Oct. 27, 2016
Technology has impacted everything from how we understand and interact with the world around us to how we manage our own personal data. For years, we stored our family photos in shoeboxes. We kept our phone numbers in black books and rolodexes. Then as technology advanced, we stored these important items on computers, then floppy disks, then CDs. Finally, we just put it in “the cloud.”
When the “cloud” was introduced to store that data, it seemed to solve a multitude of problems—it took up less space, could be accessed anywhere, and would be safe from unforeseen disasters like fire, flooding, or robberies. This ease and seeming security of centralized solutions are often too good to resist, but we very rarely stop to ask if it was the best solution. Maybe we should.
Frequently, we focus on the “open source” side of “open technology,” meaning the software from which the technology is made is licensed openly. But open technology is not limited to software. It applies to where emails live; who owns your personal data; where that data is hosted; how it’s secured; how much control and authority you have over managing your data; and your relationship with the technology. All of these raise questions, and if we don’t even consider what we should be asking, we will never get the answers we need.
We asked our technologists—Chris Ritzo, Steph Alarcon, Georgia Bullen, Fernanda Lavalle, and Nat Meysenburg—at the Open Technology Institute to take a step back and ask the questions for us:
What are the benefits to using open technology versus using a centralized or owned service?
Chris: Deciding to go with a form of open technology allows you to create a system that addresses your needs exactly without having to pick and choose from software or services that fill general needs. You could also save money that would otherwise be spent on software, hosting and support, if you have the people and resources to configure and use open technology.
Here’s a scenario: you volunteer at a local community radio station, and they want to record live broadcasts and make them available on their website afterward, or stream live shows on the internet. You could purchase the software, hosting, and support from a company to do this. There is also open source software to meet this need. You could download, install, and run the open technology yourself; you could get help from someone else to do that work; and, in some cases, you could purchase support and hosting for the open source products that do this over the closed source/proprietary options. Depending on your needs and the expertise you have to “do it yourself,” you can support open tech options and get a solution that you could continue to use, customized, and improve. Given enough skill, time and expertise, you could contribute your customizations and improvements back to the open source project.
Steph: [Open technology] ensures that in the end, you own and control your data, memories, and more. Why would this level of control even be an issue when I have easy access to my stuff online? Well, one reason is that you can’t always trust that your photos, data, and other files will be kept safe, secure, and truly private. There are lots of examples in recent news where a company providing a free service like email, photo sharing, etc. has had a data breach, and emails all of their users about changing passwords, going through a security check up, etc. What happens when you lose access to your email account or your online photos because of an event like that? Will the company care that you’re now missing all the pictures you had stored on their service? Probably not. You likely won’t have much recourse. If you’re hosting these services yourself using open source software, you at least have the data on your own server, and you can take all the steps you need to assure it’s backed up, secure and only available to those who you want to have access to it.
Nat: In addition to the points Chris and Steph make, I also see an inherent value in not having software monocultures. By using centralized services, we are entrusting those providers to also be the only innovators in that space. If no one but a few large companies, like Apple or Google, run email servers, by default, no one but those companies will figure out how to make email better. If no one but Slack does chat, we will entrust innovation of that to them, by default.
Additionally, that kind of monoculture leads us to thinking of an internet service (and computers in general) as an appliance with a single purpose, rather than a toolbox with which you can build many things.
I’m not saying that everyone should write their own mail server software. However, I worry about the fact that large, well-resourced institutions like universities are losing institutional knowledge about things like email.
Doesn’t choosing something that does not have the resources of a company mean there is more upkeep and possibly more bugs? Why would someone choose to self-host services?
Georgia: Yes and no—like many things in life, it’s more complicated than that!
When you host things, like email, yourself, you control everything about it, and you decide when to accept updates to the tools that you are using. “Bugs” aren’t going to happen as a result of just choosing to self-host, but rather by automatically accepting updates or changes that haven’t been reviewed. It’s just like the “early adoption” problem on any new technology: sometimes there hasn’t been enough testing in the real world. If you run your own services, you can decide when something is ready for primetime and upgrade.
Steph: For the independence from a company's interests—you don’t have to worry about what the terms of service say or how they change, because you own your data. For example, if you want to use encryption, you can use encryption.
Georgia: But you are responsible for keeping the services up and secure. You can use open cloud services to help here, such as MayFirst and Linode, but ultimately it’s still you who are responsible for keeping those servers secure and working.
Nat: [Not every self hosted solution means that it is buggy or requires more upkeep than a centralized solution.] It is complicated in that it varies by service. There are dozens of implementations of email servers, some better than others. However, there are several that are mature, and, while there is no such thing as bug free software, the number of critical bugs may actually be quite low.
Company interest? Own your data? What do you mean?
Georgia: Take a look at most of the terms of service for photo sharing platforms like Facebook or Instagram. Most of them actually say that, by uploading your photos to them, the company is allowed to use them, unless you have your settings in a specific configuration that keeps your ownership of the photos. It’s the classic issue where you have to ask—if this service is free, what is the actual cost? Frequently, the service is selling is your data to third parties, e.g. your photos, information about you, etc.
Nat: As Al Jazeera pointed out, there are today questions, as in “what is happening with my data now?” And tomorrow questions, as in “what will happen with my data 10 years from now?” This is a really important distinction to me. I may be okay with the way services are using my data now. However, as market forces and tastes change, what happens when a large company that has been gathering data for years goes under? If you had asked someone 15 years ago if Yahoo! would go belly up, it may have seemed ridiculous. My worry is that, on the way down, some of these companies will do anything they can to extract resources from the data mine, and some have even been forced to do so.
Knowing the security concerns or ownership concerns you’ve stated, why would you choose to go with a centralized or owned service?
Chris: Many people choose to use free, centralized cloud services provided by large companies for the simple ease of use and convenience they provide. Broad adoption of services like Gmail or Google Drive are also a factor—if I can easily connect and share with friends and family using the same services, that convenience and broad adoption by others can outweigh the tradeoffs of potential security and ownership concerns. I could host a mail or file server on my own, and be the person responsible for maintaining and securing those services, or I could use a major company’s free (or paid) services. Additionally, many would argue that, the larger a company, the more likely they are to provide a more secure service than I could provide running my own server.
Fernanda: Typically, there is an ease of use and lower labor cost that make centralized solutions attractive. There's also a perceived infinite labor cost to the alternative because many people don't feel knowledgeable enough to use an open source solution.
There are counterexamples, like Firefox, which is developed through an open source community, including Mozilla as a company. It is equally easy to use and requires no more labor or cost, but offers fewer services and tools than the range of integrated services that "centralized" providers offer.
Nat: Running my own server instead of using cloud-provided services means I’m also responsible for maintaining and supporting the server, keeping it updated with security patches, monitoring it for potential attack, and also supporting anyone who might be using the services running on it.
Since there is a significant amount of time that I, or anyone, might need to spend staying on top of this stuff, as well as the time it takes to support other folks, it can be worth it to make the decision to use a cloud service. If I’m using a cloud service from a large company, I have access to all their documentation for supporting people using the service, and someone else is responsible for maintaining the servers and services. Sometimes that is simply a better use of my time, despite the fact that I would generally prefer to have control over the services I depend on.
But not if you haven’t first asked yourself whether it’s better and why.