Re: [lp-ca-on] article related to federation from Open Whisper Systems

[Allan Zhang]

Replying to both Rudolf and Bob below:

On 2016-05-19 10:34 AM, Rudolf Olah wrote:
> Can the Signal client software be considered FAIF software if the
> service it requires does not respect users' freedom? [1]

Bob, the answer is a resounding no.
OWS is against FAIF-Signal builds and federation.

This is ignoring Freedom 0: the freedom to run the program as you wish,
for any purpose.

[1] http://www.gnu.org/philosophy/free-sw.en.html


>> I think the core idea here is how many compromises we're willing to make
>> and accept when trying to get encryption and free software into the
>> hands of ordinary users. The whole free vs open source debate all over
>> again, sadly.

>> Moxie and Open Whisper Systems have accepted that to make the most
>> impact in terms of encryption they have to accept certain compromises.

Rudolf, OWS has accepted a false premise in server-locking to
proliferate their Signal client. They seem to believe that those who
want the FAIF-Signal are few and between. It may seem to us in Ontario
that Google Play Services is deeply integrated in Android, but it is not
included in phones in China, for example. If an FAIF-build were
encouraged, and Signal could be distributed through any other repo,
Signal could be readily used by many more people.


>> In the long-term, those are unacceptable compromises. In the short and
>> medium term, they're okay (at least to me) because we get more people
>> hearing about and using encryption, the developers at What's App (and
>> now at Google with Allo) have more experience developing apps that
>> include encryption and Open Whisper Systems gains more knowledge and
>> experience that can be shared. It's unfortunately turned into whatever
>> is the greatest good; and if the damned server code were AGPL or GPL we
>> could have the best of both worlds (proprietary services gaining
>> end-to-end encryption while users get an alternative to proprietary
>> services).

Rudolf, for the short term, the goal should be not to simply encourage
security, but the right kind. This includes the freedom to independently
compile to ensure security is intact, which WhatsApp does not satisfy in
[2]. This is why WhatsApp and Allo should be discouraged.
Signal is pretty good, and oh-so-close to FAIF. I just hope they can see
that FAIF helps Signal, not hurts it.

Here is a list of secure messaging apps that you asked for:
[2] https://www.eff.org/node/82654



> True, there are FAIF alternatives to GMS, so the Signal client
> software can be made to be FAIF for those with sufficient technical
> skill (or the funds to hire someone with sufficient technical skill).
> But I can easily envision software that has dependencies on non-FAIF
> libraries with no FAIF alternatives available. Can software with
> non-FAIF dependencies still be considered FAIF? Is this covered in GPL3?

I would say, if the non-FAIF libraries are open source, it *could*
satisfy FAIF conditions. GPL is certainly more FAIF because it satisfies
the freedoms of open source inspection, modification, and distribution.

This is Freedom 1: The freedom to study how the program works, and
change it so it does your computing as you wish. Access to the source
code is a precondition for this.


> [1] We've had this discussion at LibrePlanet Ontario meetings -- can
> there ever be a truly FAIF Twitter client? a FAIF Facebook client?
> Consensus was that we do not want to actively promote such software
> because it encourages the use of non-FAIF services. But we never
> determined if such software itself can be FAIF.

I don't think so. Such clients run into problems with license
agreements, proprietary blobs, and at the end of the day, freedom 0 will
be unsatisfied.

signature.asc
Description: OpenPGP digital signature