FarceBook have been getting a lot of heat since the mosque shootings were livestreamed on their platform. But the software freedom movement seem to be able the only people talking about the ambitious solution that’s really required; replacing FB with ethical services controlled by the people who use them, not a tech corporation and its data buyers and advertisers. There are a people saying that we need a federated replacement for FB, using free code software. But is that really a viable solution? Here’s what I think would be required to create one.

First, we’d need a large-scale, crowdsourced UX (User eXperience ) design project. This would involve current FB users explaining exactly what features they use and how they use them, and a group of designers gradually building up mockups of a replacement UX. The designers would go through a number of iterations of presenting their mockups to the users for feedback and tweaking their designs in response. The outcome of this project would be a coherent UX design for both a website and native apps for desktop and mobile platforms.

During the course of the UX design project, a list of required features/ functions would need to be compiled. Decisions would need to be made about which of these could be implemented on the client-side (as many as possible, particularly data storage) and which would need remote servers. The second part of the project would involve identifying which of the features required by the UX could be implemented using existing free code components, which ones would need new code, and how the whole service could fit together efficiently. This would be a complicated set of decisions, because although building completely from scratch would be reinventing the wheel, the alternative requires evaluating hundreds or thousands of potential dependencies for code quality, and how likely it is to be maintained effectively in the long term.

The third part of the project, once the choices about initial design and back-end component re-use/ development had been made, would be to put the whole thing together as a proof-of-concept service. At this point, people who participated in the original crowdsourced UX design project could be contacted to see if they would like to be beta testers. Again, there would need to be a number of iterations where the service and UI was tweaked in response to tester feedback.

Unless there is some way to make our FB replacement an entirely serverless system like Jami or Briar, the long-term organizational and financial durability of instances (servers running the federated server software) is a problem that needs to be solved before federated social networks are ready for mainstream use. During the prototyping phase some serious thought would need to be given to how to provision the servers the production services will rely on. Our experiences with the fediverse so far have shown that we can’t just rely on random people setting up instances, which may vanish without a trace at any time. If our FB replacement ties users to a domain name, as the ActivityPub fediverse does, there will need to reliable organizations running instances (like cooperative businesses, associations with paid membership, or well-funded charities). It would be better if it used Zot (like Hubzilla and Zap), configured in such a way that every user’s account exists on at least two instances at any given time, so if one goes down, the account is automatically copied from the surviving one to another one.

Once the alpha and beta phase of prototyping was finished, and a stable 1.0 release of both the client-side apps and server-side software was available that included tools for importing users’ data from their FB account (a tasks that I imagine FB do everything in their power to make as difficult as possible), there would need to be a massive organizational and promotional effort to get reliable instances set up, and convince groups of users to set up accounts and start using them.

Some might say I’m making this seem way more complicated than it needs to be. After all, we’ve already created a federated replacement for Titter. But my whole point is that FB is a much more complicated system to replace and people are much more dependent on it. Titter has only two features, a public micro-blog (short text messages published on the web), and private text messages, and the fediverse as a whole has only implemented the first one. Some fediverse apps have “private” messages, but they don’t yet federate reliably across all apps and most (eg the Mastodon/ Pleroma DMs or “Direct Messages”) are private only in the sense they are not displayed publicly on those platforms. DMs sent to servers running other fediverse apps are liable to just treat them like any other public post. Only servers running Zot apps have any kind of encryption or proper controls over private messages and media.

FB consists of a wide range of features; not just posts, but an event system, encrypted realtime chat (including voice/ video), photo-sharing and galleries, web video and video livestreaming, pages, groups, and more. Many of these features have both public and private versions. While FB’s privacy protection is far from exemplary, a system being promoted as an ethical replacement would need to take this seriously. Many existing free code projects offer some of the elements needed to create a FB replacement, but none of them are anywhere near incorporating them all, and the problem of hosting remains unsolved.

In summary, I’m sceptical about trying to replace FB with a single service. I think we’re more likely to succeed by disaggregating its many features, replacing them with apps that do one thing well; chat clients, media-hosting services, events systems etc, and finding ways to bundle them together into community-hosted services that can each inter-operate with each other.

It’s a great relief to see long serving political satire website The Civilian back online, after an unexplained outage last week. Along with the web videos of White Man Behind A Desk, The Civilian, which bills itself as “all the news that’s fit on a page”, is one of the few exponents of political satire left in Aotearoa. In tribute to both of them, here is a piece inspired by the ill-informed sabre-rattling about regulating social media companies, by officials in NZ. In case anyone is in any doubt, this is satire!

 <satire>

Global government network Facebook has put social platform NewZealand on notice that stricter regulation may be on the way. “NewZealand may have more than four million users”, said Facebook Local Government Minister Nick Clegg, “but that doesn’t mean it can expect to operate as a law unto itself”. In a public statement on the tragic deaths of more than fifty users using the Mosque feature of Christchurch, a branded subsidiary of NewZealand and part of the SouthIsland suite of services, Clegg accused NewZealand of allowing serious “hate speech” on its platform. “The management of NewZealand are responsible for everything that happens on its platform”, he said, “they can’t hide behind claims of being service providers allowing people to interact freely with each other. They are the publisher, not the postman”, he said, adding “their NZPost service is the postman, not them.”

Clegg also hit out at NewZealand for failing to pay all its advertising taxes, claiming that the platform only gives Facebook a few million dollars a year, despite having millions of Facebook citizens using its services. He also pointed out that Facebook citizens upload large volumes of free lifestyle and business content to NewZealand each year, allowing its executives to bring in millions of dollars in campaign contributions.

As a former executive of rival platform UnitedKingdom, Clegg is intimately familiar with the responsibilities and challenges involved in managing a large social platform. UnitedKingdom was formed as a merger between three older social platforms, England, Scotland, and TheOtherOne. They also acquired Ireland, but later spun it off as a separate entity, keeping only the marketing and communications wing, Northern. When asked about the reasons for the split with Ireland, UnitedKingdom pointed to poor quarterly returns to the parent company, and alleged harassment against the staff of the other platforms.

