![[RSS]](/static/img/feed-icon-14x14.2168a573d0d4.png)
Conservancy Blog
Displaying posts by Bradley M. Kuhn and Karen M. Sandler
Everyone is asking the wrong questions about TikTok
by on January 18, 2025
As we write this, everyone is wondering what will happen with TikTok in the next 48 hours. Social media as a phenomenon was designed to manufacture drama to sell advertising, and in this moment, the meta-drama is bigger than the in-App drama.
The danger of pervasive software is clear: powerful entities — be they governments or for-profit corporations — should not control the online narrative and remain unregulated in their use of personal data generated by these systems. However, the approach taken by Congress and upheld by SCOTUS remains fundamentally flawed. When there is power imbalance between a software systems' users and its owners, the answer is never “pick a different owner”.
Whoever owns ByteDance, the fundamental problem remains the same: users never really know what data is collected about them, and they don't know how the software manipulates that data when deciding what they are shown next. The problem can only be solved if users can learn, verify, and understand how that software works.
TikTok is a software system — implemented in two parts: somewhere, there is a server (or, likely, a group of servers), running the software that gathers and aggregates posts, and then there is the client software — the App — installed on users' devices. In both cases, ByteDance likely owns and controls both pieces of technology and is the only entity with access to the “source code” — the human readable software that can be studied and understood by human beings. When users download the TikTok App, they don't get that source code for the App, and certainly get no information about the software running on the servers.
If the USA operations of TikTok are sold to another entity, quite likely the software itself will remain in control of ByteDance. While the wording in the Act is expansive about the required divestment, it's likely the new USA owners wouldn't themselves receive the right to review or modify the source code — they could just receive a binary (non-source form) of that software. In that case, no one in the USA will have permission to review and verify that software behaves in a way that is in the interest of its USA users. The Act is vague on these details. Will complete, corresponding source code ultimately be considered part of “a qualified divestiture”? The Act simply leaves "an interagency process", with no guidance (to our knowledge) on the issue of server or App source code. (We have seen similar failures where government agencies with a duty to examine software found in medical devices do not actually even have access to the source code.)
The root problem is that the act doesn't require an action that would truly resolve the biggest threat to TikTok users in the USA. Users (and our government) should instead insist that, to operate in the USA, that ByteDance respect the software rights and freedoms of their users by releasing both the server and App components of the software under a “free and open source” (FOSS) license. FOSS respects the software rights of all by allowing everyone to review, modify, improve, and reinstall their own versions of the software. By technical necessity, this means that everyone could understand the communication protocol between the App and the servers. Users (or third-party App makers) could, for example, modify the App to no longer send users down the rabbit hole of toxic recommended posts, or refuse to transmit user usage data back to the servers in China. FOSS is the best method we have to democratize technology and its algorithms.
Industry will, of course, ask how could a new company, build around a purely FOSS platform, ever generate the revenue necessary to run the network of servers and implement needed improvements to the App? The answer to that is, in fact, part of the beauty to this solution. The primary reasons that sites like TikTok are so toxic is inherent in their business model: privacy-unfriendly data gathering to sell targeted advertising. Indeed, these issues are raised as serious concerns by individuals from all over the political spectrum and they are the primary reason the initial bill passed the House so easily. If we demanded a FOSS and transparent business model, TikTok would have little choice but to move to subscription-based revenue instead of advertising.
As we continue on the dystopian path where most of our technological solutions are funded primarily by advertising and massive, privacy-invading data collection, we must decide if the price that we pay for this technology is just too high. From our perspective, $14.99/month (plus full transparency and software rights) looks a lot better than $0 (plus no privacy and a daily dose of advertisements and occasional CCP propaganda). As the saying goes, if you don't pay for the product, you are the product.
