Hi all,
Below the updated version.
I. The ethical social network
Ethical is not about price, neither about the only freedom of the source code. It is about the recognition and the respect of user freedoms:
- to recognize and respect the privacy of all communications exchanged by users, - to recognize and guarantee the same rights to every user, - to only distribute to users free software, - to allow full interoperability towards other social networks.
II. How to respect those freedoms?
First: the communication protocol
The communication protocol must be open.
Second: the software
The software specific to the social network must be under a free licence as its dependencies. The whole software distribution, including the server part, must be available to users. The software must be secure. Any flaw should be fixed as soon as possible.
Three: the respect of the user data privacy
Each user should use his own servers.
The communication protocol and software of the social network must let the user be able to decide freely, clearly and efficiently what to do with each of his data and his account: the user may decide for each communication who are the recipients, even possibly the general public.
Users must be warned constantly that once they publish their data, those may be known to the general public, including current or future employers and the government.
Concerning the data hosted on other servers than the user's own, the delay to delete a post or to close an account must be quick once the user requests it. The closure or the deletion must be definitive, no data must be available to the social network once it is done.
Four: the social network services
Every service available to users through the social network should not appropriate users data or track them.
Any suggestions?
Judith Lukoki +33 (0)6 15 94 50 23 http://www.movingyouth.eu
I haven't seen other messages in this thread, so it's hard for me to know the context of what you've written.
I've made some suggestions however in case you find them useful.
On Tuesday 30 August 2011 21:33:18 judith@movingyouth.eu wrote:
I. The ethical social network
Ethical is not about price, neither about the only freedom of the source code. It is about the recognition and the respect of user freedoms:
- to recognize and respect the privacy of all communications exchanged by
users,
...In a permanent and sustainable way. Private companies are subject to takeover and sale of assets, one of which is usually user data. Privacy policies can be changed retrospectively in some cases, and at the very least may not be updated to meet future threats that are currently hard to anticipate. Interpretation of privacy policies can also change to suit a company's financial goals, even if the wording of the policy doesn't.
Therefore a strong privacy policy is not sufficient in my view. Legally binding statements of intent which affect future circumstances are additionally necessary. This is why foundations and public benefit organisations are much better guardians of private data in my view as they are often obliged to serve the public interest or the interests of the people who they work with and represent.
- to recognize and guarantee the same rights to every user,
- to only distribute to users free software,
Capitalising 'Free Software' can help to clarify it as a specific category of software rather than it being understood as a connotative term to identify software which is free of charge.
- to allow full interoperability towards other social networks.
This is an important freedom but it isn't sufficient. Having an 'open API' and conforming to open standards are fundamental requirements, but they don't guarantee that a user will be able to extract all their data. I think that a stronger requirement such as "all data pertaining to a user must be accessible to them and extricable in a meaningful, documented way, in formats which meet the definition of an Open Standard".
II. How to respect those freedoms?
First: the communication protocol
The communication protocol must be open.
'open' is open to interpretation and has no strict meaning. It would be better to say that they must qualify as Open Standards in my view.
Second: the software
The software specific to the social network must be under a free licence as its dependencies. The whole software distribution, including the server part, must be available to users. The software must be secure. Any flaw should be fixed as soon as possible.
Stating that the software must be secure and should be fixed asap doesn't convey very much to me. I think you need to be more specific. Something like the requirement that there is a good peer review process and open bug hunting workflow. You can websearch examples of how organisations effectively manage security issues with Free Software.
Three: the respect of the user data privacy
Each user should use his own servers.
That's an ideal rather than a requirement it seems to me. Using the word server in this way also stretches its meaning in a potentially confusing way. You could rephrase this requirement in terms of a user's account not having any single remote point of failure, and having the ability to be accessible independently of any other network or computer.
The communication protocol and software of the social network must let the user be able to decide freely, clearly and efficiently what to do with each of his data and his account: the user may decide for each communication who are the recipients, even possibly the general public.