Clegg was also involved in the launch of Brexit, a massively popular user polling app that led to UnitedKingdom trying to split away from the federated platform EU, which has become popular in Europe. EU allows users to move back and forth between member platforms, using the same address and password, as if they all had a user account on each one. While some UnitedKingdom executives continue to claim that their users gain far more from the services of other European platforms than they provide to their users, others claim that membership of the EU constrains the ability of UnitedKingdom to set their own Terms of Service and Privacy Policy, or that their servers and bandwidth have been overwhelmed by the numbers of users coming in from other platforms.

While Facebook has yet to announce any policy on the Brexit app, they have made public statements echoing those directed at NewZealand, pointing out that UnitedKingdom has to take responsibility for the effects of the Brexit app on users. If the UnitedKingdom Board of Directors is unable to come to a decision about the future of their server-sharing arrangements with the EU, Facebook may be forced to use anti-trust rules in its Terms of Service to split up UnitedKingdom, allowing some of its apps to continue inter-operating with the EU, while others become stand-alone services.

</satire>

Filed April 19th, 2019 under Uncategorized

Update 2019-05-17Adrian Cochrane, the developer of the Odysseus web browser, has also been working on a proposal for a post-Javascript web.

—————————

“If you’re seeing this message, that means JavaScript has been disabled on your browser. Please enable JavaScript to make this website work.”

- TechAsia.com

I use a browser add-on called NoScript, to choose if and when a website can run Javascript on my computer, and I’m getting pretty sick of websites refusing to even display text and images if I don’t agree to run their (often proprietary) Javascript. Let’s start telling both website developers and web browser engineers, loud and clear, that it’s time to #MakeJavascriptOptional!

Javascript is unique among programming languages, because the programs written in it are routinely downloaded and run on a person’s computer (in their web browser) without their knowledge or consent. It has been the subject of criticism by everyone from experienced software engineers and computer security researchers, to privacy campaigners and software freedom activists. Bad Actors can use Javascript to abuse people while they use the web, by tracking them (and there have been designs for tracking users with Javascript since 2006, if not longer), by spying on them (and this sort of spying has been going on since 2010 if not longer), by hijacking their computers, and so on.

Almost every time you open a browser tab and go to a website, another batch of invisible programs starts running on your computer, every one of them using up a bit more of your computer’s processing power and system memory. As each one starts running, it makes your computer a bit more sluggish and less responsive to you, like a kind of digital alcohol. Obviously, this degrades the user experience of the web, but most people don’t even realize it’s happening. They blame their internet connection, or assume their computer is just getting too old and they need a newer one, not realizing their computer could run much faster if it wasn’t carrying so much unnecessary Javascript. As well as using up system resources on the computers of web users when they run, the same Javascript programs are sent to millions of computers, over and over again, every time the websites that use them are visited, which is a wasteful use of both server resources and internet bandwidth.

So what can be done? Some people just disable Javascript in their web browsers, but that has the major downside of breaking the vast majority of the web, even a lot of ethical services running free code software (like CoActivate). Others use NoScript to tell us when a page wants to run scripts in our browser, and which web domain they are being served from, and allows us to choose if and when to let them run. Other add-ons focus on blocking specific kinds of threats that exploit Javascript, including anti-tracking tools like the EFF’s Privacy Badger (or the Privacy Possum fork) and adblocking tools like uBlockOrigin.

These kinds of tools are like wearing a suit of armour to protect against shark attacks while surfing, they can work, but they come with a fair bit of inconvenience. The long-term solution is to evolve the web so that we can eventually do without Javascript, just as the upgrade to HTML5 means we can add multimedia like audio, video, animations, and games, to the web, without proprietary plug-ins like Java, Flash, or Silverlight.

One recent trend in website design is to use a static website generator to create sites that display text, media, and links, with a sane page layout, using only basic web languages like HTML and CSS. This works fine for simple personal homepages, or  “brochureware” sites for community groups, public services, and businesses. But some web developers argue that the features Javascript can add to make web pages into “web apps” are arguably worth the costs. The federated photo-sharing app PixelFed recently modified its landing page to remove all the Javascript, which is a welcome move. But once you log in, you still need to allow the site to run some Javascript if you want to share photos and use the rest of the app’s features.

Other web developers have been coming up with proposals for replacing Javascript with other technologies that could provide the same benefits, the extra-for-experts features you can’t code in pure HTML/CSS, without its the downsides. New standards like WebAssembly have already been created to allow other, more robust languages to be used instead of, or alongside Javascript. Other developers argue that Javascript is fine for prototyping new kinds of web services, but before they’re rolled out for mainstream use, these features ought to be standardized, and build into the browser itself, or native apps. Like static sites, this would mean these chunks of code wouldn’t need to be sent over the net millions of times a day, every time users visit the same website.

One thing the developers of web browsers could do very easily to improve the situation, at least in the short term, is the same things they’ve done with cameras and microphones; ask the user’s permission. When a website wants to run Javascript, ask the user if they consent to that, and ask them if they want the browser to remember that decision next time it’s asked to run scripts from that source. In other words, build the functions of NoScript into every web browser.

It could also help to build a wiki to crowdsource information about what kinds of scripts websites are trying to fetch from this or that domain name, and what they do. Some scripts, like those from FontAwesome, just provide freely licensed fonts and icons, while others, like any associated with major web advertising companies, are almost always trackers of some kind, spying on website users. Making this kind of information available from a trusted source would help users that currently use NoScript to decide whether to allow them or not, and if opt-in Javascript does become a standard feature of web browsers, it would benefit everyone who uses the web.

Filed April 3rd, 2019 under free software, security

Firstly, my heartfelt condolences must go out to everyone affected by the tragic events in Ōtautahi (Christchurch) last Friday. Secondly, I’d like to express my admiration for all the young people who took part in the School Strike for Climate activities that same day. Even while we express our sadness at being in the shadow of a dark cloud, we must remember that there is so much more power in the sunshine than in the darkest cloud.

