AvoidTheWEbBrowser.md 17 KB
Web Browsers became the most used applications of today's world. The internet became so powerful that there is a whole operating system ( Chrome OS ) that is just a fancy web-browser. You can do so much only in the web browser that, the existence of a fully functional web browser made it a good argument for various operating systems. But is it all good? Should we just do everything in a web browser? Or is it rather something to avoid?
Services?
Years ago, when people were moving to use Free Software exclusively, they were avoiding non-free software by using the web-browser and some web-based-services instead. This was before the term Service as a Software Substitute ( SaaSS ). People's problem was proprietary software. So they wanted to get rid of it as much as possible. So instead of using proprietary software on their machines, it was logical to outsource the job to some software on a server somewhere. The same job would be done, but without a need to run the proprietary software on your machine.
But the core problem stayed there. The main idea was to gain freedom. Control over yourself and things belonging to you. In this case your computer. Your computation. When you run proprietary software, you are losing both control over your computer and control over your computation. In the case with services that do computations on their servers, you are not running any software yourself, but you are still loosing control over the computation.
One of things that we are trying to avoid by insuring control over our software is malware. Software features that are designed to be malicious on purpose. Or in some cases the developers believed that maliciousness is a good idea, by explaining it to themselves in a more soothing terms. Like surveillance could be thought about by the developers as system of automatic personalization. Or something. But this perspective doesn't solve the issue at hand. It is still malware. We know that malware could exists in all software. But there is proportionally much more malware in proprietary software since there is only one entity controlling the software, which is not a user, and which is directly benefiting from the malware.
There is a concept of surveillance in software. Sometimes it's called Telemetry. It's an idea of software reporting the behaviours of the user to the company that made that software. We know about the obvious ones like Facebook being the ultimate Big Brother, or Google doing the same thing. Or TikTok sending anything it can to China including stuff you copied to the clipboard. But sometimes the surveillance is not obvious. Like for example, Microsoft Windows sends telemetry every time you open the Start Menu. Or any software or game which uses the official ( not reverse engineered ) library for Autodesk's FBX file format, which has a term in the license, to allow sending data about the users to Autodesk. So any game based on Unity, Unreal Engine and any other non-free software Game Engine which supports Autodesk's FBX is automatically malware.
By the way, this is why in Blender the FBX support could be rather bad at times. Since it's a reverse engineered library, made to avoid all this non-sense.
Another concept is a back door. Surveillance is when the software is sending something to the server. Back door is when the server is sending something to the software. And this software obeys the command. Sometimes it can even have a form of a universal back door. When the server at will can do anything it wants with the user's computer. Imagine having a simple to make, little malware implemented into the software. All it does is listening to the server. And then, the server sends some script to it and it runs the script. This script could do anything at all. Microsoft Windows has a slightly different implementation of a Universal Back Door. They don't even hide that fact. They call it a different name. They call it an "Auto Upgrade". Which is not really an upgrade if you think about it. Basically, if the developer can change the software remotely, without your consent for it, it's by definition a Universal Back Door.
Using a service to compute your computations is like having both surveillance and universal back door in a proprietary program. Why? Well... First, you cannot change the software on the server, even if it's free software. If it's free software, you can change it and install it locally. Which is not a bad thing. But if you want to use the service, you cannot change it. You may try to demand some changes, but it's their computers. And they must have freedom to configure their computers as they wish. So with Services as Software Substitutes you don't have the 4 essential freedoms. Thus it's like using proprietary software.
On the other hand, the owners of the server can change the software at will which will automatically effect all users. This is the universal back door. If for example, the server didn't have some malicious feature, like reading your data, the server owners can at any moment implement this feature and change the software on the server to do what ever they want. Like reading your data. And of course, you send your data to that server in order to process it. So again, it's like using proprietary spyware with a universal back door.
But how about something like an Email server? Or a Matrix server? Or something like LBRY where it's a connection of millions of torrent nodes governed by a block-chain? Well, we can think of them similarly as we think of a simple websites. Let's say somebody by the name Richard opens a website. He will run a server software on him machine, or some machine under his control. It doesn't necessarily supposed to be in his house. And there, the server software serves HTML files and other files, such as images to the client at request. This is not SaaSS. It's a communication.
