Re: [GNU-linux-libre] Proposal to revise FSDG to exclude SaaSS-only software clients

[Jean Louis]

* bill-auger <bill-auger@peers.community> [2021-04-12 14:58]:
> i have changed he subject, to reflect that is discussion is
> not about SaaSS - we had long discussion of this this week -
> there are ample details on the parabola bug tracker

I have brought back the subject, as discussion is about:

- FSF's stance on surveillance, PRISM and decentralization;

- FSDG not having enough guidance on that above stance;

- FSF endorses distributions which contain packages promoting networks
  that are known for surveillance, PRISM and centralization; such as
  Skype or Telegram; 

- Developers of free FSF endorsed OSes, do not follow the FSF
  statements; as they only stick to FSDG and consider it as final
  document, though it says it is not final or all encompassing
  document. 

Thus discussion is about proposal for FSDG to be modified to give
guidance to FSF endorsed distribution in such manner how I have
explained, let me repeat:

- That client software packages that serve the sole purpose to promote
  relationship to vendor, which sole purpose is to interact with
  vendor's proprietary server side and centralized communication
  platform or other SaaSS shall be excluded from FSF endorsed
  distributions;

  Unless there is server side software that users can establish their
  own networks, such software should not be in FSF endorsed
  distributions as they promote Internet centralization.

Because FSF and people want to promote decentralized Internet, without
surveillance.

> for brevity, i believe that i can condense jean's main concern

On Parabola it is how it started Bill, then it developed with more
research to this issue, as back then I did not find all about Telegram
really. I did not know what it is, until I have researched it. Issue
is not a single one that you can summarize it now, and is not same as
how it started on Parabola.

Issue concern is with inclusion of packages in FSF endorsed
distribution which do not conform to FSF politics.

> jean is concerned that the author could still make some other
> proprietary claim against people who make derivative
> implementations of the client, or new, incompatible servers

I am not concerned. We have discussed it, reviewed GPL3 together with
you, and we ignore further restrictions. That is however not the real
issue, but decision making in FSF endorsed distributions which
propagate software that serve vendors' purposes, not users' purposes
in terms of users' computing freedom.

Telegram is a smart company. They are using GPL for the sole purpose
to create vendor lock-in.

What we have to look into is the intention of vendor, in this case
Telegram, but it applies to any other similar by principle, like
software connecting solely to proprietary server side software by
vendors such as Skype or Signal.

Good for reading:

How to Achieve Vendor Lock-in with a Legit Open Source License –
Affero GPL
https://www.dr-chuck.com/csev-blog/2014/09/how-to-achieve-vendor-lock-in-with-a-legit-open-source-license-affero-gpl/

Where author explains in plain how free software may be used to
achieve vendor lock-ins.

Quote:

"Clever company founders figured out how to “have their cake and eat
it too”. Here is the strategy. First take VC money and develop some
new piece of software. Divide the software into two parts – (a) the
part that looks nice but is missing major functionality and (b) the
super-awesome add-ons to that software that really rock. You license
(a) using the AGPL3 and license (b) as all rights reserved and never
release that source code."

That is exactly the case with Telegram Desktop software. Telegram
company figured it out that they can use trending terms in the
industry such as free software, Github, etc. to promote their
network, but they never had intention to release (b) the server side
source code, and sole purpose of such software is vendor-lock in,
centralization to Telegram and we may also say quite a lot of
surveillance. According to my research Telegram Desktop does not
encrypt any messages and does not support secure chat like mobile
clients do. But privacy issues are is not related to this discussion.

There is good analysis by Free Software Foundation of India:
https://fsf.org.in/article/better-than-whatsapp/

They analyse Telegram and Signal in the context of users' freedom.

Comparison of different apps and services

    Non-free software client and server + centralization (Example
    WhatsApp): does not respect user's freedom and creates vendor
    lock-in.

    Free Software client but non-free server + centralization (Example
    Telegram): client software respects freedom, server software does
    not respect freedom and creates vendor lock-in.

    Free Software client and server + centralization (Example Signal):
    respect user's freedom but creates vendor lock-in.

    Free Software client and server + federation (Example Matrix and
    Quicksy/XMPP): respects users' freedom (as a user or as a
    community) and no vendor lock-in.

    Free software client + peer to peer design (Example Briar, Tox):
    respects users' freedom and no vendor lock-in.

Jean