Discussion:
The concept of ethical social network
judith
2011-08-30 20:33:18 UTC
Permalink
Hi all,

Below the updated version.

I. The ethical social network

Ethical is not about price, neither about the only freedom of the source
code. It is about the recognition and the respect of user freedoms:

- to recognize and respect the privacy of all communications exchanged by
users,
- to recognize and guarantee the same rights to every user,
- to only distribute to users free software,
- to allow full interoperability towards other social networks.

II. How to respect those freedoms?

First: the communication protocol

The communication protocol must be open.

Second: the software

The software specific to the social network must be under a free licence
as its dependencies. The whole software distribution, including the
server part, must be available to users. The software must be secure. Any
flaw should be fixed as soon as possible.

Three: the respect of the user data privacy

Each user should use his own servers.

The communication protocol and software of the social network must let the
user be able to decide freely, clearly and efficiently what to do with
each of his data and his account: the user may decide for each
communication who are the recipients, even possibly the general public.

Users must be warned constantly that once they publish their data, those
may be known to the general public, including current or future employers
and the government.

Concerning the data hosted on other servers than the user's own, the delay
to delete a post or to close an account must be quick once the user
requests it. The closure or the deletion must be definitive, no data must
be available to the social network once it is done.

Four: the social network services

Every service available to users through the social network should not
appropriate users data or track them.

Any suggestions?

Judith Lukoki
+33 (0)6 15 94 50 23
http://www.movingyouth.eu
Sam Tuke
2011-09-06 16:58:32 UTC
Permalink
I haven't seen other messages in this thread, so it's hard for me to know the
context of what you've written.

I've made some suggestions however in case you find them useful.
Post by judith
I. The ethical social network
Ethical is not about price, neither about the only freedom of the source
- to recognize and respect the privacy of all communications exchanged by
users,
...In a permanent and sustainable way. Private companies are subject to
takeover and sale of assets, one of which is usually user data. Privacy
policies can be changed retrospectively in some cases, and at the very least
may not be updated to meet future threats that are currently hard to
anticipate. Interpretation of privacy policies can also change to suit a
company's financial goals, even if the wording of the policy doesn't.

Therefore a strong privacy policy is not sufficient in my view. Legally binding
statements of intent which affect future circumstances are additionally
necessary. This is why foundations and public benefit organisations are much
better guardians of private data in my view as they are often obliged to serve
the public interest or the interests of the people who they work with and
represent.
Post by judith
- to recognize and guarantee the same rights to every user,
- to only distribute to users free software,
Capitalising 'Free Software' can help to clarify it as a specific category of
software rather than it being understood as a connotative term to identify
software which is free of charge.
Post by judith
- to allow full interoperability towards other social networks.
This is an important freedom but it isn't sufficient. Having an 'open API' and
conforming to open standards are fundamental requirements, but they don't
guarantee that a user will be able to extract all their data. I think that a
stronger requirement such as "all data pertaining to a user must be accessible
to them and extricable in a meaningful, documented way, in formats which meet
the definition of an Open Standard".
Post by judith
II. How to respect those freedoms?
First: the communication protocol
The communication protocol must be open.
'open' is open to interpretation and has no strict meaning. It would be better
to say that they must qualify as Open Standards in my view.
Post by judith
Second: the software
The software specific to the social network must be under a free licence
as its dependencies. The whole software distribution, including the
server part, must be available to users. The software must be secure. Any
flaw should be fixed as soon as possible.
Stating that the software must be secure and should be fixed asap doesn't
convey very much to me. I think you need to be more specific. Something like
the requirement that there is a good peer review process and open bug hunting
workflow. You can websearch examples of how organisations effectively manage
security issues with Free Software.
Post by judith
Three: the respect of the user data privacy
Each user should use his own servers.
That's an ideal rather than a requirement it seems to me. Using the word
server in this way also stretches its meaning in a potentially confusing way.
You could rephrase this requirement in terms of a user's account not having
any single remote point of failure, and having the ability to be accessible
independently of any other network or computer.
Post by judith
The communication protocol and software of the social network must let the
user be able to decide freely, clearly and efficiently what to do with
each of his data and his account: the user may decide for each
communication who are the recipients, even possibly the general public.
Users must be warned constantly that once they publish their data, those
may be known to the general public, including current or future employers
and the government.
Concerning the data hosted on other servers than the user's own, the delay
to delete a post or to close an account must be quick once the user
requests it. The closure or the deletion must be definitive, no data must
be available to the social network once it is done.
How about adding that the user must be the legal owner of anything that they
submit to the service. This may be assumed from your other requirements, but I
think it should be explicit because historically users of some networks have
not had the right of ownership over their social network content.

