The #FSD purpose is to help people “find freedom-respecting programs”. Browsing the directory reveals copious freedom-disrespecting resources. For example:
- projects jailed in MS #Github (amid substantial ethical issues)
- projects jailed in #Gitlab·com (amid substantial ethical issues)
- projects with resources (docs, forums, wikis, APIs, etc) that are jailed in #Cloudflare’s walled garden (amid substantial ethical issues)
FSF has no tags for these anti-features. It suggests a problem with integrity and credibility. People expect to be able to trust FSF as an org that prioritizes user freedom. Presenting this directory with unmarked freedom pitfalls sends the wrong message & risks compromising trust and transparency. Transparency is critical to the FOSS ideology. Why not clearly mark the freedom pitfalls?
UPDATE
The idea of having exclusive clubs with gatekeepers is inconsistent with FSF’s most basic principles, specifically:
All important site functionality that's enabled for use with that package works correctly (though it need not look as nice) in free browsers, including IceCat, without running any nonfree software sent by the site. (C0)Does not discriminate against classes of users, or against any country. (C2)Permits access via Tor (we consider this an important site function). (C3)
Failing any of those earns an “F” grade (Github & gitlab·com both fail).
If Cloudflare links in the #FSF FSD are replaced with archive.org mirrors, that avoids a bulk of the exclusivity. #InternetArchive’s #ALA membership automatically invokes the Library Bill of Rights (LBR), which includes:
V. A person’s right to use a library should not be denied or abridged because of origin, age, background, or views.VI. Libraries which make exhibit spaces and meeting rooms available to the public they serve should make such facilities available on an equitable basis, regardless of the beliefs or affiliations of individuals or groups requesting their use.VII. All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.
The LBR is consistent with FSF’s principles so this is a naturally fitting solution. The Universal Declaration of Human Rights is also noteworthy. Even if the FSD is technically not a public service, the public uses it and FSF is an IRS-qualified 501(c)(3) public charity, making it public enough to observe these UDHR clauses:
art.21 ¶2. Everyone has the right of equal access to public service in his country.art.27 ¶1. Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.
These fundamental egalitarian principles & rights are a minimum low bar to set that cannot be construed as “unreasonable” or “purist” or “extremist”.
Those might look like freedom pitfalls but are actually not. On the one hand gitlab dot com is not really bad for freedom as it has at least an open core and is very freedom friendly. Gitlab can be easily circumvented by using got client directly. Maybe a tag could be helpful here.
Any way, just clearing cookies after closing the session is very enough for github.
Cloudflare? Why are you even mentioning this? This is part of projects infrastructure. We need to draw a line somewhere. For example would you visit a website if it was hosted on Windows server? If they use ESXi? Or if user account are managed with Active Directory or firebase?
Sure you are free to be as eclectic as you want, but at the end, those are very minor issues that do not dent FSF credibility. Remember it stand for Free software first.
Edit: typos
For example would you visit a website if it was hosted on Windows server? If they use ESXi? Or if user account are managed with Active Directory or firebase?
No, and I visit cloudfare websites too.
But I still agree with everything OP says. Like the warnings in the F-Droid android app store informing users that an app promotes non-free services, but it doesn’t stop me, or anyone else, from installing them. I simply think people should be informed that services are less free than they can be, and made aware of the many risks that come with non-free services. It’s an idealist stance, a goal to push our reality towards, rather than a way of life for most (those who treat it like a way of life are very, very rare).
But this is a false analogy anyways. Windows servers aren’t banning users behind tor, or cgnat for no apparent reason like cloudfare is. I think we should discourage the use of nonfree services, but it’s not a yes/no binary. Certain things are more free than others, and we should encourage people to choose the freer option. Cloudfare tunneling a linux service is more free than hosting your website using vendor locked cloud tech (AWS s3, lambda, dns, etc). Hosting your won website on an windows server is still not free, but arguably more free than vendor locked cloud stuff. Linux deployments using only FOSS is arguably the most free software you can get, but you still have to deal with nonfree hardware and drivers.
I still use GitHub. But I hate that it has no ipv6 connectivity, meaning that those who don’t have ipv4 are excluded, and it’s absolutely unacceptable for a tech company of all things, to not keep up to date. The moment federation gets added to forgejo or another one of the self hostable git forges, I will switch (but probably mirror stuff for recruiter purposes), since that’s more inclusive than github, but right now, they are not more inclusive than github because instances are small and do not interoperate.
Those mught look like freedom pitfalls but are actually not. On the one hand gitlab dot com is not reaaly bad for freedom as it has at least an open core and is very freedom friendly.
