature of SaaS.
 </p>
 <a name="index-proprietary-software_002c-spying-on-users">
 </a>
 <p>
  Some proprietary programs can mistreat users under remote command.
For instance,
  <a name="index-Windows_002c-SaaS-and-1">
  </a>
  Windows has a back door with which Microsoft can
forcibly change any software on the machine. The
  <a name="index-Amazon-1">
  </a>
  Amazon
  <a name="index-Kindle-_0028see-also-Swindle_0029-1">
  </a>
  Kindle e-book
reader (whose name suggests it’s intended to burn people’s books) has
an Orwellian back door that Amazon used in 2009
to remotely delete Kindle copies of
  <a name="index-Orwell_002c-George-1">
  </a>
  Orwell’s books
  <a name="index-1984_002c-George-Orwell-1">
  </a>
  <cite>
   1984
  </cite>
  and
  <a name="index-Animal-Farm_002c-George-Orwell">
  </a>
  <cite>
   Animal Farm
  </cite>
  which the users had purchased from Amazon.
  <a href="#FOOT49" name="DOCF49">
   (49)
  </a>
 </p>
 <p>
  SaaS inherently gives the server operator the power to change the
software in use, or the users’ data being operated on. Once again, no
special code is needed to do this.
 </p>
 <p>
  Thus, SaaS is equivalent to total spyware and a gaping wide back
door, and gives the server operator unjust power over the user. We
can’t accept that.
  <a name="index-spyware-1">
  </a>
 </p>
 <a name="Untangling-the-SaaS-Issue-from-the-Proprietary-Software-Issue">
 </a>
 <h3 class="subheading">
  Untangling the SaaS Issue from the Proprietary Software Issue
 </h3>
 <p>
  SaaS and proprietary software lead to similar harmful results, but
the causal mechanisms are different. With proprietary software, the
cause is that you have and use a copy which is difficult or illegal to
change. With SaaS, the cause is that you use a copy you don’t
have.
 </p>
 <p>
  These two issues are often confused, and not only by accident. Web
developers use the vague term “web application” to lump
the server software together with programs run on your machine in your
browser. Some web pages install nontrivial or even large
  <a name="index-JavaScript">
  </a>
  JavaScript
programs temporarily into your browser without informing
you. When these JavaScript
programs are nonfree, they are as bad as any other nonfree
software. Here, however, we are concerned with the problem of the
server software itself.
 </p>
 <a name="index-ownership_002c-servers-and-software">
 </a>
 <p>
  Many free software supporters assume that the problem of SaaS will
be solved by developing free software for servers. For the server
operator’s sake, the programs on the server had better be free; if
they are proprietary, their owners have power over the server. That’s
unfair to the operator, and doesn’t help you at all. But if the
programs on the server are free, that doesn’t protect you
  <em>
   as the
server’s user
  </em>
  from the effects of SaaS. They give freedom to the
operator, but not to you.
 </p>
 <p>
  Releasing the server software source code does benefit the
community: suitably skilled users can set up similar servers, perhaps
changing the software. But none of these servers would give you
control over computing you do on it, unless it’s
  <em>
   your
  </em>
  server.
The rest would all be SaaS. SaaS always subjects you to the power of
the server operator, and the only remedy is,
  <em>
   Don’t use SaaS!
  </em>
  Don’t use someone else’s server to do your own computing on data
provided by you.
  <a name="index-SaaS_002c-as-distinguished-from-proprietary-software-1">
  </a>
  <a name="index-proprietary-software_002c-as-distinguished-from-SaaS-1">
  </a>
 </p>
 <a name="Distinguishing-SaaS-from-Other-Network-Services">
 </a>
 <h3 class="subheading">
  Distinguishing SaaS from Other Network Services
 </h3>
 <a name="index-SaaS_002c-as-distinguished-from-other-network-services">
 </a>
 <p>
  Does condemning SaaS mean rejecting all network servers? Not at
all. Most servers do not raise this issue, because the job you do
with them isn’t your own computing except in a trivial sense.
 </p>
 <p>
  The original purpose of web servers wasn’t to do computing for you,
it was to publish information for you to access. Even today this is
what most web sites do, and it doesn’t pose the SaaS problem, because
accessing someone’s published information isn’t a matter of doing your
own computing. Neither is publishing your own materials via a blog
site or a microblogging service such as
  <a name="index-Twitter">
  </a>
  Twitter or
  <a name="index-identi_002eca">
  </a>
  identi.ca. The same goes for
communication not meant to be private, such as chat groups. Social
networking can extend into SaaS; however, at root it is just a method
of communication and publication, not SaaS. If you use the service
for minor editing of what you’re going to communicate, that is not a
significant issue.
