Thursday, June 19, 2008

About freedom and privacy in the cloud

I wrote about Clipperz in the past on this blog. It is a company built by two very smart guys, Marco and Giulio Cesare (yep, you might guess their native country...), with whom I spent some quality time in the last year. They have a very simple idea called zero-knowledge.

In a world that goes more and more towards Software as a Service, the issue we are facing is that we are storing a lot of our personal data in servers around the world, owned by people we do not know - and we should not trust. Imagine how much data the Internet has about you, what you like (Google), what you buy (Amazon), whom you like (Facebook), your pictures (Flickr) and so on.

Zero-knowledge means storing the data in their servers but making sure they can't read it... It is your data, only you should be able to read it. As simple as that.

Their first product is a password manager. You actually store your passwords in the Clipperz server, but they can't read it because it is encrypted on your browser and can't be read by anyone else. They store ALL your passwords for all your sites, so you can login in every site with just one click.

Now Marco has posted a call for action about freedom and privacy in the cloud:
This is a post about freedom. The freedom to keep your data for yourself and the freedom to run free software. You should be able to reclaim and enjoy these freedoms also when using web applications.

If you are a supporter of the free software movement, you can easily opt for Gimp instead of Photoshop, or Firefox instead of Internet Explorer. You can also protect the privacy of your data by using the many encryption tools that are available (GPG, TrueCrypt, …). But when it comes to web applications things get complicated.

The benefits of web apps (ubiquitous access, seamless upgrades, reliable storage, …) are many, but quite often users lose their freedom to study, modify and discuss the source code that powers those web apps.

Furthermore, we are forced to trust web applications provider with our data (bookmarks, text documents, chat transcripts, financial info, … and now health records) that no longer resides on our hard disks, but are stored somewhere “in the cloud”.

It’s not a nice situation when you have to chose between convenience and freedom.

Let me be clear: web apps are great and I’m in love with them. But I think it’s time to ask for more freedom and more privacy. Here is a three step plan to achieve both these results.
His suggestions:
1. Choose AGPL
2. Add zero-knowledge sauce
3. Build a smarter browser
I vote for Marco... And he now has RMS on his side, which makes the story a lot more interesting. Let's see if we can push this freedom further. I am now working at a zero-knowledge Funambol, working with the Clipperz guys. Stay tuned...