flwyd: (spiral staircase to heaven)
[livejournal.com profile] brad et al's decision to build LiveJournal code as open source and let folks access the platform as an API helped content and connections formed on the site survive negative decisions made by the folks who would later lead the company. Defense against future management is a practice that deserves more consideration.

Edit, April 29, 2017: the new LiveJournal Terms of Service was introduced and enforced on April 3rd. I was really busy that week and the following, so I didn't have time to read it. On April 10th, without having accepted the terms, LiveJournal automatically billed me for a year's extension to my paid account. Regardless of whether charge-for-a-service-I-haven't-agreed-to is legal, it suggests that Sup Media didn't put a lot of thought into the user impact of the change. For a service that stores a lot of user content, it's imperative to inform users of changes in terms in advance so that they can consider the change and choose to export their content rather than be subject to the new terms. I think Google did an exemplary job of proactive "Our terms are changing" outreach a few years ago; LiveJournal could at least have sent everyone an email a month in advance.

Reading the terms themselves was a slightly surreal experience. I've read at least one hundred terms of service or end user license agreements. They're normally dry, unnecessarily long, and overbroad, but this is the first time I've read one that didn't seem like it was written by a native English speaker. The page ends with ATTENTION: this translation of the User Agreement is not a legally binding document. The original User Agreement, which is valid, is located at the following address: http://www.livejournal.com/legal/tos-ru.bml which adds further unease to the "I have to accept terms with which I disapprove in order to change my account settings to opt out of your service" situation. (To be fair, non-English speakers face a similar problem when agreeing to the terms of most major websites.)

Finally, I'm quite miffed that the new arrangement forces advertisements onto everyone's journals, even though "ad free" was the main feature I was paying for. After supporting the service financially for over ten years, I'll be discontinuing automatic payments and I don't plan to renew next April.

For anyone still reading my writings on LiveJournal, I'm hereby declaring that https://flwyd.dreamwidth.org/ is the primary source for my blog. I'll continue crossposting for now, but who knows when that may break. Userpics will probably revert to a random smaller set once my paid subscription expires, too.

Hello Dreamwidth

Monday, January 9th, 2017 09:21 pm
flwyd: (escher drawing hands)
This weekend I created a Dreamwidth account and copied all my LiveJournal posts there. I plan to use Dreamwidth for future composition, automatically crossposted to LiveJournal. I don't plan to delete any LJ content, and you can leave comments on either site. I'll still read my LJ friends page and will cultivate new connections on DW. For background, read on.


I created my LiveJournal on June 12, 2001, turned on to the service by [livejournal.com profile] slyviolet. In my first post I set an intention of using it to track memoirs and musings, share interesting links, and support the site as an open-source, volunteer-run project. My use has followed this overall tenor, though the style has evolved quite a bit–as has the LiveJournal ecosystem.

In the last fifteen and a half years, I've written 1,429 posts with (I think) at least one in every month during that span. My update cadence was much higher in college than it's been during my professional life, with a significant drop-off in 2010 as I started getting my social media fix through company-internal venues. English-language LiveJournal usage has dropped significantly during the Obama administration, probably due to the rise of Facebook, Twitter, Tumblr, and other "Social Networking 2.0" sites. I stuck around because (a) I already had a decade of content on LiveJournal and (b) the site's design and community supports long-form content, which is sorely absent in today's volume-focused social media landscape.

A faction also started leaving LiveJournal after its acquisition by the Russian firm SUP Media. Dreamwidth launched in 2009 using a fork of the open source LiveJournal code base, a modified subscription/access model, a different terms of service, and no ties to Russia. Dreamwidth attracted a significant slice of the English-language geekery and fan fiction demographic from LiveJournal.

Recent weeks have seen a renewed migration from LiveJournal to Dreamwidth. This post summarizes some of the drivers, in particular the fact that LiveJournal's servers now seem to be physically located in Russia and the contemporary political climate in Russia is somewhat bleak on the free speech front.

To a software engineer like me, the idea of mandating a particular piece of the web reside in a particular country is ridiculous. The whole point of the Internet is that people from anywhere in the world can share data with people anywhere else in the world. TCP packets don't need to show their passport at the border and a connection between New York and Los Angeles could pass through London, Dubai, and Tokyo if that turns out to be the fastest route. Yet as the Internet has grown to be of more political and commercial prominence, several governments have taken a keen interest in the geographic location of stored data. Sometimes these laws (proposed or passed) happen because legislators don't understand new technology, so they legislate computing the way they would legislate paper. Sometimes the laws seemed to be based on a desire to drive infrastructure development in their country: "If we require Brazilian users' data to be stored in Brazil, tech companies will build more data centers in Brazil, which will drive jobs and tax revenue."

If these were the only two reasons to require data geolocation, LJ servers in Russia wouldn't be a big deal, aside from perhaps slower page loads from the U.S. Unfortunately, several countries have passed (or would like to pass) data location laws so that user content can be subject to local jurisdiction. And, if you're cynical, the government might also want the data to be available for a police raid where they grab hard drives from the data center. In the specific case of Russia, having data subject to Russian law may be of concern, as the Duma has recently passed laws restricting free speech in ways that would feel uncomfortable to many folks in the west. I'm not sure that the "cops with guns and USB cables" scenario puts your LJ data at significantly more risk today than five years ago: Russian hackers have been plundering data from around the world for over a decade and the Kremlin could probably exert pressure on SUP employees to reveal data they steward, regardless of where it's stored.

If you're a LiveJournal user and care about your content, I think it's wise to create a Dreamwidth account (free or paid) and back up your entries (it's easy). Even if the Russian government or hackers have no interest in your journal, having a backup of your data puts you in a more robust position if SUP goes out of business or turns out to be unprepared for a technical disaster.

Additionally, LiveJournal seems to have turned off HTTPS encryption: https://www.livejournal.com/ now redirects to http://www.livejournal.com/ and likewise for individual journals. This seems like a pretty suspicious setup in 2017, when anybody and their uncle can get an SSL certificate for free. So you should probably assume that somebody's listening in on your LiveJournal traffic, regardless of what you think Russian actors (or anyone else) might want to do with said data.

Ironically, moving data outside the U.S. may actually make it moderately easier for the NSA to get at it, since they have to invent complex procedures to legally snoop on U.S. citizens' data within the U.S. but have more statutory freedom to raid international data. If you want to keep your writings protected from the five prying eyes of the world's spy agencies, your best bet may be pen and paper. If you want to store it digitally, strong encryption and public-key based individual sharing is a good (though not very user-friendly) approach. The best balance may be a major tech company which has the resources to spend on high-quality security engineers and is willing to spend big bucks fighting court orders to secretly hand over user data. The big corp, even though they have a closer relationship with the government, may stand a better chance of defending your data than a small startup founded on principles of pure privacy.
October 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 2017

Most Popular Tags

Expand Cut Tags

No cut tags

Subscribe

RSS Atom
Page generated Thursday, October 19th, 2017 12:01 am
Powered by Dreamwidth Studios