Laura O’Connell Rapira, Director of ActionStation.org.nz, sent out a wonderful email about how we can support the survivors of Friday’s tragedy, which I totally endorse, with one very important exception. Here’s my reply:

 

Kia ora Laura,

Thanks for your compassionate and helpful email at this difficult time. I have signed the petition on banning public ownership of semi-automatic weapons in Aotearoa. I note that having Police roaming the streets with guns in their cars did nothing to prevent this tragedy, while that policy has led to a number of tragedies of its own making. I hope to see ActionStation campaigning to end the policy of providing beat cops with firearms, and redirect resources into making sure our appropriately trained Armed Offenders Squads have everything they need to respond quickly and effectively when things like Friday’s tragedy happen.

Moving on to the rest of your email, I agree with most of what you say, but as I’ve expressed in previous emails, I have some serious concerns about this part:

“TAKE ACTION TO END HATE SPEECH 

For the last few months, our team has been researching the links between online hate, online misinformation and the rise in hate crimes

One thing is abundantly clear: Extreme words lead to extreme actions. We need to do all we can to stop both.

Sign this petition that we’re delivering in a couple of weeks if you want our government to crackdown on online hate and misinformation

I support an end to hate speech and misinformation online.”

I certainly share this goal, as an activist who has been involved in running internet forums since the 1990s, including about 7 years in the editorial collective of Aotearoa Indymedia. But with all due respect, I have to say I think you are going about it exactly the wrong way.

I strongly believe that venues where people can express ignorant opinions and have them firmly but respectfully challenged are - aside from being essential to a functioning democracy - also an essential safety valve that can help to prevent more tragedies like what happened on Friday. What better venue could there be for this than the internet? On the net, arguments can’t escalate to physical violence between participants, as they can in person. Online, we can all make informed decisions about whether or not to engage in the spaces where these kinds of discussions take place, and if we do, use the opinions expressed as a guide to who we might want to connect with, ignore, mute, or even block from seeing or contacting us. Online discussion platforms need to be engineered to put that power in the hands of us, the end users, not corporations or governments. For example, the open source community designing software using the SSB (Secure Scuttlebutt) protocol have a set of principles for how they are going about that.

I think the censorship strategy ActionStation is arguing for is not only ineffective in achieving our shared goal, but counterproductive to it. Why?

For a start, I don’t accept your generalization that “extreme words lead to extreme actions”. I think it’s just as arguable that extreme actions can result from an inability to blow off steam through words, or from feelings of frustration, alienation, and injustice, that can arise in people unable to openly express their honest opinions.

It’s also important to consider the psychological principle of “negative reinforcement”, which states that whenever any behaviour earns someone attention or reactions it is encouraged, even when that attention is negative. Positive Parenting courses integrate this principle by encouraging parents to give their children lots of attention for behaviour they like (”caught being good”), and minimal attention to behaviour they don’t like, ignoring it completely if possible. On the net, this principle is known as the “Streisand effect”, and it’s long been recognized that trying to suppress anything online only increases interest in it, multiplying the problem like the Sorcerer’s Apprentice chopping up his broom.

So not only is trying to suppress racist speech online likely to have exactly the opposite effect, it may also have a more dangerous one. As Three Arrows pointed out in his web video debunking Jordan Peterson, Nazism - like all forms of xenophobic ethno-nationalism - thrived by cultivating a sense of collective victimhood. Excluding people expressing white nationalist ideas from the normal protections of our democratic rights to speak our minds, assemble, and organize, only serves to reinforce that sense of victimhood. So it’s likely it actually helps groups planning racist violence with their recruitment, rather than hindering them.

I strongly suggest you watch the documentary ‘Taking Liberties’, which explains how the governments of the Allied countries - including New Zealand - carefully studied how the Nazis came to power, and why the majority of Germans who didn’t support the Nazis were unable to effectively resist them. As a result of this study, many of the civil rights we now consider essential to democracy were strengthened or even created after World War II, specifically to prevent a resurgence of fascism. Arguably, it is as a consequence of the erosion of civil liberties in democratic countries since 9/11 that we have seen the rise of toxic enthno-nationalism and its associated violence, not as a result of too much of the wrong kinds of speech.

I also don’t accept that the ends justify the means. Even if it was true that giving the state absolute power to stop people openly saying racist things would fix racism, that wouldn’t mean it was the right thing to do. Killing the entire human population might fix climate change and prevent the extinction of many other species, but that doesn’t mean it’s the right thing to do. In this (admittedly extreme) example, the negative consequences are obvious, but in designing policy, we also need to be very mindful of the risks of unintended consequences.

There’s a parallel here with the well-meaning attempts by US legislators to suppress sex trafficking - another goal we all support - with FOSTA/SESTA. As Norman Shamas of Open Privacy explained in an interview with Final Straw Radio, not only do these laws make life harder for a lot of innocent people, they also make the jobs of the people who investigate sex traffickers harder too. When sex traffickers can’t hide their communications in plain sight among legitimate ads put up by sex workers, it doesn’t stop them communicating. It just pushes them deeper into the darknet where it takes a lot more resources to find and investigate them. Exactly the same is true for communications among white supremacists.

It’s much safer for everyone if people with racist views discuss them on mainstream platforms, where they can be monitored by both law enforcement and civil society watchdog groups like ours. This is such an important discussion that I’m going to post the text of this email on the Disintermedia blog, and submit it to TheDailyBlog.co.nz as a possible guest blog. I welcome you to engage with me by private email, or on either of those platforms.

Kia manawanui,

Danyl Strype

Larry Sanger, co-founder of Wikipedia, recently published a bit of manifesto for decentralizing social media. I totally agree with the sentiment, and it echoes Eben Moglen’s ‘Freedom in the Cloud‘ talk in 2011 that led to the FreedomBox project. A huge amount of the tech he describes has already been built. I recommend checking out the articles published at We Distribute, and the series of “DWeb” articles published last year on the Mozilla developer blog.

One promotional project I’ve been helping with is fediverse.party. We mainly focus on the cluster of federated social network apps that use ActivityPub, the W3C social web standard, and the most widely used standard I’m aware of for federated web apps. We also feature apps that use Diaspora’s variant of the OStatus standard (pioneered by StatusNet, now GNU social), or the Zot protocol developed for Hubzilla (also now supported by Zap).