You’re conflating a specific instance (the flagship one) with the software it uses, and also neglecting that it runs a non-free enterprise-licensed package, not free s/w. SaaS ≠ software. This particular instance scores poorly by FSF’s own freedom criteria.
There are FOSS-based Gitlab community repos which have no notable freedom issues, but these are not what my comment refers to. The Gitlab CE instances would not need an anti-feature tag. But Gitlab dot com does.
Cloudflare? Why are you even mentioning this?
Restricted-access docs exclude people and also violates the Free Documentation License.
Remember it stand for Free software first.
Software as a service was rightfully cautioned by RMS himself and it is well inside the purview of FSF which has published various essays on the topic.
Going way overboard to the point of being pure is one of the biggest issues the FSF has in terms of relevance and your suggesting they go further down the rabbit hole. It is better to direct people to good FOSS they can and will use then some imagined pure breed that no one will ever use. It is better to have a big tent then a miniscule one too.
Do I like github. Not really. For that matter do I like git… No. Biggest issue with github is that it mixes FOSS and non-FOSS and even worse not all projects have clear licensing.
As far as Cloudflair… they are a CDN. relax. Nothing is locked there. Nothing is locked to source hosting either. Just pull the source.
As far as Cloudflair… they are a CDN. relax. Nothing is locked there
Nonsense. Cloudflare (a proxy not a CDN) is exclusive. People like myself are in the excluded group. If Cloudflare gives you no problems personally, then you are in the included group. It’s designed so those excluded are invisible to the included group. You can only see the barriers to entry if you are actually excluded.
Please tell me how and why you are excluded. Curios I am.
First of all Cloudflare does not disclose to excluded communities why they are excluded. This non-transparency keeps the marginalized in the dark about both the technical criteria for exclusion and also the business reason for exclusion.
Why I personally have been excluded is irrelevant trivia. The full extent of CF’s exclusion is unknown but it’s evident that at a minimum these groups of people are excluded:
- public libraries
- Tor users
- VPN users
- CGNAT users (often poor people in impoverished regions whose ISPs have fewer IPv4 addresses to allocate than the number of users)
- people who use scripts to access web resources (and interactive users who merely appear to be bots by using non-graphical FOSS tools, blind people IIRC as they are not loading images)
- all people with a moral objection to exposing ~20—30% of their web traffic (metadata & payloads both) to one single centralized tech giant in a country without privacy safeguards.
I personally experience exclusion by all of the above except CGNAT.
Sounds to me like this is the kind of abuse blocking any site would use not just cloudflair. Do you have any evidence that Cloudflair is unique in any way in this?
I mention this because I am not sure not using Cloudflair would change much. You would have to use another CDN or build your own solution. Abuse is a real thing and is the reason we cannot have nice things.
Edit: By the way, I am sorry you have had issues. I am just not sure what the solution is and am skeptical that this is a Cloudflair only issue.
Sounds to me like this is the kind of abuse blocking any site would use not just cloudflair. Do you have any evidence that Cloudflair is unique in any way in this?
That’s not a meaningful comparison. Blocking sites do indeed block differently in various different circumstances & discriminate against different groups of people. There are patterns (like Tor blocking) but the meaningful comparison is CF to inclusive sites. E.g. gnucash.org. Gnucash demonstrates how a website can be deployed in an inclusive manner that respects user’s rights.
Cloudflare is unique in how it deceives its users (e.g. tells its users they have a “zero trust” model when in fact you must trust CF with visibility on all traffic payloads). CF holds the SSL keys, unlike other implementations. The recommendation to anti-feature tag CF sites would cover the vast majority of exclusive access-restricted projects. But if a link leads to a rare Siteground site, that should also get an anti-feature tag for being exclusive.
I mention this because I am not sure not using Cloudflair would change much.
Of course it would. Cloudflare brings in a long list of problems. Not using CF (like gnucash.org does) solves all those problems of exclusivity and privacy.
You would have to use another CDN or build your own solution. Abuse is a real thing and is the reason we cannot have nice things.
The Gnucash project disproves this. Furthermore, a CF link can often be replaced with an archive.org link.
and interactive users who merely •appear• to be bots by using non-graphical FOSS tools, blind people IIRC as they are not loading images
I’m gonna need you to explain that one super chief. Do you seriously believe blind people browse the web through a terminal using Lynx or something?
