software as a service

7 replies [Last post]
muhammed
Offline
Joined: 04/13/2013

Chris posted that Think Penguin may one day offer some web services. Some people had concerns that any service would be subject to intrusive privacy laws. I think that the conversation ended there.

But I just had an experience with Google Drive. It won't let me share a GPG'd folder of photos with a friend. But it will let me share a zipped folder of photos. Sharing "is not available right now" for one, but it's available right now for the other.

Maybe I'm using it wrong. Or even if not, I'm sure there are a hundred possible explanations that are completely innocent. I'm bad at technology so I think this is most likely.

And even if it's discriminating between file types on purpose ... well it's their service ... they're allowed.

I'd go to ThinkPenguin because even though they would be subject to all the same laws ... I can't imagine they'd discriminate between file types, given their audience.

Or is software as a service just not worth the convenience? Is compromising okay because not everyone will run their own server?

muhammed
Offline
Joined: 04/13/2013

Last paragraph: *just not worth it despite the convenience

ssdclickofdeath
Offline
Joined: 05/18/2013

I wouldn't recommend using Google Drive, but couldn't you put the GPG'd file in a ZIP archive?

>And even if it's discriminating between file types on purpose ... well it's >their service ... they're allowed.

I agree with that, but that is why SaaS shouldn't be used.

onpon4
Offline
Joined: 05/30/2012

The FSF recently stopped talking about "SaaS" (Software as a Service) and started talking about "SaaSS" (Service as a Software Substitute), to be less ambiguous.[0]

[0] https://www.gnu.org/philosophy/who-does-that-server-really-serve.html

muhammed
Offline
Joined: 04/13/2013

Thanks for the heads up onpon

Chris

I am a member!

Offline
Joined: 04/23/2011

I think the best approach to the problem is probably to have a client application do the encrypting such that the host doesn't ever know the contents being stored.

I think sparkleshare does it this way:

http://sparkleshare.org/

That actually has to be deployed by you though.

I think my ideas are move along the line of maintaining a set of 'solutions' (think virtual images that could be easily deployed and updated) by anyone in such a way that you control them locally, but don't have much of anything to do beyond clicking an update button, or such that the host can't see whats going on.

In fact one example of this you may want to look at is this:

https://leastauthority.com/

I just realized I was talking to the developer yesterday too (was at the GNU 30th event). The FSF had announced something not that long ago and it was that, in which I recall, this from.

I don't think having to trust separate companies to provide these services is a desirable situation or feasible option (financially from an operations perspective). For various reasons I think it would be ideal if there was just one company and handful of individuals to maintain it (ie working full time). Then have a very clear and publicly advertised/vetted set of rules/policies, etc in which everybody follows. Ideally backed by people whom have clear civil liberties motivations, willing to take on the risk of persecution, etc. and ideally with legal backing (from one or another organizations, like the EFF, Software Freedom Law Center, etc).

You have to understand that even where the situation is such that the host does not know what you may be hosting the law can still attempt to force those involved to cooperate in gaining unauthorized access to ones machine or data. Something like this was done in Germany to one project similar to Tor in that it anonymised users traffic. It was such that the host computers passing the traffic couldn't identify the users. However once the developers of the software were forced to modify it they could then identify the user in which the government was attempting to identify (now, it only worked if the user updated, per the developer instruction, but in this case they did, unfortunately). It is thought this couldn't have happened in the US or had the design been distributed such that not all developers / signing parties / etc were located in the same country. However it did happen in Germany and something similar could happen again. Which is why we need people willing to stand up and say no. People like Ladar Levinson (of Lavabit, he shutdown the company rather than fold to the government), possibly Snowden (good example, but we don't necessarily know for sure Snowden's motivations), and even maybe RMS (or similar). I'm pretty confident RMS would stand strong. He already accepts a lot of inconveniences to stand up for what he believes (he doesn't carry a cell phone as an example).

quantumgravity
Offline
Joined: 04/22/2013

If rms accepts to do mass surveillance and hand out data to the gouvernment, then I think the end of all days is near!

muhammed
Offline
Joined: 04/13/2013

"my ideas are [more] along the line of maintaining a set of 'solutions' (think virtual images that could be easily deployed and updated) by anyone in such a way that you control them locally, but don't have much of anything to do beyond clicking an update button" -- Chris

I like this idea