The big challenge now is to figure out how to string it all together in a way that makes sense to the average user, and promote the best apps and services that emerge to the general public. In other words, we’re exactly where we were with email and the web in the late 1990s. This is what I’ve been trying to help with by contributing to networking projects like the Collaborate Technology Alliance and the Open App Ecosystem working group.

Hopefully, as others have suggested in the comments on Larry’s piece, we can find new economic models that are aligned with the data and network models we want to build and use, rather than have corporations and Vulture Capitalists (to quote Aral Balkan) enclose the decentralized web all over again. We can learn a lot about how to do this from the pioneering work done by economics thinkers like Elinor Ostrom, Silke Helfrich, David Bollier, and Michel Bauwens, on “commons” models, based on shared ownership and democratic management.

EDIT 2019-03-13: added reference to CTA and OAE.

Filed March 11th, 2019 under open social networks

I recently received an email from activists at ActionStation.org.nz, announcing the release of their new report about the state of the internet

“Our lives online are now dominated by a handful of tech giants, and their products are increasingly being used to hurt people and spread misinformation and hate. It’s time to do something about it. Today we are launching The People’s Report on Online Hate, Harassment and Abuse. It is the result of lots of thinking, reading, research, and listening to others’ experiences on the internet. In it we argue the tech giants who have come to dominate our lives online have failed to stop their products from damaging individuals and our wider democracy.”

Here’s my response to that email.

Kia ora ActionStation crew

Have you read the dystopian science fiction novel ‘1984′? Do you remember the part where George Orwell writes:

“Who controls the past controls the future. Who controls the present controls the past.”

You say you’ve taken a serious look at what’s happening to the internet. Yet what you’re worried about is not surveillance capitalism, the increasing power of state-corporate entities to monitor and control what we can say and see online, and manipulate what we believe about the past and the present. Instead, you say you’re worried that they’re not using that power enough?!?

I’m currently living in China, where the internet is under total state-corporate control. Nobody here is allowed to have private or free conversations online. The Chinese state uses its Great Firewall to make sure that its population can only access internet services under its control, and it uses that control to monitor every aspect of their lives, and prevent any dissenting views being openly expressed online. If you think this is good for the rights of women, or queers, or indigenous people, or immigrants, you’re dead wrong.

The Harmful Digital Censorship Act moved Aotearoa a step towards this same kind of anti-democratic technocracy. We don’t need it to be strengthened. We needs it to be repealed, and replaced with amendments to relevant laws against libel, harassment, stalking, and so on, to make sure they are fit for purpose in the digital age. Amendments that carefully constrain the powers of the state, and corporations, to control what citizens say and see online.

We especially don’t need tech corporations policing online discourse on our behalf. We need digital tools that take that power and responsibility out of their hands, and empower users to create respectful online communities and address the social problems caused by trolls, shills, and corporate PR tactics. Ideally, that means moving our communities off corporate-controlled servers completely, and replacing monocultures like FarceBook and Twitter with federated social networks, connecting ‘digital cafes’ owned and controlled by the communities that use them.

In summary, we agree that the corporate tech giants are a problem. But we need to have some serious discussions about the true nature of that problem, and come up with solutions that fix it, instead of making it worse.

He mihi nui

Strypey

Filed March 1st, 2019 under independent media

This is just a note to inform my three readers, and any other visitors that pop by, that I will be offline until the end of February, 2019. Until then, there will be no new blog posts, and I will not be answering any email, or interacting on any other platforms like the fediverse or Loomio. Basically, the plan is to unplug the router, and not plug in back in until I’m ready to go back online.

The most important reason for this is just to give myself a break from the net, and spend some time doing other things like going for walks and reading books. But I also intend to use this time to get some work done on the Email Ate My Life book project, which has been languishing on the backburner for far too long. I’ve been tossing around the idea of doing some kind of podcast, and I’m seriously thinking about podcasting draft versions of some parts of the book, as a way of both dipping my toe into the waters of podcasting, and getting some feedback to help me with the final spit and polish on the book text. Watch this space.

If anyone reading this happens to be a publishing agent or boutique publisher who could help get a book published about one geek’s experience of a year without the net, or if you know one who might be, please get in touch (after February). 

Filed January 22nd, 2019 under News

The NZGOAL (New Zealand Government Open Access and Licensing) framework officially advises the public service in New Zealand to release publicly-funded works under a CreativeCommons license. In NZGOAL-SE (Software Extension), which came a few years later, the public service is encouraged to use and release software under free code licenses. Getting the NZGOAL frameworks approved by an extreme right-wing National government was an amazing achievement.

When any work is created at public expense, its public service maintainers ought to be allowed improve it by incorporating any fixes or additions made in derivative versions, especially commercial derivatives. So when NZGOAL was being drafted, I argued that the appropriate default license for it to recommend would be CC BY-SA (Attribution-ShareAlike). For the same reason, during the pioneering NZGOAL-SE consultation process, conducted using Loomio and GitHub, I argued for the GNU GPL (General Public License) as the default license recommendation. As did my friend Dave Lane, the Open Source Technologist at the OERu (Open Educational Resources Universitas) and long-time President of NZOSS (NZ Open Source Society).

Sadly, and perhaps because of the political circumstances, the default suggested in NZGOAL was CC BY (Attribution). This laissez-faire license means, for example, that map companies can sell corrected maps based on the publicly-funded NZ map data shared under CC BY by LINZ (Land Information New Zealand), but LINZ would need to ask permission to incorporate those map corrections back into the public dataset.

This is still a big improvement on the kinds of privatization that might otherwise have happened. For example, the CC BY license allows the LINZ map data to be used in the Open Street Map. Without NZGOAL, that map data could have been spun off into an SOE (State-Owned Enterprise) to “open” it to the private sector, and made available only to purchasers of proprietary, commercial licenses. Worst-case scenario, the copyright on that public map data could have been sold into private ownership, a fate that has befallen many publicly-funded commons in Aotearoa since the 1980s, including the Government Printing Office.