Users must be warned constantly that once they publish their data, those may be known to the general public, including current or future employers and the government.
Concerning the data hosted on other servers than the user's own, the delay to delete a post or to close an account must be quick once the user requests it. The closure or the deletion must be definitive, no data must be available to the social network once it is done.
How about adding that the user must be the legal owner of anything that they submit to the service. This may be assumed from your other requirements, but I think it should be explicit because historically users of some networks have not had the right of ownership over their social network content.
Furthermore the user should have the freedom to choose what license is used. If a user is the legal rights holder of their messages but those messages are always automatically licensed in a particular way then it undermines the ability of the user to exercise those rights due to technical constraints.
Four: the social network services
Every service available to users through the social network should not appropriate users data or track them.
This seems to broad. Allowing users to sign in on one page and then access another theoretically requires tracking; in the form of cookies or sessions. I think you need to clarify what you mean by tracking. Not all tracking is necessarily bad. How about stating that users must be made aware of any tracking and have the opportunity to disable it where this would not compromise the other requirements stated above or render the basic functionality of the service inoperable?
Also see these resources and their authors if you haven't already:
http://wiki.fsfe.org/CloudComputing (Torsten Grote) http://blogs.fsfe.org/greve/?p=452
If you need clarification or more help please ask.
Thanks,
Sam.
I found them useful ;-)
I've made some suggestions however in case you find them useful. On
Tuesday 30 August 2011 21:33:18 judith@movingyouth.eu wrote:
I. The ethical social network
Ethical is not about price, neither about the only freedom of the
source code. It is about the recognition and the respect of user freedoms: - to recognize and respect the privacy of all communications exchanged by
users,
...In a permanent and sustainable way. Private companies are subject to
takeover and sale of assets, one of which is usually user data. Privacy policies can be changed retrospectively in some cases, and at the very least
may not be updated to meet future threats that are currently hard to
anticipate. Interpretation of privacy policies can also change to suit a company's financial goals, even if the wording of the policy doesn't. Therefore a strong privacy policy is not sufficient in my view. Legally binding
statements of intent which affect future circumstances are additionally
necessary. This is why foundations and public benefit organisations are much
better guardians of private data in my view as they are often obliged to
serve
the public interest or the interests of the people who they work with
and
represent.
I answer to this issue at the end of this mail.
The issue is not to allow full interoperability towards networks but to allow full users data extricability to users.
II. How to respect those freedoms?
First: the communication protocol
'open' is open to interpretation and has no strict meaning. It would be
better to say that they must qualify as Open Standards in my view.
I totally agree with you. I proposed: the communication protocol must qualify as Open Standards.
Two: the save file format
This is an important freedom but it isn't sufficient. Having an 'open
API'an conforming to open standards are fundamental requirements, but they don't guarantee that a user will be able to extract all their data. I think that a stronger requirement such as "all data pertaining to a user must be accessible to them and extricable in a meaningful, documented way, in formats which meet> the definition of an Open Standard".
I agree with you.I proposed: the save file format must qualify as Open Standards.
Three: the software
The software specific to the social network must be under a free
licence as its dependencies. The whole software distribution, including the server part, must be available to users. The software must be secure.
Stating that the software must be secure and should be fixed asap
doesn't
convey very much to me. I think you need to be more specific. Something
like
the requirement that there is a good peer review process and open bug
hunting
workflow. You can websearch examples of how organisations effectively
manage
security issues with Free Software.
I agree with you that we should not write the sofware should be fixed asap. In fact I should indicate that a security policy is necessary for the sofware process. This is not a place to detail the security policy.
Three: the respect of the user data privacy
Using the word server in this way also stretches its meaning in a potentially confusing way.
I proposed: Each user should host his sofware server on his own hardware server.
That's an ideal rather than a requirement it seems to me.