I just encountered a website that uses
alt=""on buttons. That means the text description of the button is unreadable in GUI browsers. Mouseovers were coded so you can only get the description in GUI browsers like Firefox by hovering the mouse over the icon. Lynx renders the mouseover text in place of the button. So a screen reader would work on Lynx but not on Firefox for that website.
To be fair, if the free software “hardliners” like the FSF soften their stance, then that “hardline” just shifts. If nobody maintains that stance the strongest libre software principles will become weaker, if that makes sense.
The FSF is very useful for preventing that, even if they’re not quite as big as softer movements like “Open Source”
Agree and why I am a member. About orgs someone said if you believe in 50% of what they do you should support them and if you believe in 90% of their work then you should be on the board. I think this was about the ACLU but it applies similarly to the FSF, EFF, and others.
The thing about any org… you cannot boil the ocean. You have to choose your battles. Trying to do everything means you do nothing. I think the FSF needs to think carefully about that. Yes stick with core principles but act wisely and effectively as well.
Going way overboard to the point of being pure is one of the biggest issues the FSF has in terms of relevance and your suggesting they go further down the rabbit hole.
Framing inclusion of all people as a “purist” agenda is a bit rich. The Universal Declaration of Human Rights doesn’t say it’s okay to deny equal access to some people. for example. And we don’t call the UDHR “purist” or extremist for being all inclusive. Being inclusive is where the bar should be set. It’s achievable and there are some projects that prove that.
It is better to direct people to good FOSS they can and will use then some imagined pure breed that no one will ever use.
You’re not grounded in reality. Tagging anti-features does not lead to “some imagined pure breed that no one will ever use.” Nor would anyone avoid listings which have no anti-feature tags. It’s the contrary. Projects that lack anti-features are superficially attractive.
Biggest issue with github is that it mixes FOSS and non-FOSS and even worse not all projects have clear licensing.
That is not the biggest issue with Github. Github is exclusive, feeds copilot, feeds a company that’s antithetical to the FSF mission, among other issues that were listed in the OP.
So you’re suggesting they remove or tag 99% of projects from the directory because you don’t like where they put their source code? Seriously?
If you really don’t like it, use the git command line to access it… It’s just the server where the code is hosted…
And no, you don’t need an access token to clone a repo.
Yes these sites are bad, no it doesn’t warrant tarring the projects hosted on them.
Personally I would have some sort of notice regarding these on affected projects, but I don’t think it’s enough to warrant slapping an anti-feature flag on them just because of the author’s choice of code respoitory hosting provider or CDN.
Of course the most productive comment is the least upvoted one. EDIT: After thinking about it, maybe it’s best to add an explanation to bare links.
Posting a top-level comment to also point out that the info you linked about Cloudflare includes a conspiracy theory that it is an NSA honeypot. Doesn’t exactly seem like a reliable source to use for the claims you’re making.
Bruce Schneiere has frequently covered data sharing between US tech giants and intelligence agencies in his blog. It’s widely accepted. To call that a “conspiracy theory” is severely out of touch, post-Snowden revelations. At best, it’s only true as a technicality (that is, the US does not admit that the Snowden leaks are real so the official narrative still differs). It’s naïve to accept the official narrative and ignore Snowden’s leaks. Bruce Schneiere concurs with Snowden’s revelations & often acknowledges in his blog that that info sharing is going on.
That said, I do not see your specific claim about the NSA in the document that I linked, which is well cited. Which paragraph number are you referring to?
There’s a big difference between them sharing data with the NSA when required, and them being and NSA honeypot. Look through the repository you linked, it’s in there. Not my job to do critical thinking for you.
Indeed there is a big difference between warranted sharing and unwarranted sharing. The Snowden leaks are not about warranted sharing. There is no controversy over warranted sharing. You only muddy the waters to bring that up. It’s wholly irrelevant unless you are still actually claiming that the only sharing going on is warranted, which again is severely out of touch. You’ve not been paying attention to the Schneiere blogs. You should read them before discussing this topic. There are dozens of ways the unwarranted sharing occurs between intel agencies and tech giants, from simply buying the data commercially to backroom deals to inteligence insiders to outright malicious hacking exfiltration (which sometimes includes paying or pursuading the tech giant to simply neglect to fix a bug that the exfiltration relies on) to intelligence agencies handing a box over to the tech giant saying “here, just plug this box in on your LAN and pretend it’s not there - ask no questions”. All of those methods have been detected and exposed. It’s all there; inform yourself; I’m not going to do your homework for you. The HOW is irrelevant to the mere point that the data sharing happens without a warrant.
Look through the repository you linked, it’s in there.
I cited a specific article, not a repository.
