
Stallman: Facebook is Mass Surveillance - couchnaut
https://rt.com/news/richard-stallman-free-software-875/
======
jiggy2011
I find it somewhat ironic that people like Stallman have battled for years to
get so much FOSS out there.

What did we do with all this free software? Used it to build things like
facebook, google and various SaaS sites that not only tie our data into
proprietary clouds but due to the nature of the GPL etc don't really have to
share their code anyway.

What they have really achieved is to turn everything they touch into a
commodity and moved the "value" of software elsewhere.

We seem to be moving to a world where most of our devices and the servers
powering our apps will be running some form of Linux or BSD under the hood but
we are actually more restricted than ever.

~~~
roopeshv
GNU has already given a solution to this kind of situation. It's called AGPL
(<http://www.gnu.org/licenses/agpl.html>). But the problem is most people
would be happy to avoid GPL, and stick with BSD, because a lot of people want
that. If anyone can start with AGPL, that's a great start.

PS: AGPL is the strictest GPL there is, like, LGPL is a looser version of GPL.
It pretty much means, you give away almost all the stack. I don't understand
the whole license, but I do know it's the strictest.

~~~
jiggy2011
Interesting , haven't read that license in detail. Does this mean that as soon
as I run something on a network (or just the internet?) I am required to push
my changes back upstream immediately?

However I have a feeling that there is a sufficient body of GPL/LGPL code out
there that people will just modify that.

Since a lot of OSS code is contributed by companies, they don't really have
any incentive to contribute to an AGPL project (in most cases).

~~~
ignoreme
_Does this mean that as soon as I run something on a network (or just the
internet?) I am required to push my changes back upstream immediately?_

Warning: If any of the following is incorrect, I would really appreciate
someone correcting me. I use the AGPL, and if I'm incorrect, I would like to
know.

You never have to push your changes back upstream. I'm not aware of any
license that requires you to submit your changes back to the original author.
You just have to make it accessible to your users.

Just like the GPL, you can run AGPL code on a private network and not have to
publicly release the source code. It's when the network is public that you
have to make the source code available.

If I visit your website, enter in some data, a script/lib licensed under the
AGPL does something with it and returns a result. You must release the source
code of "everything that it touches".

If you have a business and on the company Intranet you have the same script,
while the employees (users) are entitled to have a copy of the source code,
you are not required to publicly release the source code. Of course, other
laws prevent those employees from also releasing the source code to the public
and AFAIK they "trump" copyright laws eg.NDA.

 _Since a lot of OSS code is contributed by companies, they don't really have
any incentive to contribute to an AGPL project (in most cases)._

I don't know, companies contribute to GPL licensed code even when they don't
explicitly _have_ to. Just off the top of my head, tarsnap comes to mind, he
contributes back to libarchive even though he is not required to do so.

That doesn't mean I don't see your point though. You could just as easily
suggest that if libarchive was licensed under the AGPL that tarsnap wouldn't
have used it in the first place due to the fact he would have to release the
source of the entire stack.

So I think you argument should really be "Why should companies even use
software under the AGPL" not "Why should they contribute back". I don't really
have an answer for that, but the same argument was made about the GPL and
companies still use GPL licensed software. I'm sure if you asked rms that
question he would say something about not caring about companies that want to
restrict his freedom....

~~~
skore
You are correct about the AGPL, just be careful with wording it like
"everything that it touches". I don't think that is true at all - if you have
a website and use AGPL code, the AGPL states that your users have a right to
see that code. It cannot make a judgment on other software that may be
licensed in a different way. For instance, if you have a website that uses
AGPL code to produce an HTML page and non-AGPL code to provide a PDF from that
HTML page, the two packages would indeed touch, but there would be no
obligation to release the non-AGPL code, just the AGPL code.

As for requirements to push back changes - of course not. The only license I
know of that does something similar is the SMF - Simple Machines Forum -
license[1]. Yuck.

