Digital autonomy and the GNOME desktop

While GUADEC, the GNOME community's annual conference, has always been held in Europe (or online-only) since it began in 2000, this year's edition was held in North America, specifically in Guadalajara, Mexico, July 20-25. Rob McQueen gave a talk on the first day of the conference about providing solutions that bring some level of digital safety and autonomy to users—and how GNOME can help make that happen. McQueen is the CEO of the Endless OS Foundation, which is an organization geared toward those goals; he was also recently reelected as the president of the GNOME Foundation board of directors.

His talk was meant to introduce and describe an objective that the GNOME board has been discussing and working on regarding the state of the internet today and how GNOME can make that experience better for its users. The cloud-focused computing environment that is prevalent today has a number of problems that could be addressed by such an effort. That topic is related to what he does for work, as well, since Endless OS is working on "bridging the digital divide" by helping those who are not able to access all of the information that is available on today's internet. Some of those efforts are aimed at bringing that data to those who cannot, or perhaps choose not to, directly connect to the internet itself—or only do so sporadically.

The problems

The UN estimates that there will be 2.5 billion more people on the planet by 2050; most of those people, perhaps 2 billion of them, will be born in places where power and connectivity, thus technology, are quite limited. Meanwhile, there are more smartphones on the planet than people, but both Endless and GNOME have an interest in desktop computing. In order for people to fully participate in the activities that computing can facilitate, such as education, employment, content creation, and more, a form-factor beyond what a phone provides is needed.

Computers these days use a lot of internet, he said. Many users have workloads that are split between the computer in front of them and one in the cloud. That creates infrastructure constraints for personal computing; there is more needed than just a device. That infrastructure consists of all of the disparate pieces that allow the connection to the rest of world: trenches, wires, towers, satellites, and more.

Some predictions are that in around ten years, satellites and other technology will solve the global connectivity problem, he said. But he has been working in the "digital divide space" for around ten years and that prediction was also made ten years ago. Matching the growth in global population with connectivity infrastructure is an extremely difficult and expensive problem to solve.

Even if you do have the internet connectivity, though, there are still plenty of problems. In the free-software world, we are able to examine the software that we run on the computer in front of us, McQueen said. When software is running in the cloud, which is effectively just someone else's computer as the snarky definition that he referred to notes, that ability is not present. Running it elsewhere means that the user loses control of their data, including: if and how well the data is secured, whether it is shared with third parties, whether they will still be able to access it tomorrow, and so on.

Data that is centralized is also a target for attack, he said. There are enormous resources being poured into securing these centralized resources these days. The problem has risen to a level of national concern; for example, the Biden administration in the US has a panel that is advising it on how to secure the internet and the infrastructure it runs on.

Loss of data control can have "very real-world consequences". For example, apps that track menstrual cycles, with the convenience of syncing the data to the cloud, can also reveal things that could be dangerous from a legal perspective in the US today. Given the current climate in the US, he said, health data could potentially put someone or their healthcare provider in legal trouble, "or it could even put your life at risk—this is terrifying."

Then there are governments that are trying to quell dissent by use of internet blockages of various sorts. For example, Russia has been limiting access to sites that provide a more balanced view of its war on Ukraine because it has its own narrative to promote. He noted that the NetBlocks organization maps these kinds of network disruptions and tries to tie them to the real-world events that may have triggered them. He said that he could not resist mentioning Flash Drives for Freedom, which creates USB drives containing suppressed information that get smuggled into North Korea; the visual impact of its home page image (seen at right) was "too good not to include" in his slides.

Solutions?

He had just presented "some of the consequences of the way we approach computing" today; he does not have an "amazing answer" of what should be done, but he did have some questions, ideas, and things that are "worth exploring together". GNOME has a focus on software that runs locally, in part because that puts users in control of their data and gives them the ability to look at the source code; ultimately, the project believes those things allow users to have more trust in their computing environment.

McQueen asked a few different questions about how the GNOME project could improve in some of these areas. What can the project add to its desktop to provide more safety for its users and to allow them to have better control over their data? What can it do to help users who live in a country that gets cut off from the internet due to a war? How can the GNOME desktop help block various kinds of threats to its users and their data?

He explained that there are other organizations out there solving some of these problems; GNOME could potentially partner with them to use their technology in its desktop in order to accomplish these goals. He listed several different technology areas that would fit well into the GNOME desktop. The first of those was regarding offline content.

Storage is a reasonable substitute to deal with connectivity woes that come about due to lack of infrastructure, upheavals like wars, or censorship of various kinds. There are a number of projects that exist for "bringing bits of the internet onto the computer in front of you". For example, Kiwix has technology for downloading entire web sites, such as Wikipedia, and making them available offline. It turns out that Wikipedia in Russian has been seeing increased downloads on Kiwix of late since "the Russian government has threatened to block access to Wikipedia for documenting narratives that do not agree with the official position ".

Endless OS is collaborating with Learning Equality, which is a non-profit that has created a learning platform called Kolibri. It allows accessing educational resources, including ebooks, videos, audio, and games, in a curated set of courses for offline schools. The Endless Key project uses Kolibri to create offline educational resources for US middle and high school students who do not have internet access at home.