But although the use of CC BY was a good start, I’d still like to see the default changed to CC BY-SA if there is a Version 3.0 of NZGOAL. Failing that, I’d like to see it recommended side-by-side with CC BY, so that public agencies choosing CC BY-SA are more likely to consider the pros and cons of a ShareAlike license for the data they steward, while still following the default advice in NZGOAL.

The situation in the Software Edition of NZGOAL is somewhat better. Public service agencies are advised to license any modifications to an existing codebase under the license the upstream codebase uses, even when they’re not legally obliged to (eg by a copyleft license). When licensing new software, they’re advised to use either the laissez-faire license that the OSI (Open Source Initiative) calls the “MIT“, or the GPL (version 3 or later). They’re also invited to consider AGPL for server software, or LGPL for software libraries, as appropriate.

While I’m glad that “MIT” did not end up being the sole recommended license, as suggested in the original draft, I don’t see why we ought to allow companies to build proprietary software on top of publicly-funded free code at all. Why not oblige them to make their source code available to their users, and allow their fixes and addition to be incorporated back into the upstream versions maintained by public service agencies or open source communities?

One argument raised for recommending a laissez-faire license as the default was that this would be equivalent to the CC BY recommendation in NZGOAL itself. But as I pointed out  during the consultation process, they’re not really equivalent. The laissez-faire licenses lack the strong “attribution” requirement that is fundamental to CC BY, obliging redistributors of a work to give credit to the original creators. All they require is that a copy of the copyright statement and the license are included when the code is published, which end users might never see.

If there is a revision of NZGOAL-SE, I’d really like to see a copyleft license like GPL become the default recommendation, with a laissez-faire license downgraded to an alternative to be considered along with AGPL or LGPL for special circumstances. In either case, I’d like to see Apache 2.0 replace “MIT” as the recommended laissez-faire license. NGGOAL-SE quite rightly points out that NZ patent law doesn’t recognize software patents, and that public service agencies are not patent trolls anyway. But that doesn’t stop outside contributors to publicly-funded free code, licensed under the “MIT” license, from enforcing software patents on anyone using that code in other jurisdictions. Apache 2.0 explicitly prevents this.

In summary, it was an honour and a privilege to be part of the efforts by CreativeCommons Aotearoa/ NZ (now Tohatoha) and NZOSS to help bring NZGOAL and NZGOAL-SE into existence, and to contribute to the consultations on them. But now that we have a new, more public-spirited government, it’s time to start campaigning for revised versions that maximize public access not only to publicly-funded works, but also their derivatives.

Filed January 14th, 2019 under free culture

Happy solstice everyone. As I start doing a few bits and pieces of administrivia to get myself organized for the new calendar year, I find myself increasingly frustrated by some of the policies and practices I find on official websites. For example, take this compulsory password policy from a NZ government web service that allows users to access sensitive, private financial information, and send secure correspondence to officials. I won’t name names (yet), you know who you are:

” Your new password must be between 5 and 10 characters long, and include at least 3 letters and at least 2 numbers and may contain A-Z, a-z, 0-9 and any of the following characters #, +, -, _, @.”

For reasons explained in XKCD #936 “Password Strength”, adding numbers and other non-letter symbols to passphrases doesn’t make them much harder for computers to guess, but it does make them much harder for humans to remember (making them more likely to write them down or otherwise compromise them). This isn’t even very helpful as a suggestion, let alone as a compulsory requirement.

Secondly, why limit the length to 5-10 characters? That same XKCD comic shows that as a passphrase gets longer, it gets exponentially more difficult for a computer to guess it correctly (all else being equal). According to Troy Hunt, creator of haveibeenpwned.com, the Digital Identity Guidelines released in 2017 by NIST (US National Institute of Standards and Technology) recommends sites allow passphrases at least 64 characters long, and ideally as long as 256.

The policy on this website stops me following my preferred passphrase practice, which is similar to the method described in the XKCD comic, and results in easy-to-remember passphrases much longer than 10 characters. It’s a policy that urgently needs to be changed.

But when I went to the website feedback form to point all this out to the webmasters, I realized that I wasn’t even able to submit the complaint without allowing a third-party domain to run Javascript in my browser (mcxplatform.com.au owned by a US-based “customer experience” company Maritz LLC). This is a simple form with a few groups of tick boxes, a comment box, and a ’submit’ button. It does nothing that we couldn’t do on Indymedia news sites almost 20 years ago, and there’s no need for it to expose user-submitted data to an external service. I expect to be able to use all the functions of any official government website without enabling JS for any third-party domain. This too, needs to be fixed.

I also noticed that the site is running Javascript from three other third-party domains; doubleclick.net, google-analytics.com, and hotjar.com, owned by companies that collect data about website users (”analytics”). DoubleClick.net is owned by Google, and is usually used along with their analytics trackers, to help target their AdSense web ads at users. Hotjar.com is owned by a private company based in Europe. Is it really ethical to allow private companies, especially foreign companies, to collect data about NZ citizens - without their knowledge or consent - while they are using government services via an official website? This practice also needs to stop. If the website teams needs to collect analytics to improve the website, they can do it with their own instance of a free code tool like Matomo or AWStats.

Filed January 4th, 2019 under security

Dear not-for-profit community, thanks for all the great work you do in the public interest. As I stumble across your sites in web searches, or check them out on the advice of friends, I note that many of you are using CreativeCommons licenses, which is great. I’m a long-time supporter of CC licenses, in fact I spent a number of years doing voluntary work to increase awareness and use of the CC licenses in Aotearoa (NZ). It’s always exciting to see people making creative use of CC licenses, placing their work under a Some Rights Reserved model that is more in tune with the digital age than the ARR (All Rights Reserved) copyright automatically applied in many jurisdictions.

