do2gether blog

It is not enough for citizens to be told to have certain rights as users of a given telematic service, under a license (such as FLOSS), or a legislations (such a national and global privacy protection regulations) or under a contract with the service provider (such as Terms of Use)
To actually control a telematic service, or a web service, a user needs reasonable practical means to verify the software AND the hardware of all servers which run at and beyond the point of decryption of my communications with such service (or “end servers”).
If such “end servers” interact with other external network services, I will know, by having access to their code of the “end servers”, which services, and all the details and conditions of such interaction.
It is not necessary to control servers and networks in between the client device and the “end servers”, as we can reasonably rely on the power of the latest encryption to totally secure from all software, hardware and cables in between. In fact, the communication could be intercepted in between, but the content could not be read. It could be stopped or deviated in between, but there is free software that, installed on both client and server can prevent that, or at least verify that it did happens.
This is not new. Democracies, for centuries now, have always provided citizens with reasonable means to verify that key constitutional rights were not widely abused. When I go to vote, I do not simply have the right that my vote be secret and fairly counted, but I rely on a good number of other citizens, randomly selected or with conflicting interests, which prevent the bad guys to put in place large scale abuses of such rights. There are also a number of process regulations, such as recounts, that further prevent such frauds.
In fact, in order to provide such concrete control over telematics, server rooms (or “cages”) hosting a such “free” telematic service could be physically managed applying those same (or enhanced) physical security provisions that are currently applied to ballot boxes during an election. In practice, physical access to such servers would be enabled only while a few randomly selected or elected users (or citizens) are physically present. For a more detail explanation on how that may be accomplished, see our proposed hosting requirements for such service
According to this model of telematic service provisioning, anyone could deploy a “free” telematic services, by developing new software or freely installing or extending any publicly available FLOSS software, and running those according to such hosting requirements.
Anyone can do this, without breaching any FLOSS license, by requiring the signing of a copyright assignment, or similar statement, whenever users, or anyone, wants to access the software source code.

For more info on how set up such “free” telematics service, see our draft Service Access Policies at Plonegroups.org

Rufo Guerreschi

Powered by ScribeFire.

When Google released its Google Pinyin (GP), many Chinese users noticed unusual similarities with Sogou Pinyin, a rival Input method editor developed by search competitor Sohu Inc. A few purposely mistaken and obscure phrases Sogou had embedded in its code to work as digital signatures and names of some Sohu engineers were also found in Google’s Pinyin.

Google apologized on its chinese blog (translation here), admitting to have used “non-Google originated data source” in GP version 1.0. Explanations were given elsewhere and Google’s Code of Conduct is certainly not sufficient to avoid copycat software, and probably other legal problems still to come.

That’s a very interesting argument, given the fact that removing the copied code and releasing a “clean” new version is something very easy for Google to do. But Google’s image of “Don’t do evil” in China may be affected forever, and that’s not easy to repair in short-time. The problem gets bigger and bigger everyday, since much of the software Google produces is probably derived from other “Free Software“, which makes much easier (or convenient) for Google engineers to perform such copycats because, even when GPLv2 code is modified, no one can ever know which product was modified neither download the code, since it is not considered a “release”.

Well, what if a really Free License existed for source code on the web? What if GPLv3 permitted web users to download the code of the web applications they’re using remotely? After all, it is all free code, contributed by volunteers, and the paradox is that they cannot get back what they have contributed even being users of such application. This right is partially denied in new GPLv3 draft, because the Affero clause will be optional.

What does it have to do with PloneGroups? Well, for the past 2 years the Telematics Freedom Foundation has been working on how to solve this issue. And we think we’re pretty close to the solution, to be applied in our GoogleGroups/YahooGroups (really) free alternative. Drop us your comments, tell us what do you think