Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Cloud Open Source Software IT News

What's Needed For Freedom In the Cloud? 81

jrepin writes "Georg Greve from Free Software Foundation Europe has often been asked to explain what he considers necessary prerequisites for an open, free, sustainable approach toward what is often called 'The Cloud,' or also 'Software as a Service.' He gives 7 ingredients that are necessary for freedom in the cloud. For example, 'it should be illegal to change privacy policies on users without their explicit consent. They need to know what is changing, and how, and what will be the resulting level of privacy they enjoy – in the same clear, transparent and understandable manner.'"
This discussion has been archived. No new comments can be posted.

What's Needed For Freedom In the Cloud?

Comments Filter:
  • Don't use cloud. (Score:4, Insightful)

    by Anonymous Coward on Saturday July 30, 2011 @06:53PM (#36935760)

    That's all you need for freedom..

    • by Anonymous Coward on Saturday July 30, 2011 @08:13PM (#36936130)

      Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.

      The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.

      And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.

      My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.

      • Re: (Score:2, Funny)

        by Anonymous Coward

        Is that the Big-Indian or Little-Indian teams?

      • This is of course your own managerial responsibility. However I HAVE TO say word here. I was analyst of the team, developing the really safe alternative to the RSA algorithm, which later turned out to the whole PKI alternative, much higher safety level was confirmed by independent experts and based on this was the team scattered because there is NO POLITICAL WILL to have something, governements are not able to read.

        I may not say more (do not need any lawsuits), but my recommendention: unless you see real
        • I hate to break the news to ya pal but governments haven't needed MSFT to provide backdoors in years. As someone who spends 6 days a week fixing the things I can tell you foolproof way to get into a good 90%+ of the machines out there. 1.- For the guys a webpage that says "Hey want to look at teh titiez! Just run our Iz_Not_Backdoor_Iz-Codec.exe to get teh free pronz!" 2.-For the ladies a chat window that pops up "Hey you just got to see teh cute kitteh videoz!" which takes them to a malware laden page, and

          • Sorry, was not logged when replied. I authorize that the following comment is my own:

            I do agree with you in (almost) all points. However I was provoked by the commenter, speaking "Hey, I have SSH so I am safe, because somebody told me so."

            And for the rest - all depends on the awareness and will to care among population. Oh, what did I say? Oh no, we are so doomed...
            • The problem is (and this is NOT a Godwin, this is an analogy to their infrastructure not their evil) we have a propaganda machine that makes the ones the Nazis had in the 30s look like some kid with leaflets. look at how quickly the government got the MSM to label Assange a "dirty rapist terrorist monster" while NOT A SINGLE ONE said a damned thing about the cable showing we had a contractor selling 9 year old boys as fucktoys to get a contract, and they had done the same to 11 year old girls in Kosovo and

          • by tlhIngan ( 30335 )

            I hate to break the news to ya pal but governments haven't needed MSFT to provide backdoors in years. As someone who spends 6 days a week fixing the things I can tell you foolproof way to get into a good 90%+ of the machines out there. 1.- For the guys a webpage that says "Hey want to look at teh titiez! Just run our Iz_Not_Backdoor_Iz-Codec.exe to get teh free pronz!" 2.-For the ladies a chat window that pops up "Hey you just got to see teh cute kitteh videoz!" which takes them to a malware laden page, and

    • Or use your own [].

      Once again, free software comes to the rescue :)

    • by Anonymous Coward

      More appropriately the ability to choose to use the cloud or not too would be freedom. I'm pretty sure that "agree with me and don't do things I don't like" doesn't equal freedom but I do see how you could be confused given that that is the definition most of our society uses these days.

    • just everything to do with every online service.

      it's not like you, as the user, have any idea if the data is in a cloud or not.

      cloud is just a modern code word for "we're buying the servers from a generic servers service".

      • by dkf ( 304284 )


        The issue is not whether you have virtualized service stacks all over the place, the issue is whether or not you retain control of the whole thing. Keeping control allows you to do pretty much what you want, (almost) no restrictions, but it costs a lot and takes a lot of extra work. Letting someone else take control of part of the whole thing is cheaper (specialists tend to do a better job) but it does mean that you have to work with them.

        As for Georg Greve's plea for standards, I think he underestimat

  • by artor3 ( 1344997 ) on Saturday July 30, 2011 @07:01PM (#36935796)

    There needs to be lots of choices for users, and an easy, free way to transfer all data from one company to another. Otherwise all the disclosure in the world is meaningless, since they can hold your data hostage to make you accept their new terms.

    • Mod parent up. Article is slashdotted and Google hasn't cached it yet, but I hope this is in it. This is point #1.
    • by Anonymous Coward

      Which is funny, because that's *how the entire fucking internet originally was*. You could use standards based protocols described in RFCs that anyone could implement to move data from anywhere to anywhere. We have things like email that works on everything from an Android phone to an IBM Z-series mainframe because it's a standard protocol.

