EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

03.23.10

Who does that server really serve? (by Richard Stallman)

Posted in FSF, Servers at 2:46 pm by Dr. Roy Schestowitz

Octopus

On the Internet, proprietary software isn’t the only way to lose your freedom. Software as a Service is another way to let someone else have power over your computing.

Background: How Proprietary Software Takes Away Your Freedom

Digital technology can give you freedom; it can also take your freedom away. The first threat to our control over our computing came from proprietary software: software that the users cannot control because the owner (a company such as Apple or Microsoft) controls it. The owner often takes advantage of this unjust power by inserting malicious features such as spyware, back doors, and Digital Restrictions Management (DRM) (referred to as “Digital Rights Management” in their propaganda).

Our solution to this problem is developing free software and rejecting proprietary software. Free software means that you, as a user, have four essential freedoms: (0) to run the program as you wish, (1) to study and change the source code so it does what you wish, (2) to redistribute exact copies, and (3) to redistribute copies of your modified versions. (See the free software definition.)

With free software, we, the users, take back control of our computing. Proprietary software still exists, but we can exclude it from our lives and many of us have done so. However, we now face a new threat to our control over our computing: Software as a Service. For our freedom’s sake, we have to reject that too.

How Software as a Service Takes Away Your Freedom

Software as a Service (SaaS) means that someone sets up a network server that does certain computing tasks—running spreadsheets, word processing, translating text into another language, etc.—then invites users to do their computing on that server. Users must send their data to the server, which returns the results.

“With SaaS, the users do not have even the executable file: it is on the server, where the users can’t see or touch it.”These servers wrest control from the users even more inexorably than proprietary software. With proprietary software, users typically get an executable file but not the source code. That makes it hard for programmers to study the code that is running, so it’s hard to determine what the program really does, and hard to change it.

With SaaS, the users do not have even the executable file: it is on the server, where the users can’t see or touch it. Thus it is impossible for them to ascertain what it really does, and impossible to change it.

Furthermore, SaaS automatically leads to harmful consequences equivalent to the malicious features of certain proprietary software. For instance, some proprietary programs are “spyware”: the program sends data about users’ computing activities to the program’s owner. Microsoft Windows sends information about users’ activities to Microsoft. Windows Media Player and RealPlayer report what user watches or listens to.

“Microsoft Windows sends information about users’ activities to Microsoft.”Unlike proprietary software, SaaS does not require covert code to obtain the user’s data. By the very nature of SaaS, users must send their data to the server.

SaaS gives the same results as spyware because it requires users to send their data to the server. The server operator gets all the data with no special effort, by the nature of SaaS.

Some proprietary programs can mistreat users under remote command. For instance, Windows has a back door with which Microsoft can forcibly change any software on the machine. The Amazon Kindle e-book reader (whose name suggests it’s intended to burn people’s books) has an Orwellian back door that Amazon used in 2009 to remotely delete many Kindle copies of Orwell’s books 1984 and Animal Farm which people had purchased from Amazon.

SaaS inherently gives the server operator the power to change the software in use, or the users’ data being operated on. Once again, no special code is needed to do this.

Thus, SaaS is equivalent to total spyware and a gaping wide back door, and gives the server operator unjust power over the user. We can’t accept that.

Untangling the SaaS Issue from the Proprietary Software Issue

SaaS and proprietary software lead to similar harmful results, but the causal mechanisms are different. With proprietary software, the cause is that you have and use a copy which is difficult or illegal to change. With SaaS, the cause is that you use a copy you don’t have.

“SaaS is equivalent to total spyware and a gaping wide back door, and gives the server operator unjust power over the user.”These two issues are often confused, and not only by accident. Web developers use the vague term “web application” to lump the server software together with programs run on your machine in your browser. Some web pages install nontrivial or even large JavaScript programs temporarily into your browser without informing you. When these JavaScript programs are nonfree, they are as bad as any other nonfree software. Here, however, we are concerned with the problem of the server software itself.

Many free software supporters assume that the problem of SaaS will be solved by developing free software for servers. For the server operator’s sake, the programs on the server had better be free; if they are proprietary, their owners have power over the server. That’s unfair to the operator, and doesn’t help you at all. But if the programs on the server are free, that doesn’t protect you as the server’s user from the effects of SaaS. They give freedom to the operator, but not to you.