 </p>
 <p>
  Services such as search engines collect data from around the web
and let you examine it. Looking through their collection of data
isn’t your own computing in the usual sense—you didn’t provide
that collection—so using such a service to search the web is not
SaaS. (However, using someone else’s search engine to implement a
search facility for your own site
  <em>
   is
  </em>
  SaaS.)
 </p>
 <a name="index-SaaS_002c-e_002dcommerce-and">
 </a>
 <a name="index-e_002dcommerce">
 </a>
 <p>
  E-commerce is not SaaS, because the computing isn’t solely yours;
rather, it is done jointly for you and another party. So there’s no
particular reason why you alone should expect to control that
computing. The real issue in e-commerce is whether you trust the
other party with your money and personal information.
 </p>
 <a name="index-SaaS_002c-joint-projects-and">
 </a>
 <p>
  Using a joint project’s servers isn’t SaaS because the computing
you do in this way isn’t yours personally. For instance, if you edit
pages on
  <a name="index-Wikipedia-1">
  </a>
  Wikipedia, you are not doing your own computing; rather, you
are collaborating in Wikipedia’s computing.
 </p>
 <p>
  Wikipedia controls its own servers, but groups can face the problem
of SaaS if they do their group activities on someone else’s server.
  <a name="index-SaaS_002c-development-hosting-sites-and">
  </a>
  Fortunately, development hosting sites such as
  <a name="index-SaaS_002c-Savannah-and">
  </a>
  <a name="index-Savannah">
  </a>
  Savannah and
  <a name="index-SaaS_002c-SourceForge-and">
  </a>
  <a name="index-SourceForge-1">
  </a>
  SourceForge don’t pose the SaaS problem, because what groups do there
is mainly publication and public communication, rather than their own
private computing.
 </p>
 <a name="index-SaaS_002c-multiplayer-games">
 </a>
 <a name="index-games_002c-SaaS-and-multiplayer">
 </a>
 <p>
  Multiplayer games are a group activity carried out on someone
else’s server, which makes them SaaS. But where the data involved is
just the state of play and the score, the worst wrong the operator
might commit is favoritism. You might well ignore that risk, since it
seems unlikely and very little is at stake. On the other hand, when
the game becomes more than just a game, the issue changes.
 </p>
 <a name="index-Google-Docs">
 </a>
 <a name="index-SaaS_002c-Google-Docs-as-example-of">
 </a>
 <p>
  Which online services are SaaS? Google Docs is a clear example.
Its basic activity is editing, and Google encourages people to use it
for their own editing; this is SaaS. It offers the added feature of
collaborative editing, but adding participants doesn’t alter the fact
that editing on the server is SaaS. (In addition, Google Docs is
unacceptable because it installs a large nonfree
  <a name="index-JavaScript-1">
  </a>
  JavaScript program
into the users’ browsers.) If using a service for communication or
collaboration requires doing substantial parts of your own computing
with it too, that computing is SaaS even if the communication is
not.
 </p>
 <a name="index-SaaS_002c-sites-offering-multiple-services_002c-including">
 </a>
 <p>
  Some sites offer multiple services, and if one is not SaaS, another
may be SaaS. For instance, the main service of
  <a name="index-Facebook">
  </a>
  <a name="index-SaaS_002c-Facebook-and">
  </a>
  Facebook is social
networking, and that is not SaaS; however, it supports third-party
applications, some of which may be SaaS.
  <a name="index-Flickr">
  </a>
  <a name="index-SaaS_002c-Flickr-and">
  </a>
  Flickr’s main service is
distributing photos, which is not SaaS, but it also has features for
editing photos, which is SaaS.
 </p>
 <a name="index-SaaS_002c-publication_002dand_002dcommunication-sites-and">
 </a>
 <p>
  Some sites whose main service is publication and communication
extend it with “contact management”: keeping track of
people you have relationships with. Sending mail to those people for
you is not SaaS, but keeping track of your dealings with them, if
substantial, is SaaS.
 </p>
 <p>
  If a service is not SaaS, that does not mean it is OK. There are
other bad things a service can do. For instance, Facebook distributes
video in Flash, which pressures users to run nonfree software, and it
gives users a misleading impression of privacy. Those are important
issues too, but this article’s concern is the issue of SaaS.