Just to be clear; I am not a laywer, and this letter is not legal advice. It’s just my opinion as an activist and a support of the digital commons. However, if you’re still using version 3.0 (or earlier) of the CC licenses, or you’ve chosen one of the licenses with NC (NonCommercial) or ND (NoDerivatives) clauses, I’d like to suggest a couple of changes to your choice of license. There are two parts to this, and I’ll explain them both as best I can from an activist perspective.

The first, and simplest part, is the upgrade from version 3.0 of the CC licenses to version 4.0. A number of improvements were made to the wording of the license texts in version 4.0, to bring them up-to-date with changes in copyright law, and further clarify things like what is and isn’t counted as “commercial use” of a licensed work. The biggest change between these versions is that from version 4.0 onward there is one international version of each CC license, instead of having to “port” each license to make it compatible with the copyright law of each jurisdiction, as was the case in previous versions. This is a welcome change, as it makes more sense for international media like the internet and the web. A summary of the differences between the various versions can be found on the CC wiki (just a guide, not legal advice).

So if the CC license you chose still reflects the ways you do and don’t want the work on your site to be used, I suggest upgrading to version 4.0 of that license. See the upgrade guide also on the CC wiki (also not legal advice) But if you chose a license with an NC or ND clause, does the license you chose really reflect the ways you do and don’t want the work on your site to be used? This brings me to the second part of my license upgrade suggestion. Let’s have a look at some of the pros and cons of using a CC license that includes the NC or ND clauses.

The CC wiki summarizes the meaning of the NonCommercial clause. NC is confusingly named, because it’s useful mainly to creators whose work is intended for commercial sale. For example, NC can be used by musicians, film-makers, or novelists, creators who have to invest significant resources to get their work ready for distribution, to prevent anyone selling copies in competition with them (and any distributors they have negotiated commercial contracts with). The idea that NC marks a work as having a not-for-profit goal is such a common misconception that serious thought was given to renaming it “Commercial Rights Reserved” in version 4.0 of the licenses. While the decision was made to keep the existing wording, for the sake of consistency between license versions, CC encourages us to use the “Commercial Rights Reserved” wording to help make the purpose of the NC clause clearer. Some arguments against using the NC clause can be found on the website of the Definition of Free Cultural Works.

Turning to the NoDerivatives clause, perhaps the best argument for ND restrictions comes from gnu.org, the website of the pioneering GNU Project:

“Works that express someone’s opinion—memoirs, editorials, and so on—serve a fundamentally different purpose than works for practical use like software and documentation. Because of this, we expect them to provide recipients with a different set of permissions: just the permission to copy and distribute the work verbatim.”

But it can also be argued that the ND clause is pointless for works that consist mainly of text. By using an excerpt from a gnu.org work, as I’ve done above, I’ve arguably made a “derivative work”. But this is allowed, because of the long-standing convention that one can reproduce any portion of a text, as long as it is placed within quote marks, and attributed to the original author. The one thing that All Rights Reserved copyright definitely says people can’t do with text - reproducing the entire work in its original form (even with quotes and attribution) - is the one thing that any CC license definitely allows.

One major downside of using a license that includes the ND clause is that it stops people translating your work into other languages, without first getting your permission to create a derivative work. Another problem with ND is that it stop works being included in free commons licensed under BY-SA or BY licenses, from online reference works like Wikipedia.org or Appropedia.org, to Open Educational Resources like WikiEducator or open textbooks, and many, many more. This is also true of the NC clause. Is restricting uses like these what you had in mind when you chose an NC or ND license? If so, then you chose the right license for your project. If not, it might be time to think about other options.

If your work has any commercial value to corporations, or anyone else who might try to extract value from your common work without voluntarily contributing back, the SA (ShareAlike) clause can be used to mitigate this. With an SA license, like the BY-SA license used by Wikipedia, anyone who reproduces the work, or makes a derivative work, must make any changes they’ve made available under the same license terms. If someone publishes a derivative work, you can choose to incorporate any of the changes or improvements you like back into your version of the work.

I originally dipped my toes into the water of creative commoning by putting my own writing at Disintermedia.net.nz under an NC license, but for the reasons given above, I decided on a change of license. All the work I write for Disintermedia, Counterclaim, and any other not-for-profit projects, is now licensed under CC BY-SA 4.0 (unless there is a very strong argument for doing otherwise). So in summary, based on my experiences as a commoner and a CC advocate, my suggestion is that you consider talking to the people who shared in the creation of the work on your website about the possible benefits of relicensing to CC BY-SA 4.0.

One other thing, I notice some sites make it very hard to understand which CC license applies to their site (I’ll restrain myself from making an example of anyone here). To avoid confusion, please:

  • Indicate the name and version number of the license you’ve chosen in a prominent place on your site, and link it to the appropriate license page on the CreativeCommons website (eg CreativeCommons Attribution-ShareAlike 4.0).
  • Make sure if the license is given in more than one place, for example on a copyright page *and* at the bottom of each page, that the license name and version number is the same on both, and they both link to the correct license page.
  • Use the correct CC license icon for the license you’ve chosen, and make sure that links to the correct license page too.
  • Check that the icon and link indicate the same license everywhere they appear, except where they indicate work under a different license from the rest of the site. When that’s the case, it’s best to make the license exception clear in an introduction or footer text, giving attribution to the creator, and if possible, linking to the original.

Keep up the good work!