Releasing the server software source code does benefit the community: suitably skilled users can set up similar servers, perhaps changing the software. But none of these servers would give you control over computing you do on it, unless it’s your server. The rest would all be SaaS. SaaS always subjects you to the power of the server operator, and the only remedy is, don’t use SaaS! Don’t use someone else’s server to do your own computing on data provided by you.

Distinguishing SaaS from Other Network Services

Does condemning SaaS mean rejecting all network server? Not at all. Most servers do not raise this issue, because the job you do with them isn’t your own computing except in a trivial sense.

The original purpose of web servers wasn’t to do computing for you, it was to publish information for you to access. Even today this is what most web sites do, and it doesn’t pose the SaaS problem, because accessing someone’s published information isn’t a matter of doing your own computing. Neither is publishing your own materials via a blog site or a micro-blogging service such as Twitter. The same goes for communication not meant to be private, such as chat groups. Social networking can extend into SaaS; however, at root it is just a method of communication and publication, not SaaS. If you use the service for minor editing of what you’re going to communicate, that is not a significant issue.

“Fortunately, development hosting sites such as Savannah and Sourceforge don’t pose the SaaS problem, because what groups do there is mainly publication and public communication, rather than their own private computing.”Services such as search engines collect data from around the web and let you examine it. Looking through their collection of data isn’t your own computing in the usual sense, so these services are not SaaS.

E-commerce is not SaaS, because the computing isn’t solely yours; rather, it is done jointly for you and another party. So there’s no particular reason why you alone should expect to control that computing. The real issue in E-commerce is whether you trust the other party with your money and personal information.

Using a joint project’s servers isn’t SaaS because the computing you do in this way isn’t yours personally. For instance, if you edit pages on Wikipedia, you are not doing your own computing; rather, you are collaborating in Wikipedia’s computing.

Wikipedia controls its own servers, but groups can face the problem of SaaS if they do their group activities on someone else’s server. Fortunately, development hosting sites such as Savannah and Sourceforge don’t pose the SaaS problem, because what groups do there is mainly publication and public communication, rather than their own private computing.

Multiplayer games are a group activity carried out on someone else’s server, which makes them SaaS. But where the data involved is just the state of play and the score, the worst wrong the operator might commit is favoritism. You might well ignore that risk, since it seems unlikely and very little is at stake. On the other hand, when the game becomes more than just a game, the issue changes.

Which online services are SaaS? Google Docs is a clear example. Its basic activity is editing, and Google encourages people to use it for their own editing; this is SaaS. It offers the added feature of collaborative editing. but adding participants doesn’t alter the fact that editing on the server is SaaS. (In addition, Google Docs is unacceptable because it installs a large nonfree JavaScript program into the users’ browsers.) If using a service for communication or collaboration requires doing substantial parts of your own computing with it too, that computing is SaaS even if the communication is not.

Some sites offer multiple services, and if one is not SaaS, another may be SaaS. For instance, the main service of Facebook is social networking, and that is not SaaS; however, it supports third-party applications, some of which may be SaaS. Flickr’s main service is distributing photos, which is not SaaS, but it also has features for editing photos, which is SaaS.

Some sites whose main service is publication and communication extend it with “contact management”: keeping track of people you have relationships with. Sending mail to those people for you is not SaaS, but keeping track of your dealings with them, if
substantial, is SaaS.

If a service is not SaaS, that does not mean it is ok. There are other bad things a service can do. For instance, Facebook distributes video in Flash, which pressures users to run nonfree software, and it gives users a misleading impression of privacy. Those are important issues too, but this article’s concern is the issue of SaaS.

“That’s what the buzzword “cloud computing” is for. This term is so nebulous that it could refer to almost any use of the Internet.”The IT industry discourages users from considering these distinctions. That’s what the buzzword “cloud computing” is for. This term is so nebulous that it could refer to almost any use of the Internet. It includes SaaS and it includes nearly everything else. The term only lends itself to uselessly broad statements.

The real meaning of “cloud computing” is to suggest a devil-may-care approach towards your computing. It says, “Don’t ask questions, just trust every business without hesitation. Don’t worry about who controls your computing or who holds your data. Don’t check for a hook hidden inside our service before you swallow it.” In other words, “Think like a sucker.” I prefer to avoid the term.

Dealing with the SaaS Problem

Only a small fraction of all web sites do SaaS; most don’t raise the issue. But what should we do about the ones that raise it?

