Introduction
The free software community tends to view the increasing prevalence of web-based applications as a good opportunity to boost free software adoption by making proprietary software champions such as Microsoft or Apple lose relevance and foster a spirit of collaboration among users that is very close to its own ideals. I believe, however, that this switch towards web applications, on its current form, actually represents an important threat to software users' freedoms.
The rise of web applications
By «web-based applications» I'm referring to the software architecture where an application is stored in a web server along with most or all of its users' data. As more and more applications are designed in this manner, the web environment becomes the "operating system", the foundation that provides the abstractions on which the software relies for its execution. This "web environment" comprehends the whole set of languages and formats governing the web, both client-side, with standards such as CSS or JS, as well as server-side, with languages such as PHP, ASP, Perl, Ruby, etc.. Thanks to the client-side part of things, the operating system running users' desktops becomes irrelevant.
At its beginning, the programming logic was executed almost entirely in the server and the available set of widgets that applications could use was very limited. This made it a poor alternative for highly interactive applications or those with sophisticated user interfaces, for which regular client/server applications, with components running directly in the desktop, used to be a better alternative.
Recent improvements in the implementations of scripting languages in popular web browsers have made it viable for web applications to run relatively complex programming logic directly in users' desktops. This can make web applications highly responsive and usable. Although a few incompatibilities between web browsers remain, the web has become a very popular paradigm for software development for many different kinds of applications. The old DHTML vision is finally being realized, except it's now called AJAX. The web is no longer a collection of static documents but a universally accessible set of intelligent applications for producing and consuming information.
People are beginning to give up local applications for web-based alternatives. Indeed, a lot of software companies are moving in this direction. Examples of popular and/or complex web applications abound: Google Maps, Google Docs & Spreadsheets, YouTube, Flickr, del.icio.us, Blogger, Last.fm, and any web-mail application. Some have gone further to write entire "shells" as web-based software, which are usually called «webtops». Again, examples abound.
The interregnum between the end of the PC era and the rise of the online world has concluded, all thanks to web-based applications.
Optimism about the web
It is natural to feel optimistic about the rise of the web as the dominant platform for application development.
Helping organizations migrate to GNU/Linux is part of my work in Novell. For desktop migrations, one of the first steps is figuring out how specific desktop applications required by the organization can be executed in GNU/Linux. Use of web applications obviously simplifies this process (as long as they don't require specific proprietary extensions only available in Internet Explorer). For regular applications you either figure out how to run it under GNU/Linux (getting a GNU/Linux version from its vendor or using some form of emulation) or find an alternative application, both potentially complex processes. The very nature of the web has forced multiple parties to agree on protocols whose "openness" has helped break the dependency of developers on specific operating systems and vendors; its increasing popularity makes switching to GNU/Linux desktop, for home users as well as for organizations, easier.
Moreover, most of the internet infrastructure has been developed as free software: Bind, Apache, Perl, PHP and several other free programs are at the heart of what we call "the web". The only set of proprietary programs that are still very relevant to the web, web browsers, are no longer in the dominant position they were, as Firefox and other free software browsers are gaining marketshare.
The "internet revolution" or "digital revolution" is, of course, a very good thing. It promotes very interesting forms of social organization and information creation. If I had to choose one word to describe it, I would pick collaboration. Sharing and democracy also come to mind. Users are becoming active producers instead of passive consumers, all of this at the core of the Web 2.0 movement. This revolution is very much in line with the most basic beliefs of the free software community. The possibilities are very exciting.
All these factors may explain why there seems to be a widespread mentality today where using a free web browser on a free operating system to connect to a remote website, even one controlled by a third party using proprietary software, is acceptable, far better than using locally installed (or regular client/server) proprietary software.
Web users lose control of their data
Free software advocates need to realize that in using a free software browser running on a free software operating system to connect to a remote web server that runs a proprietary application and stores the users' data, they are giving up their freedoms just as well as if they ran locally installed proprietary software.
The current ads-based economy surrounding the web offers little incentives for developers to release their applications as free software and allow others to host them on their own servers. Most developers prefer to provide bandwidth and storage space and allow internet inhabitants to use their applications free of charge, selling advertising space to networks such as Yahoo!'s or Google's. This is the case of virtually all popular web-based applications: if you make a list of the most visited websites, you'll find that very few are based on free software (I can only think of Wikipedia and Slashdot). Most are not even using proprietary software but private software (eg. software that never gets distributed at all). The fact that most of them were developed using free software (and some have even released free software), while a triumph of free software development tools, is not relevant as far as end users' liberties are concerned.
Users of locally installed proprietary applications can use external tools such as debuggers, sniffers or firewalls to observe and somewhat control their behavior. For example, users can make it impossible for applications to establish network connections and rest assured that their data will remain private. Although this isn't easy, users can also modify the machine code for a program to alter its behavior. And even if the vendor revokes the users' licenses or makes the program stop working after a certain date, users will still have their files and they can, at least in theory, reverse engineer their file formats and extract information from them. This situation is far from ideal because of the inherent complexity of the processes involved.
With the web (as well as with certain DRM schemas, but that's a topic for another time), on the other hand, these processes aren't just complex and expensive, they become impossible to perform. A web provider can shutdown its server, taking away all the users' data, at any time. Or it can just release users' private data to the public at large, regardless of its privacy policies or end user agreements.