Furthermore the user should have the freedom to choose what license is used.
If a user is the legal rights holder of their messages but those messages are
always automatically licensed in a particular way then it undermines the
ability of the user to exercise those rights due to technical constraints.
Post by judith
Four: the social network services
Every service available to users through the social network should not
appropriate users data or track them.
This seems to broad. Allowing users to sign in on one page and then access
another theoretically requires tracking; in the form of cookies or sessions. I
think you need to clarify what you mean by tracking. Not all tracking is
necessarily bad. How about stating that users must be made aware of any
tracking and have the opportunity to disable it where this would not
compromise the other requirements stated above or render the basic
functionality of the service inoperable?

Also see these resources and their authors if you haven't already:

http://wiki.fsfe.org/CloudComputing (Torsten Grote)
http://blogs.fsfe.org/greve/?p=452

If you need clarification or more help please ask.

Thanks,

Sam.
--
Sam Tuke
British Team Coordinator
Free Software Foundation Europe
IM : samtuke at jabber.fsfe.org
Latest UK Free Software news: uk.fsfe.org
Is freedom important to you? Join the fellowship.fsfe.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.fsfeurope.org/pipermail/discussion/attachments/20110906/2168a41b/attachment.pgp>
judith
2011-09-06 21:16:58 UTC
Permalink
I found them useful ;-)
I've made some suggestions however in case you find them useful. On
Post by judith
I. The ethical social network
Ethical is not about price, neither about the only freedom of the
source code. It is about the recognition and the respect of user freedoms: -
to recognize and respect the privacy of all communications exchanged by
Post by judith
users,
...In a permanent and sustainable way. Private companies are subject to
takeover and sale of assets, one of which is usually user data. Privacy
policies can be changed retrospectively in some cases, and at the very
least
may not be updated to meet future threats that are currently hard to
anticipate. Interpretation of privacy policies can also change to suit a
company's financial goals, even if the wording of the policy doesn't.
Therefore a strong privacy policy is not sufficient in my view. Legally
binding
statements of intent which affect future circumstances are additionally
necessary. This is why foundations and public benefit organisations are much
better guardians of private data in my view as they are often obliged to serve
the public interest or the interests of the people who they work with and
represent.
I answer to this issue at the end of this mail.

The issue is not to allow full interoperability towards networks but to
allow full users data extricability to users.
Post by judith
II. How to respect those freedoms?
First: the communication protocol
'open' is open to interpretation and has no strict meaning. It would be
better to say that they must qualify as Open Standards in my view.

I totally agree with you. I proposed: the communication protocol must
qualify as Open Standards.

Two: the save file format
This is an important freedom but it isn't sufficient. Having an 'open
API'an conforming to open standards are fundamental requirements, but they
don't guarantee that a user will be able to extract all their data. I
think
that a stronger requirement such as "all data pertaining to a user must be
accessible to them and extricable in a meaningful, documented way, in
formats which meet> the definition of an Open Standard".

I agree with you.I proposed: the save file format must qualify as Open
Standards.
Post by judith
Three: the software
The software specific to the social network must be under a free
licence as its dependencies. The whole software distribution, including the
server part, must be available to users. The software must be secure.
Stating that the software must be secure and should be fixed asap doesn't
convey very much to me. I think you need to be more specific. Something like
the requirement that there is a good peer review process and open bug hunting
workflow. You can websearch examples of how organisations effectively manage
security issues with Free Software.
I agree with you that we should not write the sofware should be fixed
asap. In fact I should indicate that a security policy is necessary for
the sofware process. This is not a place to detail the security policy.
Post by judith
Three: the respect of the user data privacy
Using the word server in this way also stretches its meaning in a
potentially confusing way.