Furthermore, a mandated FOSS release more directly exposes the true problem that the mandated sale tried to solve. We are not politically naïve; we know ByteDance would resist releasing TikTok (server and App) as FOSS just as much as they resisted the mandated sale. But the real problem we have is that we simply don't know if the Chinese government has undue influence over TikTok or not. We have that problem primarily because we cannot examine their opaque technology. Transparent technology leads the only way to the truth in our software-controlled world.
On Non-Fungible Tokens, Faces of Our Leadership, and Supporting Artists
by on December 23, 2021
We were certainly surprised this week to be told that we (Karen and Bradley) were “for sale” at approximately US$200 each. It's not us personally that's for sale, of course. Rather, the sale is for financial derivative products that are based on digital images of us. Because of the connection to these financial derivative products (called NFT) to our work on ethical technology and FOSS generally, we share herein our analysis of the situation. And, in the unlikely event you were thinking about buying one of these risky financial derivatives — we give our recommendation for an alternative way that you fund both Software Freedom Conservancy and the artist who took the photographs in question while avoiding derivative products entirely.
Basic Backstory
Photo © 2017 by Peter Adams, licensed CC BY-SA
On 2017-03-04, we (Karen and Bradley) sat for a photo shoot with a photographer named Peter Adams, who later released one photo from each of our shoots as part of a larger work called “Faces of Open Source”. We were surprised to learn that we were the only FOSS leaders (among those who had been photographed at that point) to raise the question of FOSS licensing for the photographs themselves. Sadly, Adams was not interested in licensing the series under a Free license. We nearly declined to continue with the photo shoot, but Karen had a compromise idea: if Adams agreed to license one good photo of each of us back to us under CC-BY-SA, we would agree to sit for the photo shoot. We both agreed to sign a release of copyright claims. Rarely do subjects/models hold copyrights anyway on photos (unless it's a selfie), so we determined, especially given that we were in town for the Southern California Linux Expo, this photo shoot was not much different (ethically and morally speaking) than walking around the conference and being photographed candidly, in which case we'd also not hold copyright. We did not relinquish any other of our rights and permissions, but we did agree that our photos could be part of the “Faces of Open Source” art project. We were really happy with the photos, and were glad we had CC-BY-SA photos to use. We appreciated that Adams took the time to prepare them for us.
Non-Fungible Tokens (NFTs)
There has of course been much discussion about NFTs and how they operate on a blockchain. We suspect most of our readers already know the technical details of how NFTs work. What we'd like to focus on is the high level description and how it relates to works of authorship and FOSS licenses.
First and foremost, note that, to our knowledge and understanding, sale of an NFT is generally unrelated to the copyright questions of the image. The NFT is (roughly) a cyptographically-signed checksum of the image. “Owning an NFT” simply indicates that — on some blockchain somewhere — a group of people who participate in that blockchain have cryptographically verified that the particular checksum is associated with you. NFT hawks liken this to “owning” the underlying work, but this is not true. Consider it this way: the “underlying holding” is the photograph itself, which has a financial value based on (a) the fame of the subject, and (b) the artistic ability of the photographer to get a good/intriguing photo of that subject. The NFT, by contrast, isn't the photo, it's “bragging rights” of having others identify that you paid some amount money for the blockchain participants to assent to your “ownership” of a checksum of that photo. The NFT's value, thus, may move in the same direction of the value of the copyright of the photo (or, say, a physical print of that photo), or it may not; there is no way to know. Moreover, we suspect, given the novelty of NFTs, that financial experts don't even yet have reliable equations to understand how NFTs financially relate to their underlyings (as exist for other financial derivatives like futures contracts and stock options). While many people investing in NFTs understand their nature and understand what they are spending money on, we also think there's a predatory component of this industry that exploits people who don't have a good understanding of how NFTs work. We fear that many other people spend money on NFTs without really understanding what they are buying.
