■ Learn About Free Software
Free As In Freedom ■
Authors: Lloyd Hardy, Richard Stallman
Revision: 1.8 (2014/12/22)
The GPL offers us one method of releasing Free Software in a way that
ensures its freedom cannot be compromised by its incorporation in
Non-Free Software. The protection of the GPL does not come into effect
until the software is 'distributed' to a user. 'Distributed' may mean
when it is downloaded to a hard-drive or copied to a CD, DVD or USB
storage. Other methods of distribution may include software deployed in
an embedded controller. However, software that is used across a network
(via an Intranet or the Internet) is not classified as 'distributed'
under the terms of the GPL.
To address this 'network-distribution', the AGPL, the Affero General Public License (AGPL) v3 was created. The AGPL v3 contains a clause that extends the requirement to provide the source code even when the software is interacted with across a network. This is an interesting and highly relevant issue and we will explore the advantages of using the AGPL for licensing software which may be used on a server. Of course, simple distribution of the source code of software does not, alone, offer the 4 freedoms of Free Software. There are other threats to our freedom that are not addressed by this additional clause.
The AGPL v3 stipulates that: “...if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software.” [1]
This clause, additional to the GPL v3 means that the user should be able to access the corresponding source when using the software across a network. Simply having access to the source does not of course mean that the software being used is free. It does mean that it is free to be studied and this does have greater significance that the ability to study the software alone. For example, some web applications use software distributed across more than one web server from different vendors and others are entirely self-contained. The AGPL allows us to identify into which classification the software we are using falls.
As our use of the Internet increases, we are beginning to take advantage of the possibilities of a networked world. This is a good thing for mobility, access to information and remote automation of mundane tasks. However, if not carefully considered, remote software can be a bad thing for computing control, privacy and software freedom.
Web browser-based software is fantastically useful. However, if you are using software remotely you might ask the following questions:
You need to know the answer to these questions is you before you have freedom. In addition, you might ask the following:
These questions may be answered in part by the implementation of the AGPL. The AGPL allows us to see whether or not third-party servers are used in the code. If they are not then we know that our data is processed on the server which we have control of, as long as the first 3 questions are answered with 'I do'.
As the Internet matures and development becomes more abstracted,
developers may begin to use web services more frequently. Web services
can provide a to short-cut to various programming tasks – such as a
mathematical calculation or the parsing of a document. Some web services
offer the retrieval or submission of data. Importantly, web servers
operate from server to server – as opposed to browser-based software
which mainly receives user input. Any software on a server may utilise
third-party web services, however the user's freedoms are at risk.
If we take an example where software is released under the AGPL, we
would be able to see which web services are used in a web application.
However, we would not be able to see which subsequent web services those
web services may use, unless they also provided us with source code –
for example, by also being released under the AGPL.
With web services we must consider that we relinquish control of processing over to the server we are calling. If our application uses this as a critical component, then as developers we at vulnerable to the whim of the administrator that controls the providing web server. There are some cases that this may not be such a big risk as at other times.
For example, the task of parsing an entire document or providing and interactive map to users poses an array of concerns, from freedom to privacy, legal jurisdiction and computing control. A service that synchronises time does not pose the same risks at the same level – however, it may be a risk to privacy, depending on what is done with the information used to make the request (eg. IP address, time of request, computer name etc).
As a rule, if data is being processed remotely from you, you are using an application and you should be able to enjoy the freedoms you enjoy with free software locally. That generally means having control of over the remote server.
While not a software freedom issue, one additional benefit of the AGPL is peer review and software development. This benefit is more relevant to the philosophies of the open source software movement. We can expect that compromise of web based software would be much faster and simplistic with access to the source code. However, we could contend that this will also mean more rapidly developed software and a higher level of quality and security in the software. When we are not free to study, modify and distribute our modifications – this concern of 'openness' is not positioned to thrive. It is software freedom that gives us the opportunity to benefit from better software evolution. Without freedom, we are restricted in our activities.
The major benefit of the AGPL as opposed to the GPL is the 'Networked Copyleft' effect of using the AGPL v3. GPL software may be used to provide a web server based service (for example an office suite) that the user has no control over. Much worse than proprietary software, this software and hardware may provide the user with no control whatsoever over their computing. The most worrying consideration is that the work of perhaps thousands of Free Software developers can be used to provide a service which strips users of their freedoms, under the ambiguous name of 'Software as a Service' or 'Cloud Computing'. These are terms which do not describe the destructive nature of the software which they are often representing. To take a users freedom away with the hardwork of Free Software developers surely must be the worst thing a service provider can do.
The AGPL begins to solve this problem by not allowing the service provider to be secretive about the code used to provide the service and also to distribute their changes where this is offered to users in public.
This means that other developers can use this software and users can
download and install the software locally. It means that the
modifications and enhancements cannot be non-free. AGPL v3 enforces
copyleft, even when the software is distributed over the network. It
also raises awareness about Free Software. It does not solve all of the
problems of freedom, computing control and privacy – but it does go
significantly further than the GPL alone which leads us to the
conclusion that the AGPL is a vital tool for the deployment and
concurrent distribution of Free Software online.
[1] http://www.gnu.org/licenses/agpl-3.0.html (Accessed: 2010/00/00)
Title, Author
Available from: http://www....