I proposed: Each user should host his sofware server on his own hardware
server.
That's an ideal rather than a requirement it seems to me.
I agree with you.That's why I used "should" rather than "must".
Nevertheless, the respect of the user data privacy can not be guaranteed
without the user operating himself the hardware server.
Tha's why an ethical social network probably must be technically a peer to
peer network.
You could rephrase this requirement in terms of a user's account not having
any single remote point of failure,
Could you clarify that part?

And having the ability to be accessible independently of any other network
or computer.

Why the accessibility from any network or computer is necessary to the
ethical disposition of the social network?
Post by judith
The communication protocol and software of the social network must let the
user be able to decide freely, clearly and efficiently what to do with
each of his data and his account: the user may decide for each
Post by judith
communication who are the recipients, even possibly the general public.
Users must be warned constantly that once they publish their data, those
Post by judith
may be known to the general public, including current or future employers
and the government.
Concerning the data hosted on other servers than the user's own, the delay
to delete a post or to close an account must be quick once the user
requests it. The closure or the deletion must be definitive, no data must
Post by judith
be available to the social network once it is done.
How about adding that the user must be the legal owner of anything that
they submit to the service. This may be assumed from your other
requirements, but I think it should be explicit because historically users
of some networks have not had the right of ownership over their social
network content.

It's interesting what you said, but in which way this proposition is
necessary to the ethical disposition of the social network?
Furthermore the user should have the freedom to choose what license is
used.If a user is the legal rights holder of their messages but those
messages are always automatically licensed in a particular way then it
undermines the ability of the user to exercise those rights due to
technical
constraints.

I agree with you. I proposed to add:the user should be free to decide what
is the license of the communicated data.
This seems to broad. Allowing users to sign in on one page and then access
another theoretically requires tracking; in the form of cookies or
sessions. I think you need to clarify what you mean by tracking. Not all
tracking is necessarily bad. How about stating that users must be made
aware of any tracking and have the opportunity to disable it where this
would not compromise the other requirements stated above or render the
basic functionality of the service inoperable?

Finally services in peer to peer network are provided by users, so this
part may be useless.

I answer now to the first question.

As the social network is peer to peer, there is no central company or
organisation. So there's no need of legally binding statements concerning
the privacy of communication exchanged by users. For example, if a user
represents the organisation behind the software development, this one has
by design no more access to any user data than anyone else.
http://wiki.fsfe.org/CloudComputing (Torsten Grote)
http://blogs.fsfe.org/greve/?p=452
If you need clarification or more help please ask.
Thanks,
Sam.
--
Sam Tuke
British Team Coordinator
Free Software Foundation Europe
IM : samtuke at jabber.fsfe.org
Latest UK Free Software news: uk.fsfe.org
Is freedom important to you? Join the fellowship.fsfe.org
Judith Lukoki
+33 (0)6 15 94 50 23
http://www.movingyouth.eu
Sam Tuke
2011-09-16 12:04:53 UTC
Permalink
Post by judith
Could you clarify that part?
And having the ability to be accessible independently of any other network
or computer.
Why the accessibility from any network or computer is necessary to the
ethical disposition of the social network?
Maybe this is stretching the meaning of "ethics" a little, but basically the
user does not have real power and control over their participation in the
social network if their participation in it relies on third parties. Being
able to host their own account without reliance on any other server,
individual or network is important because without this they are not really
free to host themselves and express themselves.