Photo © 2017 by Peter Adams, licensed CC BY-SA
Meanwhile, one need not have a copyright holdership or even a license to create an NFT of any given image. We could sell NFTs of the same images if we wanted to, even though we don't hold the copyright. We could sell NFTs of the extremely similar color images (shown here) that Adams' licensed under CC-BY-SA. But, we aren't going to do any of that. We think selling NFTs of these images is a silly thing to do.
A Few of the Problems with NFTs
NFTs have many problems, and we aren't going to list them all here, as many are outside the scope of ethical technology. However, the most concerning problem is that most NFT blockchains use “proof of work” systems to verify transactions, which costs computing resources (including intensive use of processors, that produces heat, wastes electricity, and risks wearing out the processors more quickly than more traditional uses). While NFTs are not yet widely adopted (and thus the costs in this regard are currently nominal) most researchers believe that long-term and widespread use of “proof of work” is ill-advised (for environmental and other reasons).
For our part, we probably would not have commented publicly on our concerns about these issues. But, Adams made NFTs for specific images of us, and there is mostly nothing we can do about it — other than state our opinion of it. We would be remiss if we didn't point out that other laws besides copyright are involved here. We are left wondering whether use of one's faces to promote NFTs in this manner could be construed as a violation of California's Right to Publicity Law, and standard releases often don't broadly grant any rights to endorse products like NFTs. (In this case, our rights releases were wholly narrowed to the “Content”, which here is the actual photo, and we were the “models”). It's unclear how far a right to publicity would extend as a legal matter, and we have no intent to explore that. We agree with others in the “Faces of Open Source” series that Adams made a mistake (ethically and morally) by not asking the subjects to agree to have their names associated with the sale of NFTs (particularly given the serious ethical technology considerations about NFTs).
Getting Artists (and Developers) Paid
One of the mission goals of Software Freedom Conservancy is to fund developers to work on FOSS (related to our member projects and initiatives). We believe strongly that folks who do Free Culture works should, similar to those who do Free Software work, get paid for that work. What's more, even though Adams chose not to make “Faces of Open Source” a Free Culture project (opting instead for a traditional proprietary model), we still think Adams should get some compensation for his work — especially for the two photos he licensed as CC-BY-SA. But we think NFTs is the wrong approach.
We originally proposed selling photos in this blog post as a method to raise funds for Adams' work, but Adams wrote to us and indicated that he had not been experimenting with NFTs as compensation for his past work but rather to both help fund future Faces of Open Source photo shoots and raise money for FOSS organizations like ours. So Adams and we all suggest that if you like FoOS, please donate to our current fundraising campaign and other organizations doing good work in this space.
The Hate-Mail We Expect
We know that many of our Sustainers and fans believe deeply that NFTs and other blockchain-related technologies like cryptocoins are world-changing technologies. We remain neutral on that point; we admit that we simply don't know how important these technologies will be long-term. However, we do encourage everyone to consider the ethical implications of technology like this. Plowing ahead with any technology simply because it's new and exciting often leads to unintended dystopian consequences (such as already occurred advertising-based, algorithm-controlled platforms from MMAGA companies).
Finally, this is of course not a full analysis of all the moral and ethical implications of NFTs. We do think NFTs might have some interesting use-cases, such as academic institutions verifying transcripts and degrees of students to third parties (and Karen loves some of the silliness connected with many NFT offerings). If done fully with FOSS, we don't object to further research and consideration of how NFTs can be used for good purposes. However, we approach with skepticism the notion that financial derivative transactions should receive the primary use-case focus around new technologies, as has happened with NFTs. We should evaluate all new technologies first and foremost with a question of how they can improve the lives of the most disadvantaged and underrepresented individuals.
First Update on the Vizio lawsuit
by on November 30, 2021
Yesterday, we received from Vizio their first official response in our pending litigation against Vizio for their copyleft license violations. So, what was their response?
Did Vizio release the source code — as the GPL and LGPL require — for the modified versions of Linux, alsa-utils, GNU bash, GNU awk, BusyBox, dmesg, findutils, dmsetup, GNU tar, mount and selinux found in their TV’s firmwares? No.
