Re: [GNU-linux-libre] Proposal to revise FSDG to exclude SaaSS-only software clients

[Andreas Grapentin]

Hello,

Since this issue has been discussed extensively on the issue on the
parabola tracker linked below in the original message, I think it is
fair to present my view on the arguments below, since I was the one to
close the issue on the tracker. Afterwards, I will retreat from this
discussion, because I believe everything has been said, and saying more
is a waste of everyones time.

Comments are inline below.

On Sun, Apr 11, 2021 at 11:55:17AM +0300, Jean Louis wrote:
> ,----
> | The freedom to run the program as you wish
> | 
> | The freedom to run the program means the freedom for any kind of
> | person or organization to use it on any kind of computer system, for
> | any kind of overall job and purpose, without being required to
> | communicate about it with the developer or any other specific
> | entity. In this freedom, it is the user's purpose that matters, not
> | the developer's purpose; you as a user are free to run the program for
> | your purposes, and if you distribute it to someone else, she is then
> | free to run it for her purposes, but you are not entitled to impose
> | your purposes on her.
> `----
> 
> When software package such as Telegram Desktop is included in the FSF
> free software distribution, there are factors to observe:
> 
> - Telegram Desktop communicates exclusively with SaaSS Telegram
>   servers, there is vendor's lock in, and there exist no free server
>   software that users can host it themselves and thus operated client
>   software such as Telegram Desktop with their own self-hosted
>   servers.

The claim that telegram servers provide SaaSS is dubious, as the section
"Distinguishing SaaSS from Other Network Services" on
https://www.gnu.org/philosophy/who-does-that-server-really-serve.html
clearly states (emphasis mine):

> Rejecting SaaSS does not mean refusing to use any network servers run
> by anyone other than you. Most servers are not SaaSS because the jobs
> they do are some sort of *communication*, rather than the user's own
> computing.

Other quotes from the same page:

> By contrast, if for fundamental reasons you couldn't possibly do that
> activity in your own computers, then the activity isn't entirely your
> own, so the issue of SaaSS is not applicable to that activity. In
> general, these activities involve *communication with others*.

and:

> Most servers are not SaaSS because the jobs they do are some sort of
> *communication*, rather than the user's own computing.

[end of quotes frcom gnu.org; original message continues below]

> - Telegram network is centralized, server software is proprietary, API
>   terms are proprietary and represent "further restrictions" on the
>   GPL3, which are we free to ignore; we may build "Telegram-like
>   server", but nobody did that; however, by ignoring it legal threats
>   or issues do not end by ignorance, and issue for FSF endorsed
>   distribution is not ended there. Reference:
>   https://core.telegram.org/api/terms where that API terms dictate
>   limits on how client software cannot be changed; this impairs users'
>   freedom, but we are are, due to GPL3, free to ignore such further
>   restrictions.

The API terms pose restrictions on what clients can do as participants
of the telegram network, wich does not unreasonably restrict the users
freedom. Users are free to change software as they wish, but that does
not mean that any modifications need to be welcome as participants in
the network.

There are no known instances of telegram as a company issuing 'legal
threats' to forks or alternative client implementations for
modifications they made to the client software. There are instances of
them requesting changes to forked client software to ensure they are
well-behaved participants in the network. This is perhaps a grey area
worthy of further discussion.

>   In addition to that, Telegram Desktop DOES NOT clearly indicate in
>   sources that there are further restrictions that relate to some
>   specific part of program. There is something about "API acceptance"
>   in the software, but no reference to further restrictions.
> 
> - FSF promotes decentralization, references:
> 
>   https://www.fsf.org/campaigns/campaigns-summaries#surveillance
>   https://www.fsf.org/campaigns/surveillance
>   
> https://www.fsf.org/news/free-software-foundation-statement-on-prism-revelations
> 
>   Quotes like:
> 
>   "To protect their freedom and privacy, the FSF urges everyone to
>   contact their representatives, avoid Software as a Service, and
>   donate to support projects working for a better, safer world."
> 
>   Now does that everyone includes also decision makers within the FSF
>   endorsed free system distributions? I think so.

There are of course better (as in: better privacy) chat clients than
telegram, which are also packages by the free distributions. That does
not necessitate the removal of telegram from the distribution by itself.
A stronger reason is needed.

> - There are huge privacy issues, for example there is no encryption
>   for GNU/Linux users, read:
>   https://en.wikipedia.org/wiki/Telegram_(software)#Secret_chats
>   and security breaches:
>   https://en.wikipedia.org/wiki/Telegram_(software)#Security_breaches
> 
> Now, FSF promotes decentralization, is putting money and efforts to
> decentralize Internet, but on the other hand endorses system
> distributions which ship centralized software which only purpose is to
> serve developers', to serve the network and vendor's purpose, and not
> users' purpose, where users are unable to install proprietary server
> themselves and build their own networks.
> 
> Some free OS distributions do not share this opinion and include such
> software such as Telegram Desktop and other similar software clients
> that interact with proprietary SaaSS. They look into software package
> itself only, not looking at a broader picture, and if software is
> GPL licensed, then it seem to be enough to be included in the FSF
> endorsed system distribution.