      Only fairly recently did people seem to start using all these proprietary protocols that lock people into various things. Why they did that, I have no earthly idea, bu

      • by Sinanju ( 588194 )
        "Only fairly recently did people seem to start using all these proprietary protocols that lock people into various things. Why they did that, I have no earthly idea...." The answer is inherent in the question. To lock people into various things (i.e., the hardware and/or software I provide for them, in return for teh monies). I mean, seriously! If they can just move their data anyplace they like using standard protocols, I have no leverage. I have to actually, you know, WORK for their patronage. I have to
    • How about an easy free way to transfer your data that they can't revoke the moment you fall behind on your bills or for whatever reason feel like holding you hostage?

      Paying a toll to cross a drawbridge doesn't do any good if the king can just raise it and lock you inside the castle when he feels like it.

    • Users need to be able to back up their own data. If they fail to do so, tough shit.

    • Transfers involve bandwidth and so cost money. It seems that an easy and free option to permanently delete would suffice. If you care about the data and don't have a copy under your own control then that's your problem.

    • by gweihir ( 88907 )

      Indeed. An none of that is going to happen. The only real solution is to stay out of the cloud.

    • I just emailed one of the admins at Slashdot to find out how do I download my comment file. By now I've built up some 100,000 words that I would like to merge and rework into a blog.

      So here I go with a test case of one of the sites that should know how! Let's see what answer turns up. I asked for a "few-click" method if possible, without having to install any utilities etc.

  • Don't trust a third party with your information and data. Memory and storage are dirt cheap, pipes are fat and the cloud is just gee-whiz yet redundant technology.

    • by Rich0 ( 548339 )

      Great - can you point to an open-source web-based email solution that works as well as Gmail? That is, with a single key I want to be able to archive or delete a new message.

      Unfortunately the state of web-based FOSS apps isn't great, since most of the effort goes into fancy desktop apps that don't work when you're stuck using a phone or have more than one PC.

      One exception to this I think is Gallery, which is a picture-sharing app that I'd say is competitive with just about all of the major offerings. The

    • pipes are fat

      So are you in Japan, Finland or one of those little flyover towns that Google's fibered-up?

  • And that service is providing a sync path for my data. I'm willing to pay a premium for it. Yet I can't use and enjoy my Android phone with a simple sync path for any price. Its practical functionality depends upon me handing over all of my info to Google's cloud (and that's just for the basic apps, nevermind what I'd like to add on).

    • Re: (Score:2, Informative)

      by jonahbron ( 2278074 )

      Sounds like you need Ubuntu One. Just the free package gets you 5GB and access via Android/iOS.

    • by Anonymous Coward

      Why not use SpiderOak? They have 2 GB free for an unlimited time, an clients that work on Android as well as everything else under the sun.

      • Have they fixed the problem yet where their system has trouble recognizing passwords previously set on the account, and fixed the rather silly limitation that the only help available is via their forums which require the same said passwords? Or the client's tendency to crash when trying to add a new sync, or the apparently random nature of deciding what to sync and when?

  • by Temujin_12 ( 832986 ) on Saturday July 30, 2011 @07:24PM (#36935916)

    How about we start with sustainable database connections?

  • For some values of "freedom". After all, the "Patriot Act" exists to protect our "freedom", right?

    • Yeah, and what's the deal with being illegal to punch you in the face? Damn laws, always restricting our freedom.

      (using PA as an example of all laws is dishonest)

      • You can't guarantee Freedom by taking it away. It's just completely contradictory. 'Free' does not mean 'safe'. It means 'free'. The very act of making laws to to force a choice on to someone takes freedom away. If people don't value safety or security online, then they won't pay for it, therefore businesses won't provide it. You may have a different value judgement, but it's not your place to decide that it is the correct value judgement, and force at gunpoint on someone else. And if you want to pun
        • Uh, not having the freedom to punch someone in the face was my counter-argument. I don't actually want to punch someone in the face.

          You may have a different value judgement, but it's not your place to decide that it is the correct value judgement, and force at gunpoint on someone else.

          You can't guarantee Freedom by taking away my freedom to force people at gunpoint! It's just completely contradictory!

  • by tftp ( 111690 ) on Saturday July 30, 2011 @08:12PM (#36936128) Homepage

    So I got to read the article, and the author lists a bunch of good, desirable things there. But none of them will happen until the businesses that provide those cloud services are forced to listen to wishes of the clients.

    However majority of clients are not very wise in terms of network security (or anything else, as matter of fact.) So those companies will always have plentiful harvest of suckers, and that's who they will focus on. If you are a green-skinned geek in glasses you are not their audience, and your whimpering that "their service is not perfect" will be summarily ignored.