The argument between GPL and AGPL is similar to the one between BSD (or
similar) and GPL on the desktop. My own position is that yes, I expect humans
to be inherently good, kind and sharing souls and thus the BSD should be the
license of choice. However, I have to be pragmatic and say - if we all assume
that humans act like that, what's the harm in writing that down into the
license? All it can do is make it hard for people who don't want to give back.
So in my eyes, that's an important feature to have.

[1] <http://www.simplemachines.org/about/smf/license.php>

~~~
ignoreme
_You are correct about the AGPL, just be careful with wording it like
"everything that it touches"._

Yeah, sorry. I think that was a poor choice of words on my part.

 _For instance, if you have a website that uses AGPL code to produce an HTML
page and non-AGPL code to provide a PDF from that HTML page, the two packages
would indeed touch, but there would be no obligation to release the non-AGPL
code, just the AGPL code._

Interesting, in your example, if your application calls the AGPL code that is
used to generate the HTML wouldn't your application also have to be released
under the AGPL? Or do you only have to make available the AGPL "HTML
generation library" and the changes you have made to it (if any)?

I thought that it had already been established that if you use a library under
the GPL any code that uses/calls that library must be released under the GPL.
The only reason companies can use GPL code server side is because it is not
run on the user's machine (technically not "releasing it"), which was the
basis for the creation of the AGPL, to "fix" this "loophole".

edit:

Thanks skore, yeah I think your example still stands. Specifically, in the
wikipedia article you linked this part:

 _By contrast, pipes, sockets and command-line arguments are communication
mechanisms normally used between two separate programs._

To continue the original example, if your program just runs the HTML
generation program and supplies user data via a command line argument then it
need not be released under a compatible license. But on the other hand if you
were to "copy and paste" the functions from that program into yours, it would
need to be licensed under a compatible license.

~~~
lelele
> To continue the original example, if your program just runs the HTML
> generation program and supplies user data via a command line argument then
> it need not be released under a compatible license.

I wonder what would happen if you modify the GPLed command line program. Would
that mean you'd be required to release such changes? I would say no.

~~~
ignoreme
If it was licensed under the "normal" GPL, then no, if it was released under
the AGPL then yes.

------
tezza
I just don't see what the big deal is...

The set of information people publish on their own about themselves (like
blogs) is almost exactly the same as the set of information they disclose via
Facebook.

Anyone can datamine people's blogs for similar surveilance.

.

From Stallman's blog & email history on newsgroups I could work out:

    
    
      who he knows
      what projects he participates in
      his age
      infer his sexual preference
      infer his religion (may even be explicit there)
      where he lives
      where he was on any day (conference speaker history)
    

People shout and scream about themselves as often and loudly as they can.
Facebook is just the medium du jour.

Those concerned with privacy have oodles of crypto-tools to do so with.

It's just people can't be bothered. That's the root problem.

~~~
barumrho
One thing that he mentions in the video is the fact that Facebook Like buttons
are everywhere. They can track many of the sites you visit.

~~~
tezza
A simple grep of your HN comment history shows equivalents to 'Like'

    
    
      http://www.webmasterkb.com/Uwe/Forum.aspx/javascript/35764/For-all-those-jQuery-fanboys
      https://github.com/derwiki/redirect_tracker
      http://itunes.apple.com/us/app/ltwatch/id482807766
      http://angularjs.org/
      https://github.com/ludicast/angular-peepcode-todo
      etc. 
    

How is Facebook worse than this??

~~~
arrogant
I think the point is that the simple presence of a Like button tells Facebook
that you've been there. You don't have to click it, you just have to load it.
HN comment history is active participation.

~~~
tezza
Ok, so I see the point that the websites you visit invite Facebook tracking
onto their pages.

But one can trivially block these autoinclusions.

\---------

<http://webgraph.com/resources/facebookblocker/>

\--

My work's firewall directs Facebook.com and Twitter.com to /dev/null . This
stops all such tracking.

Individuals could do their own blacklist via Greasemonkey / Charles proxy
equivalent.