I agree with you.That's why I used "should" rather than "must". Nevertheless, the respect of the user data privacy can not be guaranteed without the user operating himself the hardware server. Tha's why an ethical social network probably must be technically a peer to peer network.
You could rephrase this requirement in terms of a user's account not
having
any single remote point of failure,
Could you clarify that part?
And having the ability to be accessible independently of any other network or computer.
Why the accessibility from any network or computer is necessary to the ethical disposition of the social network?
The communication protocol and software of the social network must let
the
user be able to decide freely, clearly and efficiently what to do with
each of his data and his account: the user may decide for each
communication who are the recipients, even possibly the general public.
Users must be warned constantly that once they publish their data, those
may be known to the general public, including current or future
employers
and the government. Concerning the data hosted on other servers than the user's own, the
delay
to delete a post or to close an account must be quick once the user
requests it. The closure or the deletion must be definitive, no data must
be available to the social network once it is done.
How about adding that the user must be the legal owner of anything that
they submit to the service. This may be assumed from your other requirements, but I think it should be explicit because historically users of some networks have not had the right of ownership over their social network content.
It's interesting what you said, but in which way this proposition is necessary to the ethical disposition of the social network?
Furthermore the user should have the freedom to choose what license is
used.If a user is the legal rights holder of their messages but those messages are always automatically licensed in a particular way then it undermines the ability of the user to exercise those rights due to technical constraints.
I agree with you. I proposed to add:the user should be free to decide what is the license of the communicated data.
This seems to broad. Allowing users to sign in on one page and then
access
another theoretically requires tracking; in the form of cookies or
sessions. I think you need to clarify what you mean by tracking. Not all tracking is necessarily bad. How about stating that users must be made aware of any tracking and have the opportunity to disable it where this would not compromise the other requirements stated above or render the basic functionality of the service inoperable?
Finally services in peer to peer network are provided by users, so this part may be useless.
I answer now to the first question.
As the social network is peer to peer, there is no central company or organisation. So there's no need of legally binding statements concerning the privacy of communication exchanged by users. For example, if a user represents the organisation behind the software development, this one has by design no more access to any user data than anyone else.
Also see these resources and their authors if you haven't already:
http://wiki.fsfe.org/CloudComputing (Torsten Grote)
http://blogs.fsfe.org/greve/?p=452 If you need clarification or more help please ask. Thanks, Sam. -- Sam Tuke British Team Coordinator Free Software Foundation Europe IM : samtuke@jabber.fsfe.org Latest UK Free Software news: uk.fsfe.org Is freedom important to you? Join the fellowship.fsfe.org
Judith Lukoki +33 (0)6 15 94 50 23 http://www.movingyouth.eu
On Tuesday 06 September 2011 22:16:58 you wrote:
Could you clarify that part?
And having the ability to be accessible independently of any other network or computer.
Why the accessibility from any network or computer is necessary to the ethical disposition of the social network?
Maybe this is stretching the meaning of "ethics" a little, but basically the user does not have real power and control over their participation in the social network if their participation in it relies on third parties. Being able to host their own account without reliance on any other server, individual or network is important because without this they are not really free to host themselves and express themselves.
If my social networking account could disappear from the larger social network because a computer acting as a relay in the network is required for communication, caching, or some other technical purpose, then my participation can be vetoed by a third party. So for real independence, real self-sufficient capability of freedom of expression etc. there can be no single point of failure between my home social networking server and the social network at large (in this example).
How about adding that the user must be the legal owner of anything that they submit to the service. This may be assumed from your other requirements, but I think it should be explicit because historically users of some networks have not had the right of ownership over their social network content.
It's interesting what you said, but in which way this proposition is necessary to the ethical disposition of the social network?
Basically I see this as a technical requirement of the social networking software (the user will be adding content to a device which they own, we assume, so that issues of licensing should not necessarily apply). The technical issue that I'm raising is solved by your proposal:
I proposed to add:the user should be free to decide what is the license of the communicated data.