Filed December 19th, 2018 under free culture
« Previous PageNext Page »
  • Annual Events

  • Digital Freedom Foundation
  • LibrePlanet
  • Aotearoa

  • Aotearoa Indymedia
  • BallaNZ
  • Creative Commons Aotearoa/ NZ
  • Creative Freedom Foundation
  • DigitalNZ
  • Enspiral
  • Fair Deal Coalition
  • GreenStage
  • InternetNZ
  • Island Bay World Service
  • Living Economies
  • Localise
  • Loomio
  • Matrix FM
  • Nicky Hagar
  • No Right Turn
  • NZ Council for Civil Liberties
  • NZ Makers
  • NZ Makers Map
  • NZ Māori Internet Society
  • NZ Open Source Awards
  • NZCommons
  • OASIS
  • Open Government Ninjas of NZ
  • Open Source Society of NZ
  • Open Standards NZ
  • Open Ur Eyes
  • Pacific Media Centre
  • Permaculture in NZ
  • PledgeMe
  • Radio Chomsky
  • Regulation
  • Scoop
  • Tech Liberty
  • Timebank Aotearoa
  • Transition Towns Aotearoa/ NZ
  • Uncensored Magazine
  • Waatea News
  • Waikato Linux Users Group
  • What If
  • Wiki NZ
  • Zenbu
  • archives

  • ArchiveTeam
  • Critical Commons
  • Ibiblio
  • Internet Archive Community Software Collection
  • Open Archives Initiative
  • Blogroll

  • Abject
  • Access Now
  • Ars Technica
  • BadScience
  • Banjo - RoboBlog
  • Boing Boing
  • Born out of Binary
  • Centre for Media and Democracy
  • Choke Point Project
  • Copyrighteous
  • Create Digital Music
  • Creative Commons International
  • Cryptogon
  • Digital Standards Organisations
  • Disinfo
  • E-Democracy
  • Electronic Privacy Information Center
  • Ever Vigilant
  • Freedom Box Foundation
  • Freedom of the Press Foundation
  • Gaming On Linux
  • Global Indymedia
  • Gondwanaland (Mike Linksvayer)
  • Institute for the Future of the Book
  • Institute of Network Cultures
  • Internet Governance Project
  • InternetNZ
  • Island Bay World Service
  • Iterating Towards Openness
  • Knowledge Ecology International
  • LinkedListCorruption
  • Linuxed - Exploring Linux Distros
  • Localise
  • Moved by Freedom - Powered By Standards
  • Nanowares
  • New Zealand Māori Internet Society
  • Nicky Hagar
  • No Right Turn
  • NZ Council for Civil Liberties
  • NZCommons
  • O'Reilly Radar
  • OASIS
  • OERu Technology Blog
  • Open Educational Resources Foundation
  • Open Knowledge Foundation
  • Open Rights Group
  • Open Social Web
  • Open Source Conscious Intelligence Network
  • Open Source Food
  • Open Stand
  • Open Ur Eyes
  • OpenCollective
  • OpenDotDotDot
  • OpenSource.com
  • Permaculture in NZ
  • Plumi
  • Public Interest Journalism Foundation
  • Punk Rock Permaculture
  • Question Copyright
  • Replicant (OS)
  • Rob Meyers
  • Schneier on Security
  • Scoop
  • Shareable
  • Slashdot
  • Software Freedom Law Centre
  • Software in the Public Interest
  • SourceMap
  • Sustento Institute
  • Tech Liberty
  • TechRights
  • The Tin Hat
  • Tinkering Down Under
  • TorrentFreak
  • TransitionMovement
  • Translation Project
  • Trisquel GNU/ Linux
  • United Diversity
  • Waatea News
  • We Speak for Freedom
  • Why Your Boss is Programmed To Be a Dictator
  • code bank

  • Allura
  • BitBucket
  • FusionForge
  • GITHub
  • GITLab
  • Gogs
  • Internet Archive Community Software Collection
  • LaunchPad
  • NotABug
  • Savannah
  • Software Freedom Conservancy
  • Software Heritage
  • Sourceforge
  • community economics

  • Commons Transition
  • Fruit Tree Planting Foundation
  • In Our Back Yards
  • Institute for Local Self-Reliance
  • Libre-Living
  • Living Economies
  • Sensorica
  • Sustainable Economy Law Centre
  • Timebank Aotearoa
  • TransitionMovement
  • cooperative

  • Loomio
  • Snowdrift Coop
  • crowdfunding

  • ArtistShare
  • BountySource
  • Causes
  • CauseVox
  • Crowdfunder
  • Crowdjustice
  • Crowdrise
  • Crowdsupply
  • Flattr
  • Fundit.buzz
  • GiveaLittle
  • Goteo
  • In Our Back Yards
  • KickStarter
  • KissKissBankBank
  • Liberapay
  • Mighty Cause
  • OpenGift
  • Patreon
  • PledgeMe
  • PledgeMusic
  • Pozible
  • Snowdrift Coop
  • StartSomeGood
  • Taproot Foundation
  • The Working World
  • Tidelift
  • Events

  • IndieWebCamp
  • free code

  • April
  • Black Duck Open Hub
  • DistroWatch
  • Ever Vigilant
  • F-Droid
  • Free Software Directory (GNU FDL 1.3 or later)
  • Free Software Support Network
  • Free Software Support Network
  • Free Your Android
  • FreshCode
  • Gogs
  • Gun.io
  • Internet Archive Community Software Collection
  • LILA
  • LinuxTracker
  • NotABug
  • OERu Technology Blog
  • Peers Community
  • Plumi
  • PublicLab
  • Replicant (OS)
  • Software Heritage
  • Urchn Studios
  • Free Media

  • Communes Collective
  • Copyrighteous
  • Create Digital Music
  • Definition of Free Cultural Works
  • Dyne Foundation
  • FLOSSManuals
  • Free Culture Foundation
  • Ibiblio
  • Librivox
  • LILA
  • Open Video Conference
  • Show Me Do
  • Translation Project
  • Urchn Studios
  • WikiLeaks
  • freelancing

  • BountySource
  • Gun.io
  • independent media

  • Aotearoa Indymedia
  • BallaNZ
  • EngageMedia
  • Freedom of the Press Foundation
  • LILA
  • Matrix FM
  • Pacific Media Centre
  • Public Interest Journalism Foundation
  • Radio Chomsky
  • Radio Heritage Foundation
  • Uncensored Magazine
  • Waatea News
  • libre gaming

  • Gaming On Linux
  • Makers

  • GreenStage
  • Libre-Living
  • Mediamatic
  • NZ Makers
  • NZ Makers Map
  • Open ROV
  • Renewable PCs
  • Rob Meyers
  • Sensorica
  • maps

  • GeoForAll
  • GeoNames
  • Green Map System
  • Map Tools
  • Open Geospatial Foundation
  • Open Street Map
  • open governance

