Re: [lp-ca-on] article related to federation from Open Whisper Systems

[Bob Jonkman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matt Lee wrote:
>> Why should OWS be responsible to run servers for non-OWS
>> software

OWS has no obligation to run servers for anyone.  I applaud Moxie
Marlinspike for remaining polite while pointing that out, even though
others in that thread were not so polite.

But here's the problem with all proprietary services -- they can be
yanked out at any time. OWS has no obligation to provide server
access, not even for Signal client users.

I believe that OWS has fulfilled its obligations with its Signal
client code, even under the GPL3 license. But here's another loophole,
that of restricting access to the OWS servers only to Signal clients
(and, no doubt, restricting Signal clients to use only OWS servers).
Just as Tivoization allowed software properly licensed under GPL2 to
effectively remove users' freedom, so does Signalization restrict
users freedom by controlling access to the service.

Can the Signal client software be considered FAIF software if the
service it requires does not respect users' freedom? [1]

And Alan Zhang points out the dependency of the Signal client software
on the GMS libraries. Can the Signal client software be considered
FAIF software if it requires the use of non-free libraries?

True, there are FAIF alternatives to GMS, so the Signal client
software can be made to be FAIF for those with sufficient technical
skill (or the funds to hire someone with sufficient technical skill).
But I can easily envision software that has dependencies on non-FAIF
libraries with no FAIF alternatives available. Can software with
non-FAIF dependencies still be considered FAIF? Is this covered in GPL3?

[1] We've had this discussion at LibrePlanet Ontario meetings -- can
there ever be a truly FAIF Twitter client? a FAIF Facebook client?
Consensus was that we do not want to actively promote such software
because it encourages the use of non-FAIF services. But we never
determined if such software itself can be FAIF.

Alan wrote:
> OWS is a non-profit funded by grants and donations, with "Open" in
> its name. I wonder how much of that free money was to develop a
> truly open and secure messaging protocol.

If funds were collected based on the premise that a truly FAIF service
and client would be developed, and if the service run by OWS is truly
non-FAIF, then those funds were collected fraudulently. But who would
start a fight based on that? Even if a lawsuit was launched, and if
the judiciary understood the issue, and if the outcome was favourable
to the plaintiffs, what reparations could be made? Force OWS to
rewrite the Signal client and server software to be FAIF? I think
they'd pack up and abandon the project instead...

- --Bob.


On 2016-05-11 02:56 AM, Allan Zhang wrote:
> On 2016-05-10 06:10 PM, Bob Jonkman wrote:
>> https://github.com/LibreSignal/LibreSignal/issues/37
> 
>> I find it interesting that Moxie Marlinspike can be so wrong and
>> so right at the same time. Completely wrong about the value of
>> freely available code and federation, yet completely right about
>> letting others use that code without any other obligation on his
>> part (ie. not hosting non-Signal clients on his servers, and not
>> being obligated to install federation in his software).
> 
> On 2016-05-10 08:05 PM, Matt Lee wrote:
>> He has released Signal on both iOS and Android and it works well,
>> but it uses Google's APIs. There's a free software alternative
>> GsmCore, which works well for technical users who want to have a
>> 100% free phone.
> 
> Using Signal without Google Play Services (i.e. with GsmCore)
> requires root and adb sideload, which is not always an option.
>> 
>> Why should OWS be responsible to run servers for non-OWS
>> software?
> The issue is not about expecting OWS to host servers for others'
> forked app, but rather, circumventing the requirement of GCM.
> 
> Bob and Matt, you both discuss OWS' obligation. Regarding which, I
> must note that OWS is not a private company that gifted its work
> in GPL-wrapping paper to the community.
> 
> OWS is a non-profit funded by grants and donations, with "Open" in
> its name. I wonder how much of that free money was to develop a
> truly open and secure messaging protocol. As if resources spent
> such protocols haven't been fragmented enough already, it's a shame
> OWS does not appear to be committed to that goal.
> 
> Regarding federation: Moxie says that it was either between growth
> via phone numbers or federal identifiers. Why is there a choice at
> all? You can have both. WeChat uses both phone numbers and
> usernames.
> 
> Regarding GCM: A Signal build with LibreSignal is GPL, and only to 
> circumvent GCM for security or necessity. However, OWS is against
> Signal builds with LibreSignal using their servers. Even MSN had
> their cat-and-mouse game with Pidgin. I don't think many of us had
> an issue with Pidgin "piggybacking" our MSN accounts on MSN 
> servers; it was one of the only ways to use MSN on Linux.
> 
> At first, I thought that GCM is for practicality, an effective way
> to provide push. But it's keeping Signal from F-Droid, and with OWS
> even keeping LibreSignal from F-Droid, promoting GCM and Signal on
> Desktop (a Chrome webapp).. Signal is GPL but is it really open?
> 
> Moxie is clearly about growth/adoption. Albeit a very specific
> kind: growth of their Signal app build, on their servers, with
> Google Cloud Messaging.. and their Chrome webapp.. all others need
> not apply.
> 
> It's a shame that OWS/Signal does not appear to be that 
> shining-beacon-of-free that some of us thought it would be.
> 



- --
Bob Jonkman <address@hidden> Phone: +1-519-635-9413
SOBAC Microcomputer Services http://sobac.com/sobac/
Software --- Office & Business Automation --- Consulting
GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Ensure confidentiality, authenticity, non-repudiability

iEUEARECAAYFAlcy5LYACgkQuRKJsNLM5epomQCgoMYY95txtOHxlnOS3eR+vRQB
ECIAliMPyKgLYTe4EydzeKDdpZeiBAY=
=NSGF
-----END PGP SIGNATURE-----