As the social network is peer to peer, there is no central company or organisation. So there's no need of legally binding statements concerning the privacy of communication exchanged by users. For example, if a user represents the organisation behind the software development, this one has by design no more access to any user data than anyone else.
That isn't sufficient protection however. Take Firefox - if Mozilla was a private company then they could use their enormous influence over Firefox development to change the way that Firefox collects data or allows the user to control privacy settings in order to send data to Mozilla servers, and only to Mozilla servers. Of course Mozilla is Free Software, so others would see this was happening (though Mozilla may implement this hypothetical code in a way that was very hard to detect) but Firefox is still the brand, the updates would go out automatically to hundreds of millions of users, and it would take years before a forked version of Firefox, with the tracking removed, would exceed Firefox in popularity. Additionally Mozilla controls the hosting of the code, of Firefox,com, and the servers with user accounts for forums and development etc., all of which involves private data that could be abused which is ancillary to the product of Firefox itself, but all of which is no doubt important to users of Firefox.
Fortunately Mozilla is a foundation and so this scenario is very unlikely to happen, but it goes to show that it is important 'the company behind' an ethical social network has legally binding pledges to a community about the way it will develop the code, and the goals of its activities that relate to the software. Just being Free Software is not enough - malicious parties can use influence to corrupt the ethical nature of software. Just look at the scare surrounding core internet security components of OpenBSD (http://arstechnica.com/open-source/news/2010/12/fbi-accused-of-planting- backdoor-in-openbsd-ipsec-stack.ars).
I hope that was somehow useful.
Please can you check your email client configuration relating to line length, because your quoted replies come out garbled and hard to read on my mail client. Setting the max characters per line to approx 80 is a good idea for readability and compatibility. Otherwise your messages come out like this:
// >> The communication protocol and software of the social network must let // the // >> user be able to decide freely, clearly and efficiently what to do with // each of his data and his account: the user may decide for each // >> communication who are the recipients, even possibly the general public. // Users must be warned constantly that once they publish their data, those // >> may be known to the general public, including current or future // employers // >> and the government. // >> Concerning the data hosted on other servers than the user's own, the // delay // >> to delete a post or to close an account must be quick once the user // requests it. The closure or the deletion must be definitive, no data must // >> be available to the social network once it is done. // // // > How about adding that the user must be the legal owner of anything that // they submit to the service. This may be assumed from your other // requirements, but I think it should be explicit because historically users // of some networks have not had the right of ownership over their social // network content.
Thanks,
Sam.
I found them useful again ;-)
Could you clarify that part? And having the ability to be accessible independently of any other network or computer. Why the accessibility from any network or computer is necessary to the ethical disposition of the social network?
Maybe this is stretching the meaning of "ethics" a little, but basically the user does not have real power and control over their
participation
in the social network if their participation in it relies on third
parties.
Being able to host their own account without reliance on any other
server,
individual or network is important because without this they are not really free to host themselves and express themselves.
If my social networking account could disappear from the larger social network because a computer acting as a relay in the network
is required for
communication, caching, or some other technical purpose, then my participation can be vetoed by a third party. So for real
independence, real
self-sufficient capability of freedom of expression etc. there can
be no single
point of failure between my home social networking server and the
social
network at large (in this example).
I totally agree with you, this is why I wrote "Each user should host his sofware server on his own hardware server.
How about adding that the user must be the legal owner of anything that they submit to the service. This may be assumed from your other requirements, but I think it should be explicit because historically users of some networks have not had the right of
ownership over their
social network content.
It's interesting what you said, but in which way this proposition is necessary to the ethical disposition of the social network?
Basically I see this as a technical requirement of the social networking software (the user will be adding content to a device
which they
own, we assume, so that issues of licensing should not necessarily
apply).
The technical issue that I'm raising is solved by your proposal:
I proposed to add:the user should be free to decide what is the license of the communicated data.