Remember SaaSS stands for Service as a Software Substitute. Meaning there was or could be software that could run offline, and instead you are being offered a mere substitute to do the same job. With communications, you could not have it be offline. With a web browser accessing a web page, all you care about is the page. Which is sent to you the same way you may send somebody an email.
The same thing goes for a Matrix server, or an LBRY node, or a Tor node, or something like Invidious, that's a proxy for YouTube. As long as you are simply trying to access some information online, not making a computation, this is acceptable. The problem starts where you are not sure whether you are making a computation.
Where is the computation?
There are plenty of websites that act more like software than websites. They are called web-applications. Most of them are done using a collection of little JavaScript programs. This is, is essence, just installing software and then running it. It's not SaaSS. It has it's own negative side effects, like for example, people usually are not aware of such programs in their browsers. But for the sake of argument, let's say that JavaScript software is totally okay.
Now let's imagine something like Google Docs. A website / application that makes it possible to edit documents in a browser. This kind of thing would load a lot of JavaScript into your browser which will execute the user interface with all the features of the editor. Basically, every time you load a Google Docs page, you are downloading and installing a whole office suit from scratch.
But is it whole? Like, are you actually loading all the features? Or maybe some of the feature are SaaSS? In Google Docs, the files are stored on Google's Servers ( Google Drive ). And when you want to do a specific computation with a file in the Google Docs ( or the whole Google Drive ), where exactly does this computation happens? Does it download the file to your browser and using some JavaScript, makes a change, only to upload it back to the drive, or is the computation happening on the server? I think the obvious answer is "it depends". Which makes the whole issue even harder.
Let's take something that is a little bit more Freedom respecting. Odysee. When I use Odysee to view something or to post something. It's not SaaSS. It's communication. Or is it? LBRY has an LBRY SDK which is meant to do all kinds of things on the LBRY network. Like retrieving files, posting files, sending crypto-graphic transactions and so on. All of these features require connection. But they are very much implementable in install-able software since we are dealing with a block-chain, rather then a server / client configuration.
It is very unclear that Odysee is not a SaaSS. But it clearly has SaaSS elements. Like for example video trans-coding. This is a feature that could and should be implemented locally. And it is kind of already implemented locally if you are using the SDK ( or LBRY Desktop ). But on Odysee, the trans-coding is happening on the Odysee's servers. Which is clearly SaaSS.
Also a big problem, is that even if you upload something with the SDK, Odysee's server will trans-code the video. It can do it because trans-coding is not a part of LBRY. If I download a video with the SDK directly, it will be the original file. Not the trans-coded version. Only on Odysee ( and LBRY Desktop ) you can load a trans-coded version.
Another thing that is clearly SaaSS about Odysee is the unlock feature that lets you unlock massive amount of tips very quickly. Before that feature was implemented, Gardner Bryant made his own implementation of that feature in bash. Which was getting information about tips from the SDK and unlocking them one by one. It was better then doing it manually, but it still took a long time. Now, there in a convenient button to do it in a matter of seconds. The problem is, it's not a part of the SDK. Which means it's a script ( probably a very simple one ) that's running on the Odysee's servers. It's SaaSS. And the mind-blowing part is, the LBRY Desktop has the same button that's equally SaaSS.
We've come to a place where in a locally installed application there are SaaSS features. Of course, you can tell me that LBRY Desktop is just Odysee green and in a browser, since it's based on Electron. But it's not far from other software that's using the same kinds of SaaSS features too. When we were doing the thumbnail previews for FastLBRY GTK we figured out that Odysee uses a special proxy to optimize the network usage when loading images.
You can put any image from any website to make it give you a changed copy. You just need to paste a direct link to that image in the end of the url. This is technically SaaSS. You could get the image from the server yourself and decrease it's quality yourself. But they opted into going to all this length and preparing the image for you. Which is another aspect of Odysee that you don't necessarily control.
