Thus, SaaS is equivalent to total spyware and a gaping wide back door, and gives the server operator unjust power over the user. We can’t accept that.
Untangling the SaaS Issue from the Proprietary Software Issue
SaaS and proprietary software lead to similar harmful results, but the causal mechanisms are different. With proprietary software, the cause is that you have and use a copy which is difficult or illegal to change. With SaaS, the cause is that you use a copy you don’t have.
These two issues are often confused, and not only by accident. Web developers use the vague term “web application” to lump the server software together with programs run on your machine in your browser. Some web pages install nontrivial or even large JavaScript programs temporarily into your browser without informing you. When these JavaScript programs are nonfree, they are as bad as any other nonfree software. Here, however, we are concerned with the problem of the server software itself.
Many free software supporters assume that the problem of SaaS will be solved by developing free software for servers. For the server operator’s sake, the programs on the server had better be free; if they are proprietary, their owners have power over the server. That’s unfair to the operator, and doesn’t help you at all. But if the programs on the server are free, that doesn’t protect you as the server’s user from the effects of SaaS. They give freedom to the operator, but not to you.
Releasing the server software source code does benefit the community: suitably skilled users can set up similar servers, perhaps changing the software. But none of these servers would give you control over computing you do on it, unless it’s your server. The rest would all be SaaS. SaaS always subjects you to the power of the server operator, and the only remedy is, Don’t use SaaS! Don’t use someone else’s server to do your own computing on data provided by you.
Distinguishing SaaS from Other Network Services
Does condemning SaaS mean rejecting all network servers? Not at all. Most servers do not raise this issue, because the job you do with them isn’t your own computing except in a trivial sense.
The original purpose of web servers wasn’t to do computing for you, it was to publish information for you to access. Even today this is what most web sites do, and it doesn’t pose the SaaS problem, because accessing someone’s published information isn’t a matter of doing your own computing. Neither is publishing your own materials via a blog site or a microblogging service such as Twitter or identi.ca. The same goes for communication not meant to be private, such as chat groups. Social networking can extend into SaaS; however, at root it is just a method of communication and publication, not SaaS. If you use the service for minor editing of what you’re going to communicate, that is not a significant issue.
Services such as search engines collect data from around the web and let you examine it. Looking through their collection of data isn’t your own computing in the usual sense—you didn’t provide that collection—so using such a service to search the web is not SaaS. (However, using someone else’s search engine to implement a search facility for your own site is SaaS.)
E-commerce is not SaaS, because the computing isn’t solely yours; rather, it is done jointly for you and another party. So there’s no particular reason why you alone should expect to control that computing. The real issue in e-commerce is whether you trust the other party with your money and personal information.
Using a joint project’s servers isn’t SaaS because the computing you do in this way isn’t yours personally. For instance, if you edit pages on Wikipedia, you are not doing your own computing; rather, you are collaborating in Wikipedia’s computing.
Wikipedia controls its own servers, but groups can face the problem of SaaS if they do their group activities on someone else’s server. Fortunately, development hosting sites such as Savannah and SourceForge don’t pose the SaaS problem, because what groups do there is mainly publication and public communication, rather than their own private computing.
Multiplayer games are a group activity carried out on someone else’s server, which makes them SaaS. But where the data involved is just the state of play and the score, the worst wrong the operator might commit is favoritism. You might well ignore that risk, since it seems unlikely and very little is at stake. On the other hand, when the game becomes more than just a game, the issue changes.
Which online services are SaaS? Google Docs is a clear example. Its basic activity is editing, and Google encourages people to use it for their own editing; this is SaaS. It offers the added feature of collaborative editing, but adding participants doesn’t alter the fact that editing on the server is SaaS. (In addition, Google Docs is unacceptable because it installs a large nonfree JavaScript program into the users’ browsers.) If using a service for communication or collaboration requires doing substantial parts of your own computing with it too, that computing is SaaS even if the communication is not.
Some sites offer multiple services, and if one is not SaaS, another may be SaaS. For instance, the main service of Facebook is social networking, and that is not SaaS; however, it supports third-party applications, some of which may be SaaS. Flickr’s main service is distributing photos, which is not SaaS, but it also has features for editing photos, which is SaaS.
Some sites whose main service is publication and communication extend it with “contact management”: keeping track of people you have relationships with. Sending mail to those people for you is not SaaS, but keeping track of your dealings with them, if substantial, is SaaS.
If a service is not SaaS, that does not mean it is OK. There are other bad things a service can do. For instance, Facebook distributes video in Flash, which pressures users to run nonfree software, and it gives users a misleading impression of privacy. Those are important issues too, but this article’s concern is the issue of SaaS.
The IT industry discourages users from considering these distinctions. That’s what the buzzword “cloud computing” is for. This term is so nebulous that it could refer to almost any use of the Internet. It includes SaaS and it includes nearly everything else. The term only lends itself to uselessly broad statements.
The real meaning of “cloud computing” is to suggest a devil-may-care approach towards your computing. It says, “Don’t ask questions, just trust every business without hesitation. Don’t worry about who controls your computing or who holds your data. Don’t check for a hook hidden inside our service before you swallow it.” In other words, “Think like a sucker.” I prefer to avoid the term.
Dealing with the SaaS Problem
Only a small fraction of all web sites do SaaS; most don’t raise the issue. But what should we do about the ones that raise it?
For the simple case, where you are doing your own computing on data in your own hands, the solution is simple: use your own copy of a free software application. Do your text editing with your copy of a free text editor such as GNU Emacs or a free word processor. Do your photo editing with your copy of free software such as GIMP.
But what about collaborating with other individuals? It may be hard to do this at present without using a server. If you use one, don’t trust a server run by a company. A mere contract as a customer is no protection unless you could detect a breach and could really sue, and the company probably writes its contracts to permit a broad range of abuses. Police can subpoena your data from the company with less basis than required to subpoena them from you, supposing the company doesn’t volunteer them like the US phone companies that illegally wiretapped their customers for Bush. If you must use a server, use a server whose operators give you a basis for trust beyond a mere commercial relationship.