Re: Sharing your free software / quarantine success story

[Jean Louis]

From:
Mr. Jean Louis
South of Bwindi Impenetrable Forest, Uganda
Day 5 of week 16 of 2020


I am sorry,

That is not a success story, that is opposite of it.

We use exclusively free software in our business in the bushes, and
with all officers in the business in multiple countries in East
Africa.

Mining engineers and geologists are using free communication software,
including Mumble speech server, XMPP Prosody server, including free
VoIP applications, and each using free software distribution as
endorsed by the FSF, we use currently Hyperbola GNU/Linux-Libre.

Our clients who start sending proprietary attachments are warned and
referenced to free software. Whoever recommends us Whatsapp, we say
why we don't use it, and recommend free software such as XMPP
software.

> So no real buy-in for now. Although I guess that getting Sillicon Valley
> to use free software is like playing the game in ultra-hard mode. I'll
> keep trying, though.

You may put your intention and you will get it.

I am using GNU free software since 1999, now is 21 years, and I always
had interest of people including invitations to their homes to set it
up for them. So many lunches and dinner I have got and enjoyed with my
friends while teaching them and setting up free software for them. I
got paid occasionally some good money for providing seminars about GNU
free software such as in Stuttgart Mediothek. Because I am far rom
Sillicon Valley and I am not user of proprietary software, for me is
quite easy to get through, I don't mind simply of their proprietary
software and simple get through with the message. And we are there,
and we are already connected.

Jean

* Greg Farough <gregf@fsf.org> [2020-04-17 18:37]:
> A mailing list member who would like to remain anonymous requested we
> share this message:
> 
> ---
> 
> My experience with this so far is that technology alone does not appear
> to be the answer; there are human elements and network effects that are
> hard to break. Of course, if anybody has any suggestions to this effect,
> then I'll be happy to listen.
> 
> I have recently set up a Jitsi meet instance on my VPS and proposed the
> idea of using Jitsi at work. I work at a Sillicon Valley company the
> name of which is irrelevant, but just wanted to mention that to give you
> some context here. My proposal was simple:
> 
> 1. I presented the relevant facts: 1. Zoom is not only not end-to-end
> encrypted, but the company behind it has lied about this. Shared the
> relevant publication from The Intercept. 2. As CitizenLab later showed,
> video is encrypted using 128-bit AES keys in ECB mode (yuck), and the
> key first travels through a server in China before it is sent to the
> parties involved in the call (kill me right there).
> 
> 2. I proposed the alternative: Jitsi, while also not end-to-end
> encrypted, allows you to run servers on-premise, so you don't have to
> trust anyone other than your own ability to set it up correctly (we have
> IT and security teams, so it shouldn't be hard). While Zoom also allows
> this (provided you pay top dollar), the software is closed source, so
> you can't fundamentally trust it; Jitsi, on the other hand, is
> free/libre software, so you don't have to trust anyone. And I mean, it's
> also cheaper.
> 
> 3. Corollary: are you willing to expose trade secrets over a proprietary
> network you can't trust? And it's not just Zoom whom you are trusting,
> you are also trusting that none of the state-sponsored hackers and other
> denizens of similar nature have not already broken into the network.
> 
> The response I got was as underwhelming as it was unsurprising:
> 
> 1. Individuals would understandably prefer to use the "company-approved"
> tool. Even I prefer this given the circumstances because if I end up
> getting hacked, the fact that I used the company-approved tool is like a
> free ticket to zero responsibility. Or at least, it's less worse than
> getting hacked using your own personal communication channels.
> 
> 2. The company doesn't really know what Jitsi is nor do they appear to
> care much. Everybody is using Zoom, so I guess that gives them a false
> sense of security: if they get hacked, everybody else gets hacked
> anyway. More importantly, however, it appears that InfoSec is providing
> companies tips on protecting their video calls, like setting passwords,
> screening peers before they are allowed to join the room, muting people
> on by default, etc. They do not appear to have concerns about using Zoom
> per se, however. If at least the security guys used free software, that
> would be a start.
> 
> 3. Another point I imagine is relevant is that not all companies might
> have the expertise or resources to securely set up Jitsi servers.
> Understandably, they'd rather out-source that kind of stuff. I suppose
> you could also pay Jitsi/8x8 to do this, but at that point you are
> trading away the freedom that comes with running the software
> on-premise, so you might as well just pay Zoom instead.
> 
> So no real buy-in for now. Although I guess that getting Sillicon Valley
> to use free software is like playing the game in ultra-hard mode. I'll
> keep trying, though.