He then turned to peer-to-peer technology, which is where he started his career; after 15 years of working on that, he has learned that it is an extremely difficult problem to solve. He looked for good examples of peer-to-peer tools for the desktop and came up with two. The first is Syncthing (which we looked at a year ago); it is "kind of a decentralized Dropbox". It is a bit difficult to configure, but once that is done, file folders will be synchronized between multiple devices either over the local network or using cloud servers.

The other example is Snapdrop, which is "so simple and so cool". It is a web application that discovers other devices on the network and allows drag-and-drop file transfer among them. Since it is web-based, it is device independent, but it does require that the devices are online to access the web page. The transfer happens in a peer-to-peer fashion, but the application gets loaded from the cloud.

Local first

The third technology area that McQueen wanted to talk about was local-first software. He had borrowed some slides from Peter van Hardenberg at Ink & Switch, which is an "industrial research group" that has been working on local-first software for the last five years. Those researchers have come up with a manifesto of sorts, with seven principles, or ideals, that describe software that is not completely reliant on the network or the cloud, but still provides many of the same features and benefits that users have come to expect.

The first of these ideals is "no spinners"; the user's work is actually on the device in front of them. But on the flipside, their work is not trapped on a single device; through some mechanism, replicas are kept in sync on other devices of interest. The network is optional, however; when it is present, synchronization can happen, but work can still be done without it. The fourth item is that seamless collaboration is a requirement today; it has become an indispensable feature that needs to be incorporated in any synchronization mechanisms that arise.

The data that gets stored needs to remain accessible even if the software that uses it goes away. Digital archivists (and others) worry that we are storing much of the data about our life today in ways that will not be accessible 20, or even ten or less, years on. For example, it could become impossible to access a document made in Google Docs sometime down the road. Avoiding that has benefits both for individual users and for society as a whole.

Local-first software has an advantage of having privacy and security built-in because it is not storing its data in some centralized cloud location that becomes a huge temptation for attackers. That centralized storage is also susceptible to various misdeeds by the companies controlling it—or their employees. Local-first gives users ultimate ownership and control of their data. No cloud-based application provider can cut off access due to its whim or at the behest of, say, an oppressive government regime.

McQueen recommended that people visit the Ink & Switch site to find out more. The group has done more than just think about local-first software; it has done some work on using conflict-free replicated data types (CRDTs), which provide eventual consistency for data that is being updated in multiple places. The data structure is a good basis for collaborative tools that can seamlessly move between connected and unconnected modes, he said.

Development

There is also a case to be made that today's cloud applications are overly expensive to build and operate. They are usually written in several tiers: one for the web-based user interface, a layer for business logic, an API layer that provides access to a storage/database layer, and so on. These often use different programming languages and it all leads to a complex distributed application that can be difficult to scale. He put up a slide of the Cloud Native landscape, as an example of the complexity that arises for cloud applications.

In the self-contained software world, we have a longstanding tradition of writing code that "we can reason about", he said; it is architecturally fairly simple, generally having fewer code bases and using less languages. The goal of local-first software is not to reject the cloud, but it is "about rethinking the relationship with the cloud". The cloud has a role in helping to synchronize the data, improving its availability, and in providing additional compute power. With proper key management ("asterisk, it's complicated"), data can be end-to-end encrypted so that the cloud becomes a passive carrier rather than an active participant.

The GNOME Foundation has identified three areas that it plans to provide funding for in the coming years. One is to help bootstrap an app store for GNOME; another is to work on improving the diversity within the GNOME community. The third is to look at ways to integrate decentralized and local-first technologies into the GNOME desktop. McQueen thinks that GNOME is well-positioned to take a lead on bringing some of these technologies to its users. For one thing, GNOME is "very opinionated" about how its software looks and operates. Applying that same approach to local-first software makes sense.

He had some examples of existing tools that already embody some parts of the local-first approach. WebArchives is an application that loads Kiwix files for offline viewing of Wikipedia and other sites. Endless has an Encyclopedia application that is similar, but it is integrated with the desktop search on Endless OS as well. Encyclopedia is currently a separate GTK-based application, but Endless is moving toward integrating all of that into Kolibri for the future, he said.

In the realm of peer-to-peer applications, there is Teleport, which discovers other Teleport-ready devices on the local network and allows transferring files between them. One limitation is that all of the participants need to be running GNOME, but it provides an example of an application that is easy to set up, which could perhaps be merged with techniques from Syncthing or Snapdrop.

Automerge is another project that could be useful for GNOME; it provides a library to do CRDT handling for collaborative applications. It was originally JavaScript-based, but has been rewritten in Rust, which has the advantage of moving away from the "millions of lines of crusty C code that we are running on top of". Using the GTK Rust bindings along with Automerge will allow GNOME to start experimenting with local-first collaborative applications, he said.

He wrapped up by talking about several kinds of applications where it would be useful to have access to the same data in multiple locations without making that data available to cloud providers. For example, health-tracking applications (such as GNOME Health) would benefit from synchronization across devices, but that data is of a particularly personal nature, of course. Contact lists and calendars are additional kinds of applications where multi-device synchronization and (limited) sharing among collaborators make a lot of sense. McQueen thinks that GNOME is in a great position to help set the stage for the computing experience of those 2.5 billion people who are "arriving" over the next 30 years or so. The GNOME Foundation is only one voice in the project, however, so he is hoping to see others join in to work on various aspects of it.

A YouTube video of the talk is available, though the audio volume is rather low.

[I would like to thank LWN subscribers for supporting my trip to Guadalajara, Mexico for GUADEC.]