Re: [GNU/consensus] [RFC][SH] User Data Manifesto

[Frank Karlitschek]

On 21.01.2013, at 21:01, Richard Stallman <address@hidden> wrote:

> It needs to start by stating the range of situations or cases
> that it applies to.
> 
>    The data that someone directly or indirectly creates belongs to
>    the person who created it.
> 
> Please don't use "belongs to".  It has the same problem as "owmed".

O.K. Sorry.
What word would you suggest here?
The idea is that this is the stuff that I type into my computer before I 
consciously decide to release it under a specific license or share it with 
someone. It should be clear that the administrator of my machine or the 
administrator or operator of the server where I store my files has zero right 
on my files even if physical access is possible. This is a problem with current 
cloud services.


> 
>    2. Know where the data is stored
>    Everybody should be able to know: where their personal data is physically 
> stored, how long, on which server, in what country, and what laws apply.
> 
> "On which server" may be too much to ask.

True. Let's leave the server out.

> 
>    Everybody should always be able to migrate their personal data to
>    a different provider, server or their own machine at any time
>    without being locked in to a specific vendor. It is recommended to
>    have the personal server for the personal data in the long term.
> 
> To migrate data from X to Y consists of
> 1. Extracting a copy from X.
> 2. Entering it in Y.
> 3. Deleting it from X.
> 
> Whether you can enter it in Y is a matter between you and Y.
> So the two rights you should have are:
> 
> 1. To extract your data from X when you wish.
> 1. To delete your data from X when you wish.

Perfect! :-)


> 
>    4. Control access
> 
>    Everybody should be able to know, choose and control who has
>    access to their personal data to see or modify it.
> 
> If you have published some data, you won't be able to control who can make
> copies.  So this needs some conditions.

That's true. What would you suggest?


> 
>    5. Choose the conditions
> 
>    If someone chooses to share their personal data, then the user
>    selects the sharing license and conditions.
> 
> 1. "Share" is strange usage in this context.  Say "let others access".


Great.

> 
> 2. This rule has two very bad consequences:
> 
>  a. If "personal data" is a program, it implies the author
>     should be allowe to make it nonfree.  We can't endorse that!

That's true. Should we make it clear that this is not about programs? Perhaps 
we can add a sentence.

> 
>  b. If the person can choose _any_ conditions, he can choose
>     conditions that exploit him.  Lots of services demand users agree
>     to unfair conditions.  For instance, Facebook demands users agree 
>     that Facebook can use their photos in ads.

That's an interesting point. It's true that a user can choose bad or stupid 
conditions. (Like many on Facebook do.)
But what would be the alternative? We can't force conditions on the users to 
protect them from themselfs. I think it is freedom that the users can decide 
for themselves even if stupid people do stupid things.



> So this needs to be changed a lot.


Do you have a suggestion? :-)

> 
>    8. Server software transparency
> 
>    Server software should be free software so that the source code of
>    the software can be inspected to confirm that it works as
>    specified.
> 
> There is a misunderstanding here.  If the program is free software,
> that does not imply you can get a copy of it.
> 
> Thus, if the goal is to make sure you can get a copy of it,
> we need to require more.  For instance, "should be free software and
> its code should be published".

Perfect. I forgot that aspect because I always have AGPL in mind here.


Thanks a lot for the great feedback.


Cheers
Frank



> 
> -- 
> Dr Richard Stallman
> President, Free Software Foundation
> 51 Franklin St
> Boston MA 02110
> USA
> www.fsf.org  www.gnu.org
> Skype: No way! That's nonfree (freedom-denying) software.
>  Use Ekiga or an ordinary phone call
>