Now, to be serious. From the user's perspective, all he wants to get is the image. And Odysee provided the user with a link to download it. So there is nothing inherently wrong with it. But it starts being wrong if you want to implement this same feature else where. For example you want to make a program that decreases images resolutions, using the Odysee method. This would definitely be SaaSS. And Odysee supposed to be Free Software. Free Software filled with SaaSS. This is the problem.
LBRY Desktop on the other hand, doesn't seem to do it. Somebody in our Matrix Chat pointed out that all thumbnails look way sharper in the LBRY Desktop compared to Odysee. So it seems like the scaling down in LBRY Desktop is happening locally, by the Chromium Web Engine inside the electron. And not by the weird SaaSS domain. I think it's because most of the UI of the LBRY Desktop is already pre-loaded. And there is no need to cut down the server usage on images. Since you don't need to download the UI over and over again.
Have you got the headache yet from all the weird ways you can loose your freedom to a web-application? Well you have to prepare. There is the whole discussion about JavaScript. Which requires it's own article.
Let's Talk About JavaScript article
Analytics
And now let's look at the sinister reality of web-applications and why they are so popular today. Simple answer - analytics. Information is a very valuable asset. The more you know about your target customers, the easier you can sell to them. Especially if you are trying to make a business on advertising. But even if not, companies like to collect at least the most basic Telemetry for at least the development purposes. Which includes also, the valuable personal information, which they will not be shy at selling to some Data Brokers who's jobs are to buy data from one entity and sell this data to another entity.
If the software is implemented in such a way that you can use it completely offline. There will not be any telemetry that the company will get from you. One of the ways to force you to be online is a subscription checking DRM. Which is a whole another can of worms. This is when your software tells you to connect to the internet, or otherwise it will refuse to work. You can usually see it in the games. But it still requires technicality to make it work. And a lot of people might figure out how to break this DRM feature. Thus use the software completely offline. The companies do not want it.
Also, from another perspective there are containerised solution to running potentially malicious software in such a way that it cannot connect to the internet. Which is another something that the companies do not like. Whey want the data at all cost.
So it's rather obvious that they will go to the web-application route. Especially if it's working only with in the browser. This will eliminate all ideas of running it potentially offline. The interesting part is, you can run websites offline. For example, you can download the entire Wikipedia and read it while being offline. There were even hardware devices with pre-loaded Wikipedia that do not require any connection to the internet what so ever. All Free Software SaaSS clients like LibreTranslate could be downloaded and installed locally. Then accessed via the web-browser, but without the need to have an Internet connection. But the point is. If it's Google Docs, you can only run it while being connected.
Also did you know that Electron ( a little browser to deploy web applications as if they were desktop applications ) was developed by GitHub? Which is a company owned by Microsoft. And one of the first things Electron was used for is Microsoft Visual Studio Code a semi-free editor ( binaries are proprietary, the source code is Free Software ) which is technically a web-application with telemetry. If they would make a normal editor, they could not treat it the same way as a web application.
Getting rid of this non-sense
To get rid of this non-sense try using software when ever possible. Not web-applications. Not Electron apps. Software. And Software which is Free. Not proprietary.
On the Matrix Chat ( link in the bottom of the article ) there are a few people on the quest of getting rid of non-software computing solution. They are moving away from the web browser to a more free life of personal control. Personal Freedom. I urge you to do the same.
You can take the first step by moving away from Odysee.com to at least the LBRY Desktop. On Android based devices you can use the LBRY for Android. Which is an immense step forward from using a web-browser. For power users, I would suggest to use and contribute to FastLBRY Terminal. For people who are looking at a GUI solutions there is a FastLBRY GTK project. But it's rather unfinished. So instead you can use a rival project based on FastLBRY Terminal called LBRY GTK.
Then think about finding software that you control. That do not need internet when they do not need internet. Like stop using Google Docs. There is Libre Office.
User Freedom is at most valuable thing. We should not allow sneaky bastards in suites to take it away from us. It's not proprietary software that we are fighting against. It's User Freedom that we are fighting for. And it's got to be protected from all kinds of injustices. If they see that we don't like something. Let's say proprietary software. And they offer us a different injustice, so to avoid conflict in that area. We should be aware. We should not comply with them. We should be stronger than this.
Happy Hacking!