~~~
HalibetLector
And that's exactly what some of us do. But there's no way you're getting all
of your facebook friends to do the same. Facebook can build a profile on you
based on your friend's tracking data. Whether it'll be accurate or not is
mostly a technical question - whoever looks at it will assume it's accurate.
There are a lot of nefarious uses for this information and there's no useful
way to opt out right now, short of not having created a facebook account.
Hence the whole "mass surveillance" bit.

~~~
tezza
The leakage of information by friends is a problem.

But it is not a problem owned and invented by Facebook, it is any network.

------
DanBC
There are people who are uncomfortable about the intrusions of various
websites, but who use those websites anyway. These people "just" need a better
alternative to switch.

But I have no idea what to do about the people who just don't care.

For example, OKC recommended a person to me recently.

EDIT: Redacted a bit more.

She lists her blackberry pin; her facebook account; an email address; her cell
/ mobile phone number; and her twitter account.

That's enough information to find her profiles on a wide range of websites.

~~~
iamjustlooking
Even though you redacted that information it's quite easy to find that person
still because of the poor spelling and grammar. Perhaps you should remove it.

~~~
DanBC
Yes. You're right. I have done.

------
ppod
Is it true that sites with a facebook like button send the IP address of hits
back to facebook?

~~~
rmc
The webpage doesn't send IP address, your browser contacts facebook for the
icon and hence sends IP address and cookies to facebook, in the same way that
image hotlinking would work.

Remember it's not just IP address, but could be cookies. Facebook can set a
cookie that will be stored in your browser and will be sent to facebook each
time. So if your laptop moves around, then the facebook cookie follows you.

Since this is at the browser level there are browser extensions that will
block this for you if you want.

~~~
mike-cardwell
The cookie issue doesn't exist for Safari users as it disables third party
cookies by default. I don't know why all browsers don't do this. I've been
disabling third party cookies in my browser for years and have never come
across a website that it breaks. And if Apple can do it without people
complaining, I'm sure Mozilla/Microsoft can too.

I prevent the IP address leak by using the Firefox addon RequestPolicy to
block cross-origin requests.

~~~
jarcoal
I could be mistaken, but that feature only applies to the creation of cookies
by third parties.

If you visit facebook.com, a cookie will be set, then later when you visit
another site with a facebook widget, it WILL send that cookie that was set
earlier when it wasn't 3rd party.

------
lelele
RMS: "Free software literally gives you freedom in the area of computing. It
means that you can control your computing. It means that the users
individually and collectively have control over their computing. And in
particular it means they can protect themselves from the malicious features
that are likely to be in proprietary software,"

 _Open-source_ , proprietary or not, gives you control over your computer
compared to closed-source software. It's not free software versus proprietary
software.

Free software goes beyond open-source, and besides safety gives you freedom.

------
savramescu
“The Anonymous protests for the most part work by having a lot of people send
a lot of commands to a website, that it can’t handle so many requests. This is
equivalent of a crowd of people going to the door of a building and having a
protest on the street. It’s basically legitimate."

No it's not. This is just a few persons coming in buses and stopping the
entry. If you want to equal it to protest then all the requests have to come
from real people, not some bots.

I'm also not agreeing with this: "I won’t use the non-free software at all! I
dedicate my effort to getting away from it! So if they stop making it – that
would be great!"

