« More interviews

#12: Michiel de Jong - Unhosted

26 Mar 2014

Michiel de Jong talks about Unhosted, a protocol to separate web applications from where their data is stored. Plus a call for more developers to work on decentralized technologies, and how to get paid.



Kindly transcribed by: David Hansen

Francis Irving: Okay, welcome everyone to the Redecentralize interview with Michiel de Jong, who is from the Unhosted project. I’m very excited to have him here, because it was actually the first modern-era decentralization project that I heard about. So, hello Michiel!

Michiel de Jong: Hello, how are you doing?

Francis: Good, yeah! Okay, so tell us about Unhosted — what does it do?

Michiel: Right. So the idea of Unhosted web apps is that they are websites that don’t store your user data. So normally when you use a website, it runs on a server that has a database where all your data goes. So you post a photo to the website, it goes into the database of the people who run the website. With an Unhosted website there’s no such database. So there’s still a website that comes from a server, but it comes as static content, and then your browser connects to your own server, which you should have yourself, and it stores the data directly to your server from the browser. So your browser connects to two servers now — one to get the website you’re visiting, and one to your own server which it uses as, say, the database server.

Francis: So it kind of has the same feeling of safety as — sorry to say this — but on say a Windows machine in the 1990s, when you might be running someone’s app but. . . ?

Michiel: Yeah. So we used to have that control over our data when we all installed software and computers came — so it used to be that you have your hard disk where everything happens, and when you want to use software you have to install it on your hard disk. And you have your own files on your hard disk, and nothing ever leaves there unless you send it somewhere else. And we’ve left that paradigm to go to more of a web-based — or a cloud-based — architecture, where all our data is on servers owned by other people. And so to go back to a situation where we can control our data, there’s two or three things you can do — one is to just store everything only on your device; and another thing would be to collaborate with others to have a peer-to-peer database, like a decentralized network where you store your data only with your friends; and the third thing you can do (it’s what we do) is actually the simplest thing, is to say, ‘Well, okay, data’s going to be on servers because it’s just so convenient; you can reinstall your device and the data’s still there, etc.,’ but have a server per user instead of a server per application provider.

So there are actually three parties that are offering that now. One is Dropbox. They offer dropbox.js, where if you are a Dropbox user there are a few applications that support dropbox.js, where the data goes directly to your Dropbox account. Google Drive also supports it now (cross-origin storage). And then we’re the third one. So we have the remoteStorage protocol, which is an open protocol, and which we publish as a nonprofit.

Francis: So the Dropbox and the Google Drive one, they let people write applications that store things on their CORS services, but they’re proprietary and locked in to those services, are they? whereas the remoteStorage is an open protocol?

Michiel: Exactly. They’re a proprietary platform, so Dropbox has the right to kick out any application when they’re not happy with it, and they can change the API when they want, and they are the only provider of Dropbox storage. But for an application environment it’s the same deal, they still don’t have to run a database because each user logs in with their own database, their own remoteStorage. But obviously the idea of the open protocol is that we can have an open market that’s robust against any commercial party defaulting or doing something else than what the users want.

Francis: Okay, so I know you’ve got some applications working already. Can you just talk through, from a user’s point of view, how one of those applications works?

Michiel: Yeah, so we’ve got a few applications that are now being used by a few early adopters. There’s not a lot yet. We don’t have a full platform yet that can replace your Facebook or your iPhone app platform, but the first few applications are there. So you go to the application, and then instead of logging in — like normally to a website you might log in with an email address and a password, but in this case you say ‘Connect to my remoteStorage,’ and then you put in what looks like an email address but it’s actually your storage address. So it’s user@provider. Then what happens is an OAuth dialog — so it redirects you to your own storage provider, asks you to log in, and it asks, ‘Do you allow this application to access your contacts and also read access to your photos?’ for instance, and then if you say ‘Allow’ you’re redirected back to the application — which is just OAuth, it’s the same as when you connect with Facebook or you log in with Twitter or something like that. And then everything else is just the same as using a normal website.

Francis: Oh, so the idea is that the website would basically say it’s using remoteStorage, and then you literally use email, but it has to be one that’s compatible with remoteStorage.

Michiel: Yeah. And there are about 20 applications that support this now, and there’s software you can run to run your own remoteStorage server. There’s also a commercial provider called 5apps. They’re a start-up, also part of the Unhosted movement. They’re friends of ours, and they’re offering remoteStorage now to people who want to have it. So you can get an account with them and then go to the unhosted.org website; there’s a list of example apps which you can try out.

Francis: Can you just quickly explain why someone would want to use hosted storage with Unhosted? I can guess why, but I’m just. . .

Michiel: Yeah! Well we came up with the name first, and then we started thinking about how to build it. So the first idea was to not host anything, to do everything only peer-to-peer, but then we found out that actually a much more viable — and what we thought a better architecture — would be to do per-user hosted. But ‘per-user hosted’ doesn’t sound as intriguing either, so we changed the name.

Francis: And it’s encrypted, presumably, so you get the separation still of the code and the data.

Michiel: It’s up to the application to do encryption at the application level. When applications want to work together — so they want to use the same address book, for instance, then if you have encrypted contacts in your address book then other applications might not be able to use them. So for now the applications can do the encryption at the application level, but at the storage level you can obviously encrypt all you want. You can encrypt the hard drive so that if that server gets raided by some government, that they cannot get to your data.

You can also, what’s presumably the best option in the end is to host a server in your house, like a FreedomBox, and then you know that the government would need a warrant to get to your data, and that most commercial parties will not be able to get into your house. But we don’t build the encryption into the cross-origin storage protocol, we just define how you can connect an application with a per-user storage server, and then you can do encryption under that level and also on top of it.

Francis: Okay. Can you tell us a little bit about some of the applications, like what the most popular and well-made applications are, ones that maybe people could start using for something straightaway?

Michiel: Yeah. There’s Litewrite (litewrite.net) which is a simple, minimalistic text editor, so you can take notes, you can write blog posts, you can write letters. And so there are not a lot of formatting options like inserting graphs and stuff like that, but just for editing text and not being distracted, it’s a really cool editor. And it also works very well on smartphones where you can scroll in the list of documents and then click one which you want to edit.

There’s another one called Sharesome which allows you to share photos and other files with people, and it just gives you a URL which you can then share. So you upload something which goes to your storage, and then you get the URL for it.

There’s SVG-edit which allows you to create diagrams — I bit like, I think it’s called Google Draw in Google Docs where you can create diagrams — and it creates them as .svg and it runs entirely in the browser, and then saves the .svg file to your remoteStorage.

Francis: Do you find many people are using these apps extensively? Or what kind of people is it who are taking them up at the moment?

Michiel: No, so far it’s only basically ourselves using it. We’ve worked on trying out how to build the platform and how to make it possible for app developers to develop apps. And so far we have been working on that, and when app developers have come we’ve worked with them to improve the experience, but there haven’t been a lot of — apart from these 20 apps there haven’t been like any big companies that have said, ‘Okay, we’re going to build our next applications using your protocol.’ It’s mainly been enthusiasts writing these applications. So at this point we have a product more towards app developers and not yet towards end users, but we think that within a year or two, the apps will be there and then end users can also just say, ‘Okay, I’m going to use that for part of the things I do with my computer.’

Francis: So yeah, can you tell us a bit about that? I’m quite intrigued that you just said you were looking for a big company to maybe take it on and use it. So can you tell us the different ways you think you can get a large number of people to start using the apps?

Michiel: Yeah, well the main way is obviously to make it attractive for application developers. So one thing we are doing with the client-side library, which we will be doing, is to include the other two platforms — dropbox.js and the Google Drive JavaScript API — in the library with one common interface, so that if you develop an application and you just want people to be able to use your application, and you want to give them the freedom to use a remoteStorage account, but you don’t want to lose users over that — which is obviously a concern for an application developer saying, ‘Well, I’ll have a very small market if I do that.’ So then you just. . .

