Richard Stallman recently
against cloud-based computing, and against Google's ChromeOS
in particular. Putting one's personal data on remote servers, he says,
necessarily entails loss of control over that data. It is far better to
keep one's data on a system which is under one's physical control. As with
most things, Richard has been most consistent with this message; he has
been saying similar things for a long time. But the increase in
cloud-based services - and systems designed to direct users toward them -
is adding urgency to this message.
Your editor does not always agree with Richard, but Richard has a point here.
We have worked for many years to build systems which we have some degree of
control over, with quite a bit of success. Even systems which have
traditionally been severely closed - phone handsets, for example - are
becoming more hackable over time. A suitably motivated and skilled user
can avoid proprietary software, and the long list of antifeatures such
software tends to include, much of the time. The situation is not perfect,
but things could certainly have been a lot worse.
When our systems become little more than a window into somebody else's
server, though, that control disappears. The results are predictable:
- People can come to depend on cloud-based services, but the providers
of those services assert their right to pull the plug at any time.
The eviction of Wikileaks from Amazon's cloud is a recent,
high-profile example, but almost every well-known network-based
service is followed by stories of users who have been locked out for
seemingly trivial (or nonsensical) reasons.
- Stories of data misuse abound. Facebook puts profile pictures into
advertisements served to others. Gmail reads
messages and tailors advertisements to match. Email addresses
find their way onto spam lists. Many sites track their users'
activity across the web as a whole and do their best to monetize that
information. And so on.
- Resources in the cloud are cloudy at best; reports
that Amazon has resumed deleting books that Kindle owners believed
they owned are just the latest example of when can happen when "our"
stuff lives at somebody else's will.
- Security breaches and data loss are a common occurrences.
- Many cloud-based services seem to maintain an open-door policy for
governmental agencies looking for information. There is no way to
know what information has been disclosed to whom.
With regard to the last item above, it is encouraging that a US appeals
court has just ruled
that email cannot be seized from a third-party provider without a search
warrant. But it is highly discouraging that such a ruling was necessary in
the first place. Seemingly obvious concepts - like the privacy of email -
seem to fall by the wayside when network-based providers are involved.
Given all this, one might well wonder why such services are seeing any use
at all. The simple fact of the matter is that they are awfully
convenient. A web-based email account is far easier to set up and maintain
than an independent mail server - even for those who have the skills to
maintain such a system. Anybody who has been through the tiresome
experience of moving into a new phone can only be thrilled when that new
Android handset automatically downloads the contact list - and all
previously-installed applications. Establishing contacts and sharing
information is easy on social networking sites - and essentially impossible
otherwise. These services have brought a wide range of capabilities and
features to a wide community of users; there is clear value in what these
companies are providing.
It is well to warn users of what they are giving up when they place their
personal information on such a site. Making sure people know when a cloud
provider misbehaves is clearly the right thing to do. Many LWN readers
heed those warnings and
take a great deal of care to limit the information given to cloud providers
and to maintain their own infrastructure. But it is futile to tell the
rest of the world to avoid cloud-based services when we cannot point them
to any alternatives that are useful to them. Such advice will be ignored,
and the message as a whole may be lost.
The right response to the cloud problem is to create alternatives which
give a higher degree of control - and which are usable by people who have
no interest in putting their time into making things actually work. That
means solving problems at a number of levels. We need applications which
provide a rich experience to users which are not tied to any specific
machine; the web is the obvious way to provide that experience, but it
might not be the only way. Needless to say, these applications must be
free software if we are to trust them at all.
We need freedom-friendly policies that raise
the bar for what users expect and demand. We need a mechanism for
deploying these applications on the net which allows users to easily create
and maintain their own instances while interoperating with others.
It would be good to contemplate what could be done when terabyte storage on
mobile platforms is commonplace - we can always have all of our data in our
pockets. With pieces like these in place, we might begin to have a story
which can compete with the existing providers.
Something else is needed, though: a means for financing these services must
be developed. "Free" is awfully nice, but, as people far wiser than your
editor have observed, if you are not paying for a service, you are not the
provider's customer - you are their product. That is a relationship which
will inevitably lead to conflicts of interest. Establishing a more
straightforward relationship between users and providers of online services
seems like an important step toward improving both control and privacy.
That does not mean getting companies out of the services business - indeed,
it could mean the opposite - but it does mean renegotiating the
relationship. (And, naturally, companies have all the same freedom and
privacy interests that individuals do when it comes to obtaining services
on the net).
Recent events have convinced many people that, as we have become
increasingly dependent on the net, we have also lost control over it.
We may see a more focused effort in the coming years to take back control
and freedom at the network level. As with all of these battles, it will be
difficult; there is no shortage of powerful interests pushing toward
central control. But it's one that we should be able to win.
to post comments)