  • Crowdfunding
  • D-Cent
  • Deep Democracy Institute International
  • E-Democracy
  • Fight for the Future
  • Holacracy
  • Internet Governance Project
  • Kettering Foundation
  • Knowledge Sharing Toolkit (CC-BY-SA 3.0)
  • Open Government Ninjas of NZ
  • Open Policy Network
  • Open Space World (CC-BY-SA 2.5)
  • Open Stand
  • Open Standards NZ
  • Participedia
  • Sunlight Foundation
  • Transition Towns Aotearoa/ NZ
  • What If
  • WikiLeaks
  • open hardware

  • H-Node
  • Makey Makey
  • Meeblip Open Source Bass Synth
  • Open Hardware Summit
  • Open ROV
  • Open Source Hardware Association
  • Orgs

  • Access Now
  • Apache Foundation
  • April
  • Autistici/Inventati
  • Collaborative Knowledge Foundation
  • Commons Transition
  • Communes Collective
  • Computer Professionals for Social Responsibility
  • Creative Commons Aotearoa/ NZ
  • Creative Freedom Foundation
  • Critical Commons
  • D-Cent
  • Deep Democracy Institute International
  • Digital Due Process coalition
  • Digital Freedom Foundation
  • Digital Standards Organisations
  • DigitalNZ
  • Dyne Foundation
  • E-Democracy
  • Electronic Frontiers Foundation
  • Electronic Privacy Information Center
  • Fair Tracing Project
  • Fight for the Future
  • Foundation for Peer-to-Peer Alternatives
  • Free Culture Foundation
  • Free Network Foundation
  • Free Software Foundation
  • Free Software Support Network
  • Free Software Support Network
  • Freedom of the Press Foundation
  • Guifi
  • Ibiblio
  • Identity Commons
  • Institute for Local Self-Reliance
  • Internet Engineering Taskforce
  • Internet Governance Project
  • ISA Commons
  • Kettering Foundation
  • LEAP Encryption Access Project
  • LILA
  • Living Economies
  • Loomio
  • May First/ People Link
  • Mediamatic
  • NZ Māori Internet Society
  • NZ Open Source Awards
  • Open Architecture Network
  • Open Archives Initiative
  • Open Geospatial Foundation
  • Open Policy Network
  • Open Source Hardware Association
  • Open Source Society of NZ
  • Open Web Foundation
  • OpenADR Alliance
  • OpenCorporates
  • Outreachy
  • Participatory Culture Foundation
  • Peers Community
  • Permaculture in NZ
  • Privacy International
  • Public Citizen
  • Public Interest Journalism Foundation
  • Public Knowledge
  • Public Patent Foundation
  • Question Copyright
  • Radio Heritage Foundation
  • ReDecentralize
  • Reform Government Surveillance
  • Regulation
  • Rhizome
  • RiseUp
  • Science Commons
  • Software Carpentry Foundation
  • Software Freedom Conservancy
  • Sunlight Foundation
  • Sustainable Economy Law Centre
  • Taproot Foundation
  • Transition Towns Aotearoa/ NZ
  • Waikato Linux Users Group
  • Wiki NZ
  • World Wide Web Consortium (WC3)
  • Xiph.org
  • XMPP Standards Foundation
  • Peer2Peer

  • BitCoin
  • FreeCoin
  • Permaculture

  • Appropedia (CC-BY-SA 3.0)
  • Fruit Tree Planting Foundation
  • Future Scenarios
  • OrganicDesign
  • Permaculture in NZ
  • TransitionMovement
  • We Speak for Freedom
  • Privacy

  • Access Now
  • Digital Due Process coalition
  • Ever Vigilant
  • Fight for the Future
  • International Principles on the Application of Human Rights to Communications Surveillance
  • LEAP Encryption Access Project
  • OASIS
  • Privacy International
  • Reform Government Surveillance
  • What If
  • protocols and licensing

  • Definition of Free Cultural Works
  • Digital Standards Organisations
  • Greenlots
  • ISA Commons
  • Open Archives Initiative
  • Open Stand
  • Open Standards NZ
  • Open Web Foundation
  • OpenADR Alliance
  • Regular Events

  • Libre Graphics Meeting
  • Open Hardware Summit
  • science and datasets

  • AllTrials
  • Collaborative Knowledge Foundation
  • DigitalNZ
  • Fair Tracing Project
  • ISA Commons
  • Open Geospatial Foundation
  • Open Hand Project
  • SourceMap
  • Wiki NZ
  • Zooniverse
  • Tools

  • Autistici/Inventati
  • BitCoin
  • Black Duck Open Hub
  • CoActivate
  • Crowdfunding
  • DistroWatch
  • Dyne Foundation
  • F-Droid
  • FLOSSManuals
  • Fork the Cookbook
  • FreeCoin
  • GITHub
  • GNU Operating System
  • GreenStage
  • H-Node
  • How To Escape the GoogleMax Panopticon
  • Knowledge Sharing Toolkit (CC-BY-SA 3.0)
  • LEAP Encryption Access Project
  • LinuxTracker
  • Loomio
  • Map Tools
  • May First/ People Link
  • Meeblip Open Source Bass Synth
  • Monolith
  • Open Hand Project
  • Open Source Ecology
  • Open Space World (CC-BY-SA 2.5)
  • Open Street Map
  • OpenCorporates
  • OpenMailBox
  • Participatory Culture Foundation
  • Plumi
  • Renewable PCs
  • Replicant (OS)
  • RiseUp
  • Savannah
  • Show Me Do
  • Sourceforge
  • SourceMap
  • TransforMap
  • Translation Project
  • Web Platform
  • Zenbu
  • Transition

  • Green Map System
  • Health After Oil
  • Localise
  • OrganicDesign
  • Wiki

  • Appropedia (CC-BY-SA 3.0)
  • Foundation for Peer-to-Peer Alternatives
  • Instructables
  • LibrePlanet
  • Open (Government) NZ
  • Participedia
  • SourceWatch
  • WikiEducator
  • wireless mesh

  • Guifi
  • workplace democracy

  • Enspiral
  • The Working World