 </p>
 <a name="index-_0060_0060cloud-computing_002c_0027_0027-avoid-use-of-term-1">
 </a>
 <a name="index-SaaS_002c-_0060_0060cloud-computing_0027_0027-obfuscating-problems-posed-by">
 </a>
 <p>
  The IT industry discourages users from considering these
distinctions. That’s what the buzzword “cloud computing”
is for. This term is so nebulous that it could refer to almost any
use of the Internet. It includes SaaS and it includes nearly
everything else. The term only lends itself to uselessly broad
statements.
 </p>
 <p>
  The real meaning of “cloud computing” is to suggest a
devil-may-care approach towards your computing. It says, “Don’t
ask questions, just trust every business without hesitation. Don’t
worry about who controls your computing or who holds your data. Don’t
check for a hook hidden inside our service before you swallow
it.” In other words, “Think like a sucker.” I prefer
to avoid the term.
  <a name="index-SaaS_002c-as-distinguished-from-other-network-services-1">
  </a>
 </p>
 <a name="Dealing-with-the-SaaS-Problem">
 </a>
 <h3 class="subheading">
  Dealing with the SaaS Problem
 </h3>
 <a name="index-SaaS_002c-dealing-with-problem-of">
 </a>
 <a name="index-call-to-action_002c-SaaS-threats">
 </a>
 <p>
  Only a small fraction of all web sites do SaaS; most don’t raise
the issue. But what should we do about the ones that raise it?
 </p>
 <p>
  For the simple case, where you are doing your own computing on data in
your own hands, the solution is simple: use your own copy of a free
software application. Do your text editing with your copy of a free
text editor such as
  <a name="index-Emacs_002c-GNU-8">
  </a>
  <a name="index-GNU_002c-GNU-Emacs-8">
  </a>
  GNU Emacs or a free word
  <a name="index-processors-1">
  </a>
  processor. Do your photo
editing with your copy of free software such as
  <a name="index-GNU_002c-GIMP-1">
  </a>
  <a name="index-GIMP-1">
  </a>
  GIMP.
 </p>
 <p>
  But what about collaborating with other individuals? It may be
hard to do this at present without using a server. If you use one,
don’t trust a server run by a company. A mere contract as a customer
is no protection unless you could detect a breach and could really
sue, and the company probably writes its contracts to permit a broad
range of abuses. Police can subpoena your data from the company with
less basis than required to subpoena them from you, supposing the
company doesn’t volunteer them like the US phone companies that
illegally wiretapped their customers for
  <a name="index-Bush_002c-President-George-W_002e">
  </a>
  Bush. If you must use a
server, use a server whose operators give you a basis for trust beyond
a mere commercial relationship.
 </p>
 <p>
  However, on a longer time scale, we can create alternatives to
using servers. For instance, we can create a
  <a name="index-peer_002dto_002dpeer-3">
  </a>
  peer-to-peer program
through which collaborators can share data encrypted. The free
software community should develop distributed peer-to-peer
replacements for important “web applications.” It may be
wise to release them under GNU
  <a name="index-GNU_002c-GNU-Affero-General-Public-License-_0028AGPL_0029-1">
  </a>
  <a name="index-Affero-General-Public-License-_0028AGPL_0029_002c-GNU-1">
  </a>
  Affero GPL, since
they are likely candidates for being converted into server-based
programs by someone else. The
  <a name="index-GNU_002c-GNU-Project-8">
  </a>
  GNU Project is looking
for volunteers to work on such replacements. We also invite other
free software projects to consider this issue in their design.
 </p>
 <p>
  In the meantime, if a company invites you to use its server to do
your own computing tasks, don’t yield; don’t use SaaS. Don’t buy or
install “thin clients,” which are simply computers so weak
they make you do the real work on a server, unless you’re
going to use them with
  <em>
   your
  </em>
  server. Use a real
computer and keep your data there. Do your work with your own copy of
a free program, for your freedom’s sake.
  <a name="index-call-to-action_002c-SaaS-threats-1">
  </a>
  <a name="index-SaaS_002c-dealing-with-problem-of-1">
  </a>
  <a name="index-Software-as-a-Service-_0028SaaS_0029-_0028see-also-SaaS_0029-1">
  </a>
 </p>
 <div class="footnote">
  <hr>
   <h3>
    Footnotes
   </h3>
   <h3>
    <a href="#DOCF49" name="FOOT49">
     (49)
    </a>
   </h3>
   <p>
    Brad
Stone, “Amazon Erases Orwell Books from Kindle,”
    <cite>
     New York Times,
    </cite>
    17 July 2009, sec. B1,
    <a href="http://nytimes.com/2009/07/18/technology/companies/18amazon.html">
     http://nytimes.com/2009/07/18/technology/companies/18amazon.html
    </a>
    .
   </p>
  </hr>
 </div>
 <hr size="2"/>