Slashdot Mirror

← Back to Stories (view on slashdot.org)

What's Needed For Freedom In the Cloud?

Posted by Soulskill on from the gumption-and-a-sturdy-parachute dept.

jrepin writes "Georg Greve from Free Software Foundation Europe has often been asked to explain what he considers necessary prerequisites for an open, free, sustainable approach toward what is often called 'The Cloud,' or also 'Software as a Service.' He gives 7 ingredients that are necessary for freedom in the cloud. For example, 'it should be illegal to change privacy policies on users without their explicit consent. They need to know what is changing, and how, and what will be the resulting level of privacy they enjoy – in the same clear, transparent and understandable manner.'"

13 of 81 comments (clear)

  1. Don't use cloud. by Anonymous Coward · · Score: 4, Insightful

    That's all you need for freedom..

    1. Re:Don't use cloud. by SomeKDEUser · · Score: 2

      Or use your own.

      Once again, free software comes to the rescue :)

  2. Competition and easy transfers by artor3 · · Score: 4, Insightful

    There needs to be lots of choices for users, and an easy, free way to transfer all data from one company to another. Otherwise all the disclosure in the world is meaningless, since they can hold your data hostage to make you accept their new terms.

    1. Re:Competition and easy transfers by shentino · · Score: 2

      How about an easy free way to transfer your data that they can't revoke the moment you fall behind on your bills or for whatever reason feel like holding you hostage?

      Paying a toll to cross a drawbridge doesn't do any good if the king can just raise it and lock you inside the castle when he feels like it.

  3. Freedom lay with the user by heptapod · · Score: 2, Insightful

    Don't trust a third party with your information and data. Memory and storage are dirt cheap, pipes are fat and the cloud is just gee-whiz yet redundant technology.

  4. Re:"The Cloud" is just ... by camperdave · · Score: 5, Funny

    Like any cloud, it will soon vanish, never to be seen again.

    Judging from the "Error establishing a database connection" message I'm getting, the cloud is already gone.

    --
    When our name is on the back of your car, we're behind you all the way!
  5. Start with the basics... by Temujin_12 · · Score: 2

    How about we start with sustainable database connections?

    --
    Faith is a willingness to accept something w/o complete proof and to act on it. Reason allows you to correct that faith.
  6. Re:I don't need The Cloud, but I do need a service by jonahbron · · Score: 2, Informative

    Sounds like you need Ubuntu One. Just the free package gets you 5GB and access via Android/iOS.

    http://one.ubuntu.com/

  7. Those are mere wishes by tftp · · Score: 3, Insightful

    So I got to read the article, and the author lists a bunch of good, desirable things there. But none of them will happen until the businesses that provide those cloud services are forced to listen to wishes of the clients.

    However majority of clients are not very wise in terms of network security (or anything else, as matter of fact.) So those companies will always have plentiful harvest of suckers, and that's who they will focus on. If you are a green-skinned geek in glasses you are not their audience, and your whimpering that "their service is not perfect" will be summarily ignored.

    Geeks can't use the cloud, basically. Anyone who does that surrenders a bit of his|her|its privacy, and on top of that has to obey the arbitrary rules that are imposed by those companies. The only solution is not to play.

    I did just that last night. I needed to change the email on Yahoo to something else. I type the name in, and I get in return "#604,E4 This email address is blocked by owner." No help anywhere; other people report this error too, with no resolution. I was able to resolve that. Want to know how? I deleted the whole Yahoo profile. Google profile will be next.

  8. Security is NOT an issue with The Cloud. by Anonymous Coward · · Score: 5, Funny

    Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.

    The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.

    And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.

    My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.

    1. Re:Security is NOT an issue with The Cloud. by Anonymous Coward · · Score: 2, Funny

      Is that the Big-Indian or Little-Indian teams?

    2. Re:Security is NOT an issue with The Cloud. by hairyfeet · · Score: 2

      I hate to break the news to ya pal but governments haven't needed MSFT to provide backdoors in years. As someone who spends 6 days a week fixing the things I can tell you foolproof way to get into a good 90%+ of the machines out there. 1.- For the guys a webpage that says "Hey want to look at teh titiez! Just run our Iz_Not_Backdoor_Iz-Codec.exe to get teh free pronz!" 2.-For the ladies a chat window that pops up "Hey you just got to see teh cute kitteh videoz!" which takes them to a malware laden page, and 3.- for the old folks a page that looks like Windows Update that says "ZOMG you got teh viruz ZOMG! Run Iz_Not_Backdoor_Iz-cleaner to kill it ZOMG!" and voila! you have just pwned any damned machine you want.

      I wish it weren't so but I have actually seen a user uninstall the AV because it wouldn't let him install malware so sadly i know it is true. Linux or Mac OSX wouldn't help either because all you'd have to do is send Iz_Not_Backdoor_Iz- stuff _u_want.sh with helpful instructions on how to run it and they WILL run it as long as they think they are getting something, titties, free movies, kitteh pictures, or protection from a mythical bug.

      As for TFA? Give it up friend. The governments have done gotten spooked by the Arab springs so I doubt very seriously if your "unbreakable" encryption exists they will allow YOU to have it. Hell I'm waiting for them to have Nancy grace and the other talking heads start talking about how "Encryption is nothing but a haven for perverts and terrorists!" complete with a couple of pedos that "got away with it" thanks to having encryption. I figure if they do go after it they'll go after TrueCrypt first, that one is too easy to use.

      We all make jokes about Pakistan trying to ban encryption but with all the big brother bullshit we see being passed how long until the west joins them?

      --
      ACs don't waste your time replying, your posts are never seen by me.
  9. Needed: Cloud 2.0 - Stratus by presidenteloco · · Score: 2

    For freedom, the cloud needs to become just a layer in the protocol, as it were.

    Some rules of the global cloud layer's operation:

    1. Hosters must have no rights pertaining to hosted content (except to remove it, but see 3.)

    2. Hosters should have no responsibility for content.

    3. Hosters should be prevented technically (e.g. by strong encryption not under their control) from knowing what content they host.

    4. No hoster should host more than an unintelligible (bit-wise randomly interleaved) fragment of any content document.

    5. Hosting should be provided on a mix of consolidated data-centre stores (for performance) and a massively distributed and decentralized peer network, and costs of hosting should be shared by a combination of storage markets and storage-service trading (peering) arrangements, involving the edge players as well as the large-scale players.

    6. Content fragments, in co-operation with simple, standard, uniform software on each storage host, should ensure the content's own long-term survival in the cloud, via a process of periodically checking across the globally distributed storage cloud to ensure that enough copies exist and are sufficiently well distributed on reachable hosts and are stored on a mix of old reliable and newly commissioned storage hosts.

    7. Access to coalesced and decrypted content should only be possible for possessors of the encryption key for the content.

    --

    Where are we going and why are we in a handbasket?