For the simple case, where you are doing your own computing on data in your own hands, the solution is simple: use your own copy of a free software application. Do your text editing with your copy of a free text editor such as GNU Emacs or a free word processor. Do your photo editing with your copy of free software such as GIMP.

But what about collaborating with other individuals? It may be hard to do this at present without using a server. If you use one, don’t trust a server run by a company. A mere contract as a customer is no protection unless you could detect a breach and could really sue, and the company probably writes its contracts to permit a broad range of abuses. Police can subpoena your data from the company with less basis than required to subpoena them from you, supposing the company doesn’t volunteer them like the US phone companies that illegally wiretapped their customers for Bush. If you must use a server, use a server whose operators give you a basis for trust beyond a mere commercial relationship.

However, on a longer time scale, we can create alternatives to using servers. For instance, we can create a distributed program through which collaborators can share data encrypted. The free software community should develop distributed peer-to-peer
replacements for important “web applications”. It may be wise to release them under the GNU Affero GPL, since they are likely candidates for being converted into server-based programs by someone else. The GNU project is looking for volunteers to work on such replacements. We also invite other free software projects to consider this issue in their design.

In the meantime, if a company invites you to use its server to do your own computing tasks, don’t yield; don’t use SaaS. Don’t buy or install “thin clients”, which are simply computers so weak they make you do the real work on someone else’s server. Use a real computer and keep your data there. Do your work with your own copy of a free program, for your freedom’s sake.


Copyright © 2010 Richard Stallman
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

4 Comments

  1. Agent_Smith said,

    March 24, 2010 at 1:41 pm

    Gravatar

    Ironically, open source not only enables SaaS as it makes SaaS a very attractive option. The so called “cloud computing” will be (if it ever becomes) a hit thanks to Open Source…

    Dr. Roy Schestowitz Reply:

    But GPL enables this too. It’s the AGPL which can only limit it somewhat but not completely (you can make it proprietary further up/below the stack).

    Agent_Smith Reply:

    Well, cloudy skies(No pun intended) are waiting for us then… The hit of the moment are “The clouds” and everyone wants to be there and take a bit of “The clouds” for their own gain…

    Dr. Roy Schestowitz Reply:

    Microsoft included. It even wants to ‘tax’ the software which runs most ‘clouds’.

What Else is New


  1. Links 16/2/2019: Ubuntu 18.04.2 LTS, PyCharm 2019.1 EAP 4

    Links for the day



  2. Outline/Index of the Alexandre Benalla/Battistelli Scandal

    Our writings about the scandals implicating Benalla and the European Patent Office (EPO)



  3. Reading Techrights on a Mobile Device Running Android

    A new Android app for reading this site is being tested



  4. Links 14/2/2019: “I Love Free Software Day” and Mesa 19.0 RC4 Released

    Links for the day



  5. “EPO Lawlessness Again”

    Blackberry uses bogus European Patents (on software) for lawsuits; "all of them pure software patents. Patents on programs for computers as such," as Müller puts it



  6. Unitary Patent (UPC) is All About Imposing Patent Maximalists' Ideology of Greed and Self Interest on Courts in the Name of 'Unification' or 'Consistency' or 'Community'

    Pushers of the Unified Patent Court (UPC) are upset that they don’t always get their way when independent judges get to decide; as it turns out, many European Patents are just fake patents, more so under António Campinos



  7. Battistelli's Bodyguard, Part V: Mediapart Explains the 'Raid' Attempt, Reporters Without Borders Involved

    Mediapart, an investigative site that unearths a lot of incriminating things about Battistelli's former bodyguard Alexandre Benalla, was the target of a raid attempt some weeks ago



  8. Links 13/2/2019: Tails 3.12.1, MongoDB Being Dumped

    Links for the day



  9. Battistelli's Bodyguard, Part IV: Suspected Offenses of Forgery and Possible Falsification

    In a very underworld fashion, Benalla continues to break the law and create yet more scandals



  10. Battistelli's Bodyguard, Part III: Mars, France Close Protection (Benalla's Family), and Russian Oligarchy

    An article which examines the business background of Benalla, the outrageous salaries, the severance indemnity pay, and contract with a Russian oligarch close to Vladimir Putin