If my social networking account could disappear from the larger social network
because a computer acting as a relay in the network is required for
communication, caching, or some other technical purpose, then my participation
can be vetoed by a third party. So for real independence, real self-sufficient
capability of freedom of expression etc. there can be no single point of
failure between my home social networking server and the social network at
large (in this example).
Post by judith
How about adding that the user must be the legal owner of anything that
they submit to the service. This may be assumed from your other
requirements, but I think it should be explicit because historically users
of some networks have not had the right of ownership over their social
network content.
It's interesting what you said, but in which way this proposition is
necessary to the ethical disposition of the social network?
Basically I see this as a technical requirement of the social networking
software (the user will be adding content to a device which they own, we
assume, so that issues of licensing should not necessarily apply). The
Post by judith
I proposed to add:the user should be free to decide what
is the license of the communicated data.
As the social network is peer to peer, there is no central company or
organisation. So there's no need of legally binding statements concerning
the privacy of communication exchanged by users. For example, if a user
represents the organisation behind the software development, this one has
by design no more access to any user data than anyone else.
That isn't sufficient protection however. Take Firefox - if Mozilla was a
private company then they could use their enormous influence over Firefox
development to change the way that Firefox collects data or allows the user to
control privacy settings in order to send data to Mozilla servers, and only to
Mozilla servers. Of course Mozilla is Free Software, so others would see this
was happening (though Mozilla may implement this hypothetical code in a way
that was very hard to detect) but Firefox is still the brand, the updates
would go out automatically to hundreds of millions of users, and it would take
years before a forked version of Firefox, with the tracking removed, would
exceed Firefox in popularity. Additionally Mozilla controls the hosting of the
code, of Firefox,com, and the servers with user accounts for forums and
development etc., all of which involves private data that could be abused
which is ancillary to the product of Firefox itself, but all of which is no
doubt important to users of Firefox.

Fortunately Mozilla is a foundation and so this scenario is very unlikely to
happen, but it goes to show that it is important 'the company behind' an
ethical social network has legally binding pledges to a community about the
way it will develop the code, and the goals of its activities that relate to
the software. Just being Free Software is not enough - malicious parties can
use influence to corrupt the ethical nature of software. Just look at the scare
surrounding core internet security components of OpenBSD
(http://arstechnica.com/open-source/news/2010/12/fbi-accused-of-planting-
backdoor-in-openbsd-ipsec-stack.ars).

I hope that was somehow useful.

Please can you check your email client configuration relating to line length,
because your quoted replies come out garbled and hard to read on my mail
client. Setting the max characters per line to approx 80 is a good idea for
readability and compatibility. Otherwise your messages come out like this:

// >> The communication protocol and software of the social network must let
// the
// >> user be able to decide freely, clearly and efficiently what to do with
// each of his data and his account: the user may decide for each
// >> communication who are the recipients, even possibly the general public.
// Users must be warned constantly that once they publish their data, those
// >> may be known to the general public, including current or future
// employers
// >> and the government.
// >> Concerning the data hosted on other servers than the user's own, the
// delay
// >> to delete a post or to close an account must be quick once the user
// requests it. The closure or the deletion must be definitive, no data must
// >> be available to the social network once it is done.
//
//
// > How about adding that the user must be the legal owner of anything that
// they submit to the service. This may be assumed from your other
// requirements, but I think it should be explicit because historically users
// of some networks have not had the right of ownership over their social
// network content.

Thanks,

Sam.
--
Sam Tuke
British Team Coordinator
Free Software Foundation Europe
IM : samtuke at jabber.fsfe.org
Latest UK Free Software news: uk.fsfe.org
Is freedom important to you? Join the fellowship.fsfe.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.fsfeurope.org/pipermail/discussion/attachments/20110916/454c6b64/attachment.pgp>
judith
2011-09-27 22:32:21 UTC
Permalink
I found them useful again ;-)
Post by judith
Could you clarify that part?
And having the ability to be accessible independently of any other
network or computer.
Why the accessibility from any network or computer is necessary to
the ethical disposition of the social network?
Maybe this is stretching the meaning of "ethics" a little, but
basically the user does not have real power and control over their
participation
in the social network if their participation in it relies on third
parties.
Being able to host their own account without reliance on any other
server,
individual or network is important because without this they are not
really free to host themselves and express themselves.
If my social networking account could disappear from the larger
social network because a computer acting as a relay in the network
is required for
communication, caching, or some other technical purpose, then my
participation can be vetoed by a third party. So for real
independence, real
self-sufficient capability of freedom of expression etc. there can
be no single
point of failure between my home social networking server and the
social
network at large (in this example).
I totally agree with you, this is why I wrote "Each user should host
his sofware server on his own hardware server.?
Post by judith
How about adding that the user must be the legal owner of anything
that they submit to the service. This may be assumed from your other
requirements, but I think it should be explicit because
historically users of some networks have not had the right of
ownership over their
Post by judith
social network content.
It's interesting what you said, but in which way this proposition
is necessary to the ethical disposition of the social network?
Basically I see this as a technical requirement of the social
networking software (the user will be adding content to a device
which they
own, we assume, so that issues of licensing should not necessarily
apply).
Post by judith
I proposed to add:the user should be free to decide what
is the license of the communicated data.
As the social network is peer to peer, there is no central company
or organisation. So there's no need of legally binding statements
concerning the privacy of communication exchanged by users. For
example, if a
Post by judith
user represents the organisation behind the software development,
this
Post by judith
one has by design no more access to any user data than anyone else.
That isn't sufficient protection however. Take Firefox - if Mozilla
was a private company then they could use their enormous influence
over Firefox development to change the way that Firefox collects
data or allows the user to control privacy settings in order to
send data to Mozilla servers, and only to Mozilla servers.

Of course Mozilla is Free Software, so others would see this was
happening (though Mozilla may implement this hypothetical code in a
way that was very hard to detect) but Firefox is still the brand,
the updates would go out automatically to hundreds of millions of
users, and it would take years before a forked version of Firefox,
with the tracking removed,would exceed Firefox in popularity.

Additionally Mozilla controls the hosting of the code, of
Firefox,com, and the servers with user accounts for forums and
development etc., all of which involves private data that could be
abused which is ancillary to the product of Firefox itself, but all
of which is no doubt important to users of Firefox.
Fortunately Mozilla is a foundation and so this scenario is very
unlikely to happen, but it goes to show that it is important 'the
company behind' an ethical social network has legally binding
pledges to a community about the way it will develop the code, and
the goals of its activities that relate to the software. Just being
Free Software is not enough - malicious parties can use influence
to corrupt the ethical nature of software.

Just look at the scare surrounding core internet security
components of OpenBSD
(http://arstechnica.com/open-source/news/2010/12/fbi-accused-of-planting-
backdoor-in-openbsd-ipsec-stack.ars).
You raised here an important issue. I see some points:
It seems to me that no contract can be signed with a community, only
with its users; if so, the legally binding pledges you speak of
should be between the developing organization and the users (a
copyleft license?).

You speak of the developing organization legal form. A software
doesn't need a foundation as development organization to qualify as
Free Software, so why would a social network strictly need a
foundation as development organization to qualify as ethical? As you
pointed, it isn?t sufficient to avoid ethical infringement, which
may be legally ok.

The right answer may be to define these contract elements. Are you
ok with that? What do you think those should be?


Judith Lukoki
+33 (0)6 15 94 50 23
http://www.movingyouth.eu
Daniel Guagnin
2011-09-28 07:59:45 UTC
Permalink
Hi Judith,

over the German list came the information about a project which has
similar ideas. They want to form an international project.
Maybe you should have a look at

www.socialswarm.net

and get in contact with them.
Your ideas might be valuable for them.
And for sure they are interested in further discussion.

Best wishes,

Daniel
Post by judith
Hi all,
Below the updated version.
I. The ethical social network
Ethical is not about price, neither about the only freedom of the source
- to recognize and respect the privacy of all communications exchanged by
users,
- to recognize and guarantee the same rights to every user,
- to only distribute to users free software,
- to allow full interoperability towards other social networks.
II. How to respect those freedoms?
First: the communication protocol
The communication protocol must be open.
Second: the software
The software specific to the social network must be under a free licence
as its dependencies. The whole software distribution, including the
server part, must be available to users. The software must be secure. Any
flaw should be fixed as soon as possible.
Three: the respect of the user data privacy
Each user should use his own servers.
The communication protocol and software of the social network must let the
user be able to decide freely, clearly and efficiently what to do with
each of his data and his account: the user may decide for each
communication who are the recipients, even possibly the general public.
Users must be warned constantly that once they publish their data, those
may be known to the general public, including current or future employers
and the government.
Concerning the data hosted on other servers than the user's own, the delay
to delete a post or to close an account must be quick once the user
requests it. The closure or the deletion must be definitive, no data must
be available to the social network once it is done.
Four: the social network services
Every service available to users through the social network should not
appropriate users data or track them.
Any suggestions?
Judith Lukoki
+33 (0)6 15 94 50 23
http://www.movingyouth.eu
_______________________________________________
Discussion mailing list
Discussion at fsfeurope.org
https://mail.fsfeurope.org/mailman/listinfo/discussion
Continue reading on narkive:
Loading...