Closed Source as Risk
I’ve been using and thinking about open source for a long time now. At some point in the past, it was a serious concern whether or not someone could produce open source and still make a viable living. Thankfully, that open question is almost settled.
I still wonder about the ethics central to open source. Everyone seems to have a different take on the ethics, and I honestly can’t figure out an ethics story that is very compelling to me, personally.
Nowadays, when we talk about ethics of open source, I think the discussion focuses on organizational structures and license considerations. How do we structure our projects? What systems (such as Github) do we use to host our code? How do these choices impact our users? Do we license with the GPL or a BSD-style license?
For me, closed-source software is always raises ethical considerations. And, I personally have no good answer to these ethical considerations, except “open source good, closed source bad”. Thinking about this used to make me feel confused, and typically would prompt analysis paralysis about whatever it was I was trying to decide. The only thing to do is just plow ahead and get things done, which normally meant just using whatever closed system I needed.
Realistically, being free of closed software is an impossible goal. Even if you have managed to use a machine that is perfectly free of closed software, you still need to integrate with closed systems. Our need to communicate with the outside world still exists, and the internet is not free. The AGPL provides ample evidence that many people have thought about this; and yet, they still use the internet.
Recently, my feelings about all this have been coalescing into a better understaing of how to evaluate closed source software in my life. Closed source is a fact of life. Choosing to use a given piece of closed source software is a tradeoff. There are costs of avoiding closed source, just as there are benefits to using open source.
So, what factors play into deciding to really use a closed system? Here are some questions to consider:
How likely is it that closed software will stop doing what you need it to? At some time in the past there was a question whether or not Twitter will close its API and kill its client ecosystem. That day has come and gone, and now the ecosystem is dead.
Does the closed system even do what you want it to? Might it actually contain a bug/decently large problem that you have no real way to notice? For example, I can make OS X system backups all I want, but since I have no effective ways of testing these backups, I can’t be sure that they are actually doing anything at all.
Can you export your data? In the event that the system changes, do you have some way to keep the works you have created? With twitter, we can at least export our tweets. However, a great deal of the value of twitter is in the social connections we have established through it, and these can’t be exported.
How likely is it that the closed source system is somehow causing something you disagree with? I’m pretty sure that Google is in the advertising business; would it be a stretch to imagine that it is trying to mine our lives for data in order to better serve us ads?
A very practical example of this is using Flash. Today, we can avoid Flash. Using Flash exposes us to Flash cookies, which is a huge privacy hole that we know is currenly exploited. Of course, using Flash can be very convenient. Is it worth the convenience?
These types of questions that focus on value and risk leave me feeling good. Instead of worrying about the broader ethics of what closed source means, I can focus on specific instances and think about them as risk. I still know that closed source is a risk factor, but its one I often take as a personal decision, often with good reason.