This is ridiculous. I understand that the current IP legislation is a load of
crap but trying to get ALL software to be free is absurd. How are developers
going to live? How about groceries? Can I pay for that? Or that should be free
as well?

~~~
jiggy2011
I agree that you can not always compare a DDOS to people blocking a street. I
think there's 2 reasons for this.

1) If you are busy protesting by blocking a street this causes you
inconvenience as you can only physically be in one place at once. Whereas
leaving your computer on to DOS while you go out to a bar isn't exactly a
hardship.

2) Many of the DDOSers would not even be remotely aware of what they are doing
, see the JS worm that they used recently.

 _This is ridiculous. I understand that the current IP legislation is a load
of crap but trying to get ALL software to be free is absurd. How are
developers going to live? How about groceries? Can I pay for that? Or that
should be free as well?_

You've just opened up a huge topic there, has been discussed on HN lots of
times and while I have seen good arguments for copyright-less software in many
areas (OS kernels , web frameworks etc) there are others where I don't think
anyone has thought of another viable business model (at least not one that
isn't even more freedom restricting in some way).

Some would argue that these areas should just disappear or be done only by
hobbyists but I think I would miss professionally produced video games for
example, indie or AAA.

To clarify though, I doubt that Stallman would support Anonymous or people who
want to pirate software. To him any software that is not libre is irrelevant
and should be rejected regardless of monetary cost or who distributes it.

~~~
savramescu
In according to his view on this we shouldn't pay for groceries because you
don't know how they were grown. Everyone should get a farm and get his own
vegetables, mine his own minerals etc. Saying that all software should be free
is absurd.

~~~
jiggy2011
I suspect his argument would be more along the lines of when you buy say some
potatoes, you can do what you will with them.

For example you could plant them in the ground and use them to grow more
potatoes or you could chop and fry them into chips, bake and serve them with
with chilli etc.

His issue is not really with the cost of software (that is more a side effect
of the GPL). He takes issue with the fact that with software you often have
artificial restrictions in use and that the manufacturer may include features
that are not to your benefit (e.g DRM , spyware , adware) and you can not
remove these without breaking the license agreement.

He would liken this more to buying some potatoes that can only be legally used
for one purpose and if you wish to use (physically identical) potatoes for
another purpose then you must pay a higher fee.

The commercial issue with the GPL is that if you give people the rights to
distribute as they see fit there is guarantee that they will give anything
back to the original author.

Personally I would love to get applications with source code available that I
can modify as I wish (or just fix bugs) but would require that the original
author was paid a fee upon re-distribution (of original or modified version)
to someone who did not already hold a license. I see this as a very good
compromise in many cases.

The problem with this of course is that if I did wish to distribute the
software to an unlicensed person then I could easily remove any copy
protection methods prior to doing so.

In such a case ironically the best solution _might_ be stronger copyright
legislation to protect the rights of open source but non gratis software
developers.

------
VMG
Except that it is completely voluntary.

~~~
masklinn
No. It's completely "voluntary" and the quotes are important: if your whole
social environment standardizes on a platform, you're an outcast if you don't
step aboard. If your professional environment standardizes on a platform,
you're an outcast if you don't step aboard.

It's only actually completely voluntary if you have infinite money and no
issue (and no repercussion from) completely dropping whole social and
professional circles out of your life.

And that still requires the network/system is honest about it[0], when Google
automagically creates a G+ account for you when you sign up for (supposedly)
unrelated services or forces you to create one to access other content,
"voluntary" is really debatable. Again, unless you have no issue shedding
whole social circles instantly.

[0] [http://arstechnica.com/gadgets/news/2012/01/google-
doubles-p...](http://arstechnica.com/gadgets/news/2012/01/google-doubles-plus-
membership-with-brute-force-signup-process.ars)

~~~
Permit
I don't know if I've ever really bought into this. I've yet to hear the story
of the individual who lost all social ties because they quit Facebook. I made
the decision about a year ago, due to excess wasted time on the site and have
yet to face any real negative side effects to doing so.

People were social long before Facebook was around, and can remain so without
it. Even with an account, the information you share on Facebook is voluntarily
given.

I think what Facebook has done most effectively is given people the illusion
that their lives are somehow more social because of it.

