On Sat, Oct 24, 2015 at 13:33:58 +0200, Alexander Berntsen wrote: > I firmly believe we can, at least theoretically, reduce the risk so > far that the only hazard for the user is the service shutting down. > *Everything* else can be solved. We just need some time. And some > dependent types as first class citizens of a higher-order ranks > programming language. :]
I think that you might be talking about the risk of tricking users by obfuscating or writing intentionally deceptive code (e.g. [0]). This is a risk in software (including Free), but is not applicable to SaaSS. Service as a Software Substitute (SaaSS) means that the software runs on a remote server---other than your own, that you do not control---in place of conventional software on your computer. For example, if you use a service that manages your source code repository on your behalf---by committing for you via a web interface, managing pull requests, tagging, rebasing and otherwise rewriting history/code, etc---you have no control over the software that is running. Even if the software running on the sever were free (e.g. GitLab CE), you still cannot study or modify the running instance. If the software on the server is licensed under the AGPL, then you can get the source code of the running instance, but you still cannot modify that running instance; you must trust that the host is being truthful and providing all of the modifications;[1] and there may be other software running.[2] A service can also spy on you, and may even report you to third parties. Unfortunately, most servers are set to spy by default, by storing certain data in (e.g.) access logs.[3] But even using an anonymizing service like Tor, if your data contains anything personal that the server can look at, your privacy is lost. You can expect that your own software on your own computer---so long as it is Free---will respect your privacy. And if it doesn't, you or someone can modify it to ensure that it does. By using SaaSS, you relinquish all control to the server. This is incompatible with freedom. [0]: http://underhanded-c.org/ [1]: Not all modifications are observable. For example, a modification that logs all of your actions or your personal data cannot be observed by the user. [2]: If the program licensed under the AGPL is part of a pipeline, then other parts of that pipeline are not subject to the AGPL. For example, a program sitting between the AGPL program and the user may monitor or modify data. [3]: https://www.eff.org/wp/osp -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB
signature.asc
Description: PGP signature