Did Vizio propose a CCS candidate for us to review, provide them with additional feedback, so that we could help them get consumers who bought their TVs the source code they deserve? Nope.
Did Vizio argue that we had erred, and in fact, none of those programs we list above appear in their firmware? Not that either. (Unlikely though — after all, they surely know those programs are in their firmware!)
Instead, Vizio filed a request to “remove” the case from California State Court (into US federal court), which indicates Vizio's belief that consumers have no third-party beneficiary rights under copyleft! In other words, Vizio’s answer to this complaint is not to comply with the copyleft licenses, but instead imply that Software Freedom Conservancy — and all other purchasers of the devices who might want to assert their right under GPL and LGPL to complete, corresponding source — have no right to even ask for that source code.
That’s right: Vizio’s filing implies that only copyright holders, and no one else, have a right to ask for source code under the GPL and LGPL. While we expected Vizio held this position (since they ultimately ignored us during our discussions with them in years past), Vizio has gone a disturbing step further and asked the federal United States District Court for the Central District of California to agree to the idea that not only do you as a consumer have no right to ask for source code, but that Californians have no right to even ask their state courts to consider the question!
Vizio’s strategy is to deny consumers their rights under copyleft licenses, and we intend to fight back.
We believe in complete transparency of the copyleft compliance process, and so encourage everyone to read the filings. We’ve even paid the Pacer fees and used the Recap browser plugin, so that all the documents in the case are freely available via the Recap project archives.
Software Freedom Conservancy’s annual fundraiser is happening right now! Please help us continue our work by becoming a Sustainer. Donate now and have your donation matched by a group of generous individuals who care deeply about software freedom.
Chasing Quick Fixes To Sustainability
by on May 23, 2019
Various companies and trade associations have now launched their own tweak on answers to the question of “FOSS sustainability”. We commented in March on Linux Foundation's Community Bridge, and Bradley's talk at SCALE 2019 focused on this issue (video). Assuring that developers are funded to continue to maintain and improve FOSS is the focus of many organizations in our community, including charities like ourselves, the Free Software Foundation, the GNOME Foundation, Software in the Public Interest, and others.
Today, another for-profit company, GitHub, announced their sponsors program. We're glad that GitHub is taking seriously the issue of assuring that those doing the work in FOSS are financially supported. We hope that GitHub will ultimately facilitate charities as payees, so that Conservancy membership projects can benefit. We realize the program is in beta, but our overarching concern remains that the fundamental approach of this new program fails to address any of the major issues that have already been identified in FOSS sustainability.
Conservancy has paid hundreds of thousands of dollars to fund FOSS developers over the course of our existence. We find that managing the community goverance, carefully negotating with communities about who will be paid, how paid workers interact with the unpaid volunteers, and otherwise managing and assuring that donor dollars are well spent to advance the project are the great challenges of FOSS sustainability. We realize that newcomers to this discussion (like GitHub and their parent company, Microsoft) may not be aware of these complex problems. We also have sympathy for their current approach: when Conservancy started, we too thought that merely putting up a donation button and routing payments was the primary and central activity to assure FOSS sustainability. We quickly discovered that those tasks are prerequisite, but alone are not sufficient to succeed.
Just as important is how the infrastructure is implemented. GitHub is a proprietary software platform for FOSS development, and their sponsors program implements more proprietary software on top of that proprietary platform. FOSS developers should have FOSS that helps them fund their work. Choosing FOSS instead of proprietary software is not always easy initially. Conservancy promotes free-as-in-freedom solutions like our Houdini project and other initiatives throughout our community. We are somewhat alarmed at the advent of so many entrants into the FOSS sustainability space that offer proprietary software and/or proprietary network services as a proposed solution. We hope that GitHub and others who have entered this space recently will collaborate with the existing community of charities who are already working on this problem and remain in search of long-term sustainable, FOSS-friendly solutions.