Furthermore, free software developers are fighting an uphill battle against networks such as Yahoo!, Google and Microsoft, that provide a wide array of integrated services. It suffices with having a Google account and you'll already be able to use all Google services. Use Gmail and you'll be just one click away from being on Gtalk. Heck, even use just Google Search and have all their services advertised in a privileged position. While parts of this integration may benefit some users, it obviously excludes free software developers (actually all developers other than the big players). This is a worrying form of vendor lock-in.
Another big disadvantage that free software web applications have right now against proprietary applications is that potential users require a web server to run them on. It is much easier and convenient for most internet users to just use advertising-supported installations of applications, controled by third parties, instead of running a server of their own.
Avoiding the problem
So what's a free software advocate to do?
It should be said that I'm moderately optimistic about the current status of things. Regardless of the problem mentioned in this post, the free software community is thriving as it never had. I'm inclined to believe that for most types of web-applications this problem will come to pass.
Nevertheless, this is currently an important problem. Even I, who believe very strongly in the importance of using free software, am a very active Flickr, last.fm, Google and del.icio.us user. There is no denying that there are very few high-quality web-based applications that can complete with the top-notch websites. And even if high-quality web-based applications were available, we'd still have the aforementioned problems of vendor lock-in and requiring users to operate their own servers.
It should be noted that the problem goes beyond using free instead of private or propietary web applications. The two following conditions should hold in order for a user to retain control of his own data:
- A web application should allow the user to export all his data as a downloadable file. Of course, this only matters when the user is not the same as the administrator of the server the application runs on (since, if the user is the administrator, he should be able to export all the application's data). If you use a web application hosted by a third party, —regardless of whether it is free software, proprietary or private—, you will depend on said third party to keep your data available. They should allow you to make periodic backups of your data. One way to achieve this is having a stable and documented API that users can use to download their data.
- The web application should be free software or, at least, free software alternatives capable of reading the exported data should exist. Even if it is in a semantically-rich self-describing format, the downloadable file with all the user's data will only be useful, well, to the extent to which he can, eh, use it. If you use a web application hosted by a third party, exporting its data periodically, and its provider terminates its service, you'll want to continue having the functionality it offered.
First and foremost, it is important for users to realize the problem of using websites that don't let them control their own information (either because they use proprietary software or because they are controlled by third parties and don't let them, the users, download their information). While the spirit of many Web 2.0 services may be similar to that of the free software community, in most cases users are giving up their rights and giving administrators more power than they deserve. Users should have total control of the software running these websites, specially when their success comes directly from the content the users produce.
Free software web-based applications
I'm calling for free software developers to help us produce high quality web-based applications. Embrace AJAX and user-driven websites. Help us make using free software a viable alternative for building and sharing information online.
Users of free software applications will have to install them on their own servers. In the ideal world, all internet users would have their own server with its own fixed address. We are still far from that ideal. I'd blame the shortage of IPv4 addresses, the artificial distinction between a server and a desktop and the current complexity associated with hosting web applications, but that, again, is a topic from another time. But we're close enough: lots of internet users are friends with at least someone who can run applications on a web server he controls. And things are definitely improving, soon everyone will own a server or two. So, in the meantime, design your web applications to encourage administrators to allow their own installations to be used by their friends. And, of course, let the users download all their data so they can migrate to other installations of the application.
Help design server applications that anyone can install. Modifying configuration files, running Unix commands and restarting daemons is way overkill. The ideal would be a single web server that the user downloads and configures through a web interface. The configuration should be as simple as entering a login, password and the location of public directories. This should take care of setting up DNS, perhaps using a third-party dynamic-DNS service or registering a domain name on the user's behalf (which, of course, would require a credit card to be entered). And then, it should be possible for the user to install third-party free-software web applications on this server with a single click. There is no reason why anyone capable of creating an account at MySpace shouldn't also be capable of turning his desktop into a web server running server-side applications.
Use OpenID. And make your applications scale by using the pre-rendered model. Oh, and consider the AGPL license. Once you've made your high quality free software application, what's to stop someone from making their own version, adding significant functionality, and then hosting it, supported by advertising, for end users, without releasing their sources? We would be back to square 1.
Since free software applications will be installed in servers controlled by totally unrelated people, instead of a single database on a single server, the application's data, as a whole, will be distributed across a wide array of servers. Design XML-based web-services to synchronize data across multiple instances. For example, for a free software alternative to del.icio.us or Flickr, make it possible for a user to add as a contact a user that "lives" elsewhere and allow them to exchange bookmarks or pictures regardless. The result will be similar to P2P networks, but a in this case a peer would be a permanently-reachable server, storing the data of its owner and some of his friends. I think this would work out very well.
There are, however, some types of applications for which the free software community may have a very hard time competing with proprietary developers. I'm talking about those solving problems that require centralized databases and resources and for which distributed networks won't work, such as searching. I must say that I don't know what to do about those; we may have to continue to use those proprietary applications indefinitely. And I must also admit that I don't know what to do about the new form of vendor lock-in.
Thanks
In closing, I'd like to thank Sergio Garcia, Jorge Arias, Nelson Castillo, Daniel Coletti, Alexandre Oliva and Javier Moreno for their insightful comments that led to this document.
Update, 2006-01-11: I've made some changes suggested by Alexandre Oliva, mainly to point out the importance of being able to export users' data from web applications and that the problem goes beyond using proprietary and private applications.
Discussion (7)Last update: 2007-04-01 (Rev 10984)