  11. Links 13/2/2019: Plasma 5.15.0 and a Look at Linux Mint Debian Edition Cindy

    Links for the day



  12. Battistelli's Bodyguard, Part II: Fishing Expedition for Sources in the Alexandre Benalla 'Underworld' Scandal

    An utter lack of respect for the privacy of the media and of its sources, in the name of protecting the privacy of those convicted of crimes, as seen in France just like the European Patent Office



  13. Innovating the Idea That Software Patents (Monopolies on Algorithms) Are Covering 'Artificial' 'Intelligence' (AI and ML as Loopholes)

    Patent law firms around the world love this new trick, which is framing software that makes decisions as "AI" (magically rendering it patent-eligible only in offices but not in courts, which the EPO hopes to replace/override anyway)



  14. Battistelli's Bodyguard, Part I: Destruction of Evidence by Alexandre Benalla

    The Alexandre Benalla scandal carries on, deepening even further than before and causing raids of the media; will the EPO be implicated and held accountable too?



  15. Links 12/2/2019: PyPy 7.0.0, HHVM 4.0.0 and CVE-2019-5736

    Links for the day



  16. USPTO Director Iancu Works for Anti-SCOTUS (Against Section 101) Lobbyists

    The United States Patent and Trademark Office Director Andrei Iancu is becoming to the patent system what Ajit Pai is to the FCC or to the broadband industry; there appears to be intentional vandalism and total disregard for the rule of law



  17. Gross Violations of the EPC at the European Patent Office as Principal Priority Turns Against Science and Technology

    What good is the law if violation of the European Patent Convention (EPC) is so routine at today’s European Patent Office (EPO), which exploits its immunity to operate outside the rule of law and pursue nothing but cash (selling patents/monopolies that are invalid in courts)?



  18. European Patent Office's Exploitation of the 'AI' Catchphrase/Buzzword to Grant Patents on Algorithms in Defiance of the Rules, the Law, and Common Sense

    In clear violation of the EPC (i.e. more of the same from the EPO) software patents are being actively promoted and law being bypassed or worked around



  19. Microsoft's Patent Trolls Are Still Suing Microsoft's Rivals to Help Sell Microsoft

    The ‘new’ Microsoft boils down to the patent equivalent of the copyright case of SCO (funded by Microsoft)



  20. The American Software Patents Lobby Has Died

    Voices of US law firms (i.e. patent maximalists) have become quieter and rarer; applications for US patents have decreased in number, patent litigation numbers have collapsed entirely, and patent maximalists have moved on



  21. Links 10/2/2019: Linux 5.0 RC6, Project Trident 18.12 Reviewed

    Links for the day



  22. Corrupt Battistelli Paid a Fortune (EPO Budget) for Outlaw/Rogue 'Bodyguards' From Firm Linked to Russian Oligarch Iskander Makhmudov

    Mediapart continues to shed more light on the shady firm behind Alexandre Benalla, whom Battistelli hired to break the law and secretly bring firearms to the EPO



  23. Which Microsoft?

    The inconsistencies between public statements of Microsoft and private discussions/actions



  24. António Campinos Will Never Hold Battistelli Accountable for His Crimes Because He Too Profits From These

    The EPO isn't just Europe's second-largest institution but also quite possibly Europe's largest criminal enterprise, whose ringleaders have enjoyed and exploited diplomatic immunity to escape prosecution



  25. 25,000 Blog Posts and Record Traffic

    At a pace of nearly 2,000 posts per year (since 2006) we continue to grow and can use readers' help



  26. Jim Zemlin's PAC Keeps Raising Money From Microsoft

    The Open Source Definition's author as well as various Free/Open Source software (FOSS) luminaries warn of an attack on FOSS ("efforts to undermine the integrity of open source”); it's not too hard to see who participates in it or enables such attacks



  27. Links 9/2/2019: Linux 4.4.174 and GTK+ No More (Now Just GTK)

    Links for the day



  28. Number of Patent Applications, Not Just Number of Patent Grants, Continues to Slide in the United States

    The attractiveness of US patents appears to have eroded, seeing that many US patents are simply not enforceable in courts



  29. EPO President Campinos Works With Patent Trolls and With Team UPC to Promote Software Patents

    The EPO has taken another tumble by collaborating with '4iP Council', a patent extremists' lobby; it is moreover becoming apparent that a lot of European Patents are bogus (not valid) and the management of the EPO is eager to grant yet more of these



  30. Links 8/2/2019: Things to Look For on Linux in 2019, Fedora Logo Redesign

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts