A response to "The JavaScript Trap"

22nd October 2017

Many websites run client-side code (JavaScript) in the browser, and this is usually proprietary software. This means software that does not respect the user's rights to study, modify and redistribute it. In Richard Stallman's article The JavaScript Trap, he says that this proprietary JavaScript is a violation of our freedoms and proposes that we solve this by making web browsers that block proprietary JavaScript and substitute a Free software JavaScript in it's place.

This approach seems to me to be impractical and misguided.

Impractical and misguided

The main problem here is that web is, by design, a sort of "no auditing, no installing" architecture. The content of websites is not audited by a third party (if it was it would be censorship). And the JavaScript on websites is not really "installed", because the server ships us new versions whenever it wishes, giving us no opportunity to audit, modify or veto a new version before using it.

This kind of design is necessary for the web to be the wonderful thing it is. But it inherently throttles our freedoms over the client-side code (JavaScript). Allow me to elaborate:

Free software gives us the freedoms to study, modify and redistribute it. Let's discuss how these three Freedoms might apply to a web application which uses Free JavaScript.

We assume it's a typical web-application, which uses JavaScript to control how the page looks, and to control communication with a back-end server. Maybe it's an online shop.

Freedom to study

One of the most important reasons to study software is to audit it for quality, security or malware. But what's the point of auditing the front-end JavaScript if the site owner can push new versions without telling us? They could slip in any code they like and we would probably run it before we got a chance to audit it again. If we somehow made our browser use an old version of the JavaScript it probably would not work with the new markup or back-end.

Freedom to modify

What about the freedom to modify? Well we have a similar problem as with studying. We have to keep our modified version up-to-date with a back-end with probably undocumented workings which may change without warning.

Also consider if it's polite to run your modified JavaScript on someone else's website. Imagine if you maintain and distribute a modified JavaScript to use with e.g. eBay. And imagine it malfunctions causing a DDOS on eBay or people to have their financial details stolen. Who's fault is it?

To prevent such things happening, the site's owners might (quite understandably) set up the back-end to deliberately refuse to communicate with modified versions of the JavaScript. This would not make the JavaScript non-free software, but would make it useless to modify it.

Freedom to redistribute

Is it useful to re-use software that's specifically crafted to work with a specific back-end service? Sometimes, but probably not. Unless you want to distribute a modified version for people to use with that website as discussed above.

The solution to the puzzle

The reason we're seeing the Software Freedoms not really work for JavaScript is that we're making a mistake about who the user actually is. The JavaScript is not installed on the client's computer, it's installed on the server as part of the web application. The JavaScript cannot usefully be studied, modified or distributed by the client, but it can be by the website's owner.

We need to get out of the mindset of software creator and software user. On the web we have creator, user and visitor. And the user is the website's owner, not the client.

JavaScript is used by the website's owner to provide an experience to the visitor. This is how the web works. The client-side code is owned and controlled by the website, even though it runs on the client's machine.

JavaScript that's distributed by software creators to website owners to use in their own websites does need to be Free Software. Otherwise the website's owner does not have control over their own website. This is the same as any software one installs on one's computer/server.

However, if the software creator and user are the same person (that means the website owner programs their own website) then it does not need to be Free Software. It's like private software written for their own use.

The real danger on the web

The real thing we need to fear on the web is SaaSS (Service as a Software Substitute). SaaSS web apps like Facebook, Google Docs, Google Maps, etc. substitute software you could run yourself (such as email clients, office suites and mapping programs) with services, which are out of our control or understanding. And they store our data on their own servers and use it to make money.

If you want to avoid substituting your software with a service please find great Free Software programs to do these things. Instead of Facebook you can use email, IRC and a blog. Or if you want a Facebook-esque social-networking experience you can run GNU Social or Mastodon on your own server. Instead of Google Docs you can use LibreOffice or Calligra. Instead of Google Maps you can use Marble or OsmAnd. Instead of DropBox you can use OwnCloud or NextCloud (though I just use a USB stick).

For web-services that you cannot replace with software I think it's wise to avoid depending on them too much.

So when using a web application, the best way to think is not "am I using proprietary software" but rather "I am using a service. Could I do what it does using software under my own control? Am I relying on this service too much?"

I'd like to pay homage to an article by Richard Stallman that I do agree with: Who does that server really serve?. It's a bit long but thoroughly thought through article about SaaSS (Software As A Service Substitute).