~~~
fl3tch
We need more people making this point. How did we manage to socialise up until
a mere four years ago? It's still possible today without Facebook. People who
say they _can't_ quit Facebook are like people who say it's too hard to quit
smoking. No, you really can. You just don't want to.

~~~
rue
That's not strictly true; you have to consider the entire system, not just the
individual. It's not like only you picked up this new tech and can therefore,
if you will it, drop it. _Everyone else_ in your social circle needs to, as
well.

It's the same as asserting that people _can_ communicate without phones, or
that they _can_ get news without the internet, the phone or newspapers. Sure,
they _can_ , but it's incredibly inefficient, exponentially so when everyone
else still does.

(I've still managed to stay away from Facebook, but, then, I don't have many
friends.)

------
dotemacs
What has to be noted here is that this is published on Russia Today. From my
understanding of it, it tries to offset the US crazies like Fox and its ilk...

~~~
lunarscape
To me RT is a Kremlin mouthpiece giving a voice to obscure anti-US and anti-EU
voices. At one stage is was nothing but 24 hr anti-Georgia propaganda.

~~~
narrator
I've seen the BBC and other western media quoting some random unknown Chinese
or Russian intellectual and giving them the world stage because they agreed
with the western perspective on China or Russia.

------
Craiggybear
There are a lot of people here who don't seem to understand you can earn money
and a good living with 'free' software.

The term 'free' is very misunderstood in this context. Its free as in
freedom/free speech, not (necessarily) free as in beer.

Although sometimes (most times) its both. This doesn't stop you using it to
earn a living. It allows you to freely use and modify it to your own purposes.
Contrast that with non-free (i.e. locked, obfuscated and proprietary).

I've written freely available stuff that people have (never the less _and
willingly_ ) paid me rather handsomely for the privilege of using or modding
to their own needs. They didn't _have_ to, but people can be inherently decent
that way.

I could have made it entirely closed and I think I'd have made less out of it
if I had. I would have had to market it for a start -- and that's a fucking
headache. I'm not a salesman and don't want to be.

Anyhow, Stallman is 100% right. Everything he's been warning us about for
years is already upon us. With _much_ worse to come.

------
majmun
Stallmans reminds me of Ted Kaczynski unabomber. (no offence) similair world
view, he doesn't care of inovation because probably thinks that it leads to
more controlled society. both are Neo-Luddites. only Kaczynski was more
radical in his actions. If you want more of the same I suggest you read
unabomber manifesto <http://editions-hache.com/essais/pdf/kaczynski2.pdf>

~~~
couchnaut
The creator of Emacs and gcc is a Neo-Luddite and on the same side as
unabomber?!! Apparently there is some kind of nth humor level involved here
that I can't really comprehend.

~~~
majmun
yes, what is your point? for fighting technology you can use technology. (and
im not saying that he was neo-luddite allways)

~~~
couchnaut
No offense but you're implying it and my point anyway is that it's somewhat
weird (if not anything worse) to draw parallels with unabomber just because
Stallman said what's just obvious to anyone but Facebook addicts.

For better or worse there is a growing danger in FB regarding the tons of
personal data that the same users would just never give away if it weren't for
FB. He is just trying to make users aware of that. He's certainly not the
first to do it and hopefully not the last. Also he said nothing that could be
interpreted as innovation stopper.

Out and over.

~~~
rimantas
Amazing, how discussion involving that person bring out people failing to see
things in context, some absolutist blindness.

What "tons" of personal data? I doubt I could myself collect tons or personal
data about myself, not to mention data that would be dangerous.

~~~
couchnaut
Amazing indeed.

I bet that you're quite computer literal yourself (hard to suppose otherwise
since we're talking through HN) so as to be quite cautious as to how much of
yourself you'll expose on the net. Unfortunately most people aren't plus they
are quite good at documenting their lives (photos,videos,writings, etc) and
linking in with people they know and share data and the like.

That's "tons of personal data" - it's not an absolutist firework but it's the
main reason that gives FB such a high market value. AFAIK FB is considered a
gold-mine in terms of highly targeted advertising and marketing that's because
it hosts "tons of personal data" of high granularity and of high relevance to
the real identities of the people uploading it. Otherwise wordpress for
example would be considered of at least equal value with FB.