Yes, parabola does include the telegram client in the distribution,
because, as I outlined above, we see no reason not to.

> But I don't think so.
> 
> As such (Telegram Desktop and akin clients interacting solely with
> proprietary SaasS) software's purpose is sole purpose to serve
> developers' purpose, that is to widen their network and earn more
> money, but do not help user to build users' own network.
> 
> Luckily, Hyperbola GNU/Linux-libre excludes software that is meant to
> exclusively serve developers' purposes, not users' purposes. Example
> grep result:
> 
> grep -i telegram blacklist.txt 
> cutegram::hyperbola:1005:[nonprivacy] only useful with Telegram service
> libqtelegram-ae::hyperbola:1006:[nonprivacy] only useful with Telegram service
> telegram-qt::hyperbola:1007:[nonprivacy] only useful with Telegram service
> telegramqml::hyperbola:1008:[nonprivacy] only useful with Telegram service
> telepathy-morse::hyperbola:1009:[nonprivacy] only useful with Telegram service

As you can see here, hyperbola has removed these packages for privacy
reasons. parabola could do that too, but that was not discussed in the
original ticket on the parabola tracker. I have requested the original
messenger to open a new issue for that, and we can do the same. But that
would need a separate discussion.

> Other examples:
[omitted for brevity]

> Thus my proposal is that FSF reviews these matters, and that free
> system distributions adopt the principles of Hyperbola GNU/Linux-libre
> developers, to look at the broader picture when deciding if software
> should be included or not -- not only into the fact that it is
> GPL/otherwise-freely licensed.
> 
> Few questions shall be raised when there are conflicting issues raised
> in relation to GPL/otherwise-freely licensed client software:
> 
> Purpose of software
> ====================
> 
> https://www.gnu.org/philosophy/free-sw.html
> 
> When including package, client software into free system distribution
> endorsed by FSF, developers shall ask themselves: is the sole purpose
> of this package to interact with proprietary SaaSS and thus promote
> relationship to vendor and vendor's purposes? If YES, such package
> should not be included.
> 
> Or does that software helps users to be free to build their own
> network with free server side software that interacts with client
> software?  Do we have a free server software that may be used with
> this software? If YES, then package should be included.
> 
> Answer to these questions also solves the promotion of decentralized
> networks and is aligned to FSF public statements.
> 
> Inclusion of client software into FSF endorsed free system
> distributions that promote centralized vendor' politics, does not
> conform to FSF public statements and campaigns on surveillance and
> decentralizations.
> 
> Quote:
> 
> ,----
> | The freedom to run the program as you wish
> | 
> | The freedom to run the program means the freedom for any kind of
> | person or organization to use it on any kind of computer system, for
> | any kind of overall job and purpose, without being required to
> | communicate about it with the developer or any other specific
> | entity. In this freedom, it is the user's purpose that matters, not
> | the developer's purpose; you as a user are free to run the program for
> | your purposes, and if you distribute it to someone else, she is then
> | free to run it for her purposes, but you are not entitled to impose
> | your purposes on her.
> `----
> 
> Thus I am asking FSF and developers of free system distributions to
> consider these issues, and EXCLUDE software clients that have the sole
> purpose to serve proprietary SaaSS -- where there is no server
> software that users may install themselves.

In summary, I believe the arguments presented here are disingenuous and
seem to not be motivated by the stated reasons of software freedom and
user freedom, and instead by a personal vendetta against the telegram
company (referred to as 'vendor'). This mail reiterates claims that have
been refuted several times on the original issue on the parabola
tracker, and it is frankly rather tiring to have to explain multiple
times what the term SaaSS really means, to someone who should know
better.

The message also confuses issues of freedom with issues of privacy,
confuses local computing and services, both of which make it needlessly
convoluted and difficult do discuss, and presents hypothetical legal
threats by the 'vendor' which do not exist, apparently to make a
stronger case than it really has.

In my opinion, the conclusion can only be that there are no freedom
issues that would necessitate the immediate removal of any telegram
clients from the distribution. The claims of SaaSS are wrong, and the
GPL is not violated in any way. There may be privacy issues, but those
need to be discussed separately, in order to have any chance of settling
this discussion in a productive and meaningful way.

Thank you for you time.

Best regards,
Andreas


oaken-source
for parabola GNU/Linux-libre
https://parabola.nu

(the views stated here are my own and not necessarily reflect the views
and consensus of the entirety of the parabola project maintainer team)

-- 

------------------------------------------------------------------------------
my GPG Public Key:                 https://files.grapentin.org/.gpg/public.key
------------------------------------------------------------------------------

signature.asc
Description: PGP signature