    Geeks can't use the cloud, basically. Anyone who does that surrenders a bit of his|her|its privacy, and on top of that has to obey the arbitrary rules that are imposed by those companies. The only solution is not to play.

    I did just that last night. I needed to change the email on Yahoo to something else. I type the name in, and I get in return "#604,E4 This email address is blocked by owner." No help anywhere; other people report this error too, with no resolution. I was able to resolve that. Want to know how? I deleted the whole Yahoo profile. Google profile will be next.

    • by Anonymous Coward

      It will happen when the business listed to the wishes of their clients?

      I postulate the exact opposite:

      Commercial clients don't care about "freedom" of their platform. They care about price, stability, performance, and quite possibly security, but that's about it.

      If there was a large pool of clients out there, pining for a "free" cloud offering and slaving away under the brutish oligarchy of the current providers, you can bet somebody else would open up a cloud provider that stressed "freedom" and poached al

  • And if you try, you will fail. The problem here is the data location. The only thing that will ensure privacy is to not give your data to "the cloud".

    • So much of data is already given to the cloud, at least of the set of data that the cloud would be interested in. The cloud doesn't care about your diaries and personal documents, not enough to attempt to decrypt them. The most valuable data you possess is your profile to advertisers, which is available now unless you take measure to prevent it from being so.
  • by Anonymous Coward

    Freedom is needed for freedom in the cloud.

    As long as you are relying on a company with a datacenter to hold onto your data, you giving up freedom for convenience. If you want freedom without storing the data directly on your own computer, then look into a peer-to-peer (possibly just friend-to-friend) network to store the data. That is, store it on your own computer and your friends' computers, with the assumption that one of them will be up any time you need to use it and the p2p network will prevent you f

  • Obviously if you can not easily move your data to a competing cloud - or back to your own computers - if dissatisfied, you have no freedom. Your are stuck with what one particular company is offering.

  • Sarcasm follows...

    Wow! I can do exactly what I had been doing on my old local machine, on a underpowered machine, and I can pay someone for it!
    I can pay money the same functionality I could otherwise get free in Libreoffice.
    Together we can make a centralization of data, creating single points of failure, making sure that we create monopolies along the way, and do you know what else?
    We'll slow the internet down to a crawl with traffic from processing that should be locally, until the day comes when we get ha

  • I'm a bit surprised. It is official policy of the FSF not to use the term "cloud". The issue with the closest thing, software as a service, is explained here: []
  • This is ridiculous - clouds are private for-profit run companies. To ask "what's needed for freedom in the cloud" is almost the same as to ask "why can't I set up my tent in a mall". The short answer - don't use the cloud - that just about summarizes it all. Someone set up the cloud for you, you want to play in it, so you WILL abide by THEIR rules. What freedom???
  • A competitor for the internet. Preferably competitors of the kind that appear and disappear before the corporate giants and their wholly-owned governments can sink their claws into them.
  • Article lays out a good set of rules for freedom in cloud computing, looks well thought-out.

  • by presidenteloco ( 659168 ) on Sunday July 31, 2011 @04:41PM (#36941128)

    For freedom, the cloud needs to become just a layer in the protocol, as it were.

    Some rules of the global cloud layer's operation:

    1. Hosters must have no rights pertaining to hosted content (except to remove it, but see 3.)

    2. Hosters should have no responsibility for content.

    3. Hosters should be prevented technically (e.g. by strong encryption not under their control) from knowing what content they host.

    4. No hoster should host more than an unintelligible (bit-wise randomly interleaved) fragment of any content document.

    5. Hosting should be provided on a mix of consolidated data-centre stores (for performance) and a massively distributed and decentralized peer network, and costs of hosting should be shared by a combination of storage markets and storage-service trading (peering) arrangements, involving the edge players as well as the large-scale players.

    6. Content fragments, in co-operation with simple, standard, uniform software on each storage host, should ensure the content's own long-term survival in the cloud, via a process of periodically checking across the globally distributed storage cloud to ensure that enough copies exist and are sufficiently well distributed on reachable hosts and are stored on a mix of old reliable and newly commissioned storage hosts.

    7. Access to coalesced and decrypted content should only be possible for possessors of the encryption key for the content.

  • I don't understand this knee-jerk rejection of anything to do with cloud computing services. As far as I can tell, cloud computing is the mainstay of the IT industry right now, at least outside of desktop support and support for legacy applications.

  • Essentially you'd need a little plug-in server which gets an IPv6 address and displays an URL/QR-code on the display. This little server should then do your part of the social network for you by staying in contact with your friends servers and only handing out data to them.

    That way no social network operator can just get _all_ the data to datamine it. They have to go through the slow process of tricking you into befriending them.

If I had only known, I would have been a locksmith. -- Albert Einstein