The concept of ethical social network

Tue Sep 6 16:58:32 UTC 2011

I haven't seen other messages in this thread, so it's hard for me to know the 
context of what you've written.

I've made some suggestions however in case you find them useful.

On Tuesday 30 August 2011 21:33:18 judith at movingyouth.eu wrote:
> I. The ethical social network
> 
> Ethical is not about price, neither about the only freedom of the source
> code. It is about the recognition and  the respect of user freedoms:
> 
> - to recognize and respect the privacy of all communications exchanged by
> users,

...In a permanent and sustainable way. Private companies are subject to 
takeover and sale of assets, one of which is usually user data. Privacy 
policies can be changed retrospectively in some cases, and at the very least 
may not be updated to meet future threats that are currently hard to 
anticipate. Interpretation of privacy policies can also change to suit a 
company's financial goals, even if the wording of the policy doesn't.

Therefore a strong privacy policy is not sufficient in my view. Legally binding 
statements of intent which affect future circumstances are additionally 
necessary. This is why foundations and public benefit organisations are much 
better guardians of private data in my view as they are often obliged to serve 
the public interest or the interests of the people who they work with and 
represent.

> - to recognize and guarantee the same rights to every user,
> - to only distribute to users free software,

Capitalising 'Free Software' can help to clarify it as a specific category of 
software rather than it being understood as a connotative term to identify 
software which is free of charge.

> - to allow full interoperability towards other social networks.

This is an important freedom but it isn't sufficient. Having an 'open API' and 
conforming to open standards are fundamental requirements, but they don't 
guarantee that a user will be able to extract all their data. I think that a 
stronger requirement such as "all data pertaining to a user must be accessible 
to them and extricable in a meaningful, documented way, in formats which meet 
the definition of an Open Standard".

> II. How to respect those freedoms?
> 
> First: the communication protocol
> 
> The communication protocol must be open.

'open' is open to interpretation and has no strict meaning. It would be better 
to say that they must qualify as Open Standards in my view.

> Second: the software
> 
> The software specific to the social network must be under a free licence
> as its  dependencies. The whole software distribution, including the
> server part,  must be available to users. The software must be secure. Any
> flaw should be fixed as soon as possible.

Stating that the software must be secure and should be fixed asap doesn't 
convey very much to me. I think you need to be more specific. Something like 
the requirement that there is a good peer review process and open bug hunting 
workflow. You can websearch examples of how organisations effectively manage 
security issues with Free Software.

> Three: the respect of the user data privacy
> 
> Each user should use his own servers.

That's an ideal rather than a requirement it seems to me. Using the word 
server in this way also stretches its meaning in a potentially confusing way. 
You could rephrase this requirement in terms of a user's account not having 
any single remote point of failure, and having the ability to be accessible 
independently of any other network or computer.

> The communication protocol and software of the social network must let the
> user be able to decide freely, clearly and efficiently what to do with
> each of his data and his account: the user may decide for each
> communication who are the recipients, even possibly the general public.
> 
> Users must be warned constantly that once they publish their data, those
> may be known to the general public, including current or future employers
> and the government.
> 
> Concerning the data hosted on other servers than the user's own, the delay
> to delete a post or to close an account must be quick once the user
> requests it. The closure or the deletion must be definitive, no data must
> be available to the social network once it is done.

How about adding that the user must be the legal owner of anything that they 
submit to the service. This may be assumed from your other requirements, but I 
think it should be explicit because historically users of some networks have 
not had the right of ownership over their social network content.

Furthermore the user should have the freedom to choose what license is used. 
If a user is the legal rights holder of their messages but those messages are 
always automatically licensed in a particular way then it undermines the 
ability of the user to exercise those rights due to technical constraints. 

> Four: the social network services
> 
> Every service available to users through the social network should not
> appropriate  users data or track them.

This seems to broad. Allowing users to sign in on one page and then access 
another theoretically requires tracking; in the form of cookies or sessions. I 
think you need to clarify what you mean by tracking. Not all tracking is 
necessarily bad. How about stating that users must be made aware of any 
tracking and have the opportunity to disable it where this would not 
compromise the other requirements stated above or render the basic 
functionality of the service inoperable?

Also see these resources and their authors if you haven't already:

http://wiki.fsfe.org/CloudComputing (Torsten Grote)
http://blogs.fsfe.org/greve/?p=452

If you need clarification or more help please ask.

Thanks,

Sam.

-- 
Sam Tuke
British Team Coordinator
Free Software Foundation Europe
IM : samtuke at jabber.fsfe.org
Latest UK Free Software news: uk.fsfe.org
Is freedom important to you? Join the fellowship.fsfe.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20110906/2168a41b/attachment.sig>