libreplanet-ca-on
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lp-ca-on] article related to federation from Open Whisper Systems


From: Rudolf Olah
Subject: Re: [lp-ca-on] article related to federation from Open Whisper Systems
Date: Thu, 19 May 2016 15:34:07 +0100 (BST)

Jumping back into this convo here...

11. May 2016 03:52 by address@hidden:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matt Lee wrote:
Why should OWS be responsible to run servers for non-OWS
software

OWS has no obligation to run servers for anyone. I applaud Moxie
Marlinspike for remaining polite while pointing that out, even though
others in that thread were not so polite.

But here's the problem with all proprietary services -- they can be
yanked out at any time. OWS has no obligation to provide server
access, not even for Signal client users.


Definitely agree with this. We should have the *option* to run federated services.




I believe that OWS has fulfilled its obligations with its Signal
client code, even under the GPL3 license. But here's another loophole,
that of restricting access to the OWS servers only to Signal clients
(and, no doubt, restricting Signal clients to use only OWS servers).
Just as Tivoization allowed software properly licensed under GPL2 to
effectively remove users' freedom, so does Signalization restrict
users freedom by controlling access to the service.

Can the Signal client software be considered FAIF software if the
service it requires does not respect users' freedom? [1]


I think the core idea here is how many compromises we're willing to make and accept when trying to get encryption and free software into the hands of ordinary users. The whole free vs open source debate all over again, sadly.


Moxie and Open Whisper Systems have accepted that to make the most impact in terms of encryption they have to accept certain compromises. They've been able to get millions upon millions of people who use What's App to have encryption by default.


The compromises to accomplish that are: keeping code proprietary and making a proprietary service more attractive to users.


In the long-term, those are unacceptable compromises. In the short and medium term, they're okay (at least to me) because we get more people hearing about and using encryption, the developers at What's App (and now at Google with Allo) have more experience developing apps that include encryption and Open Whisper Systems gains more knowledge and experience that can be shared. It's unfortunately turned into whatever is the greatest good; and if the damned server code were AGPL or GPL we could have the best of both worlds (proprietary services gaining end-to-end encryption while users get an alternative to proprietary services).


Can we list alternatives to Signal and What's App and Allo on the wiki? Or is there a list somewhere else?


-rudolf

 

And Alan Zhang points out the dependency of the Signal client software
on the GMS libraries. Can the Signal client software be considered
FAIF software if it requires the use of non-free libraries?

True, there are FAIF alternatives to GMS, so the Signal client
software can be made to be FAIF for those with sufficient technical
skill (or the funds to hire someone with sufficient technical skill).
But I can easily envision software that has dependencies on non-FAIF
libraries with no FAIF alternatives available. Can software with
non-FAIF dependencies still be considered FAIF? Is this covered in GPL3?

[1] We've had this discussion at LibrePlanet Ontario meetings -- can
there ever be a truly FAIF Twitter client? a FAIF Facebook client?
Consensus was that we do not want to actively promote such software
because it encourages the use of non-FAIF services. But we never
determined if such software itself can be FAIF.

Alan wrote:
OWS is a non-profit funded by grants and donations, with "Open" in
its name. I wonder how much of that free money was to develop a
truly open and secure messaging protocol.

If funds were collected based on the premise that a truly FAIF service
and client would be developed, and if the service run by OWS is truly
non-FAIF, then those funds were collected fraudulently. But who would
start a fight based on that? Even if a lawsuit was launched, and if
the judiciary understood the issue, and if the outcome was favourable
to the plaintiffs, what reparations could be made? Force OWS to
rewrite the Signal client and server software to be FAIF? I think
they'd pack up and abandon the project instead...

- --Bob.


On 2016-05-11 02:56 AM, Allan Zhang wrote:
On 2016-05-10 06:10 PM, Bob Jonkman wrote:
https://github.com/LibreSignal/LibreSignal/issues/37
I find it interesting that Moxie Marlinspike can be so wrong and
so right at the same time. Completely wrong about the value of
freely available code and federation, yet completely right about
letting others use that code without any other obligation on his
part (ie. not hosting non-Signal clients on his servers, and not
being obligated to install federation in his software).

On 2016-05-10 08:05 PM, Matt Lee wrote:
He has released Signal on both iOS and Android and it works well,
but it uses Google's APIs. There's a free software alternative
GsmCore, which works well for technical users who want to have a
100% free phone.

Using Signal without Google Play Services (i.e. with GsmCore)
requires root and adb sideload, which is not always an option.

Why should OWS be responsible to run servers for non-OWS
software?
The issue is not about expecting OWS to host servers for others'
forked app, but rather, circumventing the requirement of GCM.

Bob and Matt, you both discuss OWS' obligation. Regarding which, I
must note that OWS is not a private company that gifted its work
in GPL-wrapping paper to the community.

OWS is a non-profit funded by grants and donations, with "Open" in
its name. I wonder how much of that free money was to develop a
truly open and secure messaging protocol. As if resources spent
such protocols haven't been fragmented enough already, it's a shame
OWS does not appear to be committed to that goal.

Regarding federation: Moxie says that it was either between growth
via phone numbers or federal identifiers. Why is there a choice at
all? You can have both. WeChat uses both phone numbers and
usernames.

Regarding GCM: A Signal build with LibreSignal is GPL, and only to
circumvent GCM for security or necessity. However, OWS is against
Signal builds with LibreSignal using their servers. Even MSN had
their cat-and-mouse game with Pidgin. I don't think many of us had
an issue with Pidgin "piggybacking" our MSN accounts on MSN
servers; it was one of the only ways to use MSN on Linux.

At first, I thought that GCM is for practicality, an effective way
to provide push. But it's keeping Signal from F-Droid, and with OWS
even keeping LibreSignal from F-Droid, promoting GCM and Signal on
Desktop (a Chrome webapp).. Signal is GPL but is it really open?

Moxie is clearly about growth/adoption. Albeit a very specific
kind: growth of their Signal app build, on their servers, with
Google Cloud Messaging.. and their Chrome webapp.. all others need
not apply.

It's a shame that OWS/Signal does not appear to be that
shining-beacon-of-free that some of us thought it would be.



- --
Bob Jonkman <address@hidden> Phone: +1-519-635-9413
SOBAC Microcomputer Services http://sobac.com/sobac
Software --- Office & Business Automation --- Consulting
GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Ensure confidentiality, authenticity, non-repudiability

iEUEARECAAYFAlcy5LYACgkQuRKJsNLM5epomQCgoMYY95txtOHxlnOS3eR+vRQB
ECIAliMPyKgLYTe4EydzeKDdpZeiBAY=
=NSGF
-----END PGP SIGNATURE-----

reply via email to

[Prev in Thread] Current Thread [Next in Thread]