As the social network is peer to peer, there is no central company or organisation. So there's no need of legally binding statements concerning the privacy of communication exchanged by users. For
example, if a
user represents the organisation behind the software development,
this
one has by design no more access to any user data than anyone else.
That isn't sufficient protection however. Take Firefox - if Mozilla was a private company then they could use their enormous influence over Firefox development to change the way that Firefox collects data or allows the user to control privacy settings in order to send data to Mozilla servers, and only to Mozilla servers.
Of course Mozilla is Free Software, so others would see this was happening (though Mozilla may implement this hypothetical code in a way that was very hard to detect) but Firefox is still the brand, the updates would go out automatically to hundreds of millions of users, and it would take years before a forked version of Firefox, with the tracking removed,would exceed Firefox in popularity.
Additionally Mozilla controls the hosting of the code, of Firefox,com, and the servers with user accounts for forums and development etc., all of which involves private data that could be abused which is ancillary to the product of Firefox itself, but all of which is no doubt important to users of Firefox.
Fortunately Mozilla is a foundation and so this scenario is very
unlikely to happen, but it goes to show that it is important 'the company behind' an ethical social network has legally binding pledges to a community about the way it will develop the code, and the goals of its activities that relate to the software. Just being Free Software is not enough - malicious parties can use influence to corrupt the ethical nature of software.
Just look at the scare surrounding core internet security components of OpenBSD (http://arstechnica.com/open-source/news/2010/12/fbi-accused-of-planting-
backdoor-in-openbsd-ipsec-stack.ars).
You raised here an important issue. I see some points: It seems to me that no contract can be signed with a community, only with its users; if so, the legally binding pledges you speak of should be between the developing organization and the users (a copyleft license?).
You speak of the developing organization legal form. A software doesn't need a foundation as development organization to qualify as Free Software, so why would a social network strictly need a foundation as development organization to qualify as ethical? As you pointed, it isnt sufficient to avoid ethical infringement, which may be legally ok.
The right answer may be to define these contract elements. Are you ok with that? What do you think those should be?
Judith Lukoki +33 (0)6 15 94 50 23 http://www.movingyouth.eu
Hi Judith,
over the German list came the information about a project which has similar ideas. They want to form an international project. Maybe you should have a look at
www.socialswarm.net
and get in contact with them. Your ideas might be valuable for them. And for sure they are interested in further discussion.
Best wishes,
Daniel
Am 30.08.2011 22:33, schrieb judith@movingyouth.eu:
Hi all,
Below the updated version.
I. The ethical social network
Ethical is not about price, neither about the only freedom of the source code. It is about the recognition and the respect of user freedoms:
- to recognize and respect the privacy of all communications exchanged by
users,
- to recognize and guarantee the same rights to every user,
- to only distribute to users free software,
- to allow full interoperability towards other social networks.
II. How to respect those freedoms?
First: the communication protocol
The communication protocol must be open.
Second: the software
The software specific to the social network must be under a free licence as its dependencies. The whole software distribution, including the server part, must be available to users. The software must be secure. Any flaw should be fixed as soon as possible.
Three: the respect of the user data privacy
Each user should use his own servers.
The communication protocol and software of the social network must let the user be able to decide freely, clearly and efficiently what to do with each of his data and his account: the user may decide for each communication who are the recipients, even possibly the general public.
Users must be warned constantly that once they publish their data, those may be known to the general public, including current or future employers and the government.
Concerning the data hosted on other servers than the user's own, the delay to delete a post or to close an account must be quick once the user requests it. The closure or the deletion must be definitive, no data must be available to the social network once it is done.
Four: the social network services
Every service available to users through the social network should not appropriate users data or track them.
Any suggestions?
Judith Lukoki +33 (0)6 15 94 50 23 http://www.movingyouth.eu
Discussion mailing list Discussion@fsfeurope.org https://mail.fsfeurope.org/mailman/listinfo/discussion