Francis: So as a user, if I already use and trust Dropbox I’d just be able to use the app with Dropbox, but then switch later on the same application and use remoteStorage?

Michiel: Yeah. Then at any point you can switch to hosting your own server, or staying with Dropbox if you’re still happy with them, or switching to some other remoteStorage provider. So the other thing we’re thinking — there’s like the free-software movement which wants to keep everything, everybody free (free technology), and there’s also obviously different providers having all kinds of wars over platforms. It used to be mainframes fighting each other for market share, and then the free-software movement started with freedom from mainframe software. Then it was the PC’s hardware. Then in the 90s it became operating systems. And all of those are — we have freedom there now. We cannot have entirely free firmware yet, but we can have Linux as our operating system. We’ve had the browser wars, which were almost lost. It was about to be all Explorer, and then magically that was still won by free software, which we should really be very happy for. So we’ve got several browsers now.

But now the new war that’s going on in software is for the personal storage. So there’s obviously Dropbox, which we all know, but which we may not think so much about. We are always saying, like, ‘Apple’s about the iPhone and the Mac,’ but if you think about it, all your contacts are synced via iCloud, application data is also synced via iCloud, and if you take a photo it also goes to your iCloud. So iCloud is actually also a personal storage platform just like Dropbox. Then there’s Google Drive, SkyDrive for Microsoft — if you buy a new computer with Windows it asks you to log in with your Microsoft account and offers to store your files on SkyDrive. And even Ubuntu, who are a Linux distribution, are doing Ubuntu One as their storage platform. It used to based on CouchDB, but I mean, it’s a proprietary platform which they want people to store their data on.

So we have all these storage platforms, and this is like the new software freedom war, right? So we’ve had browsers, we’ve had operating systems; now we have personal web servers. And we are, at this point, the main (that we know of) open proposal in that area, so we think — another war that’s going on is obviously smartphones. So you have iPhone, and Android, Firefox OS, and there I think mobile operators are very interested in not giving away power to the handset providers and the handset operating system providers. So you see like Samsung doing ‘tee-zen’ or Tizen or whatever they call it, and you see a lot of interest in cheap markets, and countries who don’t want to be dependent on the U.S., like Brazil has also pushed LibreOffice a lot, and they’re also now one of the countries adopting Firefox OS.

So those parties who don’t want to be either dependent on another commercial power, like Nokia doesn’t want to be — well, Nokia’s with Microsoft now, but, for instance Samsung doesn’t want to be dependent on Android, right? And so for them it’s interesting to have something else. And this open platform where they’re not going to lock in users, but they’re going to stop users from being locked into some other power which is their competitor. They were looking to disrupt the market, I think, instead of monetizing it. So I think a party that would like to open up the personal cloud market would be like a mobile provider or a handset manufacturer. It can also be like Vodafone that say, ‘Okay, we’re going to give all our users. . .’ — you’ve seen in Germany big Internet providers now offering ownClouds to their users, so every user gets an ownCloud account. And obviously they’re all looking to make sure that what they offer is valuable, and if people don’t care about where they get their connection anymore, they just care about their cloud provider, then that takes the attention away from what they’re producing.

So any party that does something else other than personal cloud might want to just create some disruption in that market. And then we’ve got our protocol as an Internet draft now at IETF, and most of these big companies are looking there, and that’s the place they would look for it. So at some point if they want to, they can pick it up and start using it.

Francis: Sorry, that’s remoteStorage you’ve got as a. . . ?

Michiel: Yes.

Francis: What’s the situation with that? What stage is that at, and what’s the process like, just briefly?

Michiel: Yeah, so we’re doing a version every six months. We’re now finalizing the seventh one, which is the third one which we’re doing as an Internet draft, so it’s the remotestorage-02 filename. And yeah, we’re discussing about how to change the text, we’re versioning it on GitHub, and every six months we publish it and then storage providers can implement it. And we do the remoteStorage.js client library, which is currently the only client so whenever we change the spec it’s easy to change that, but in theory other people could also write their own clients. And then this text. . .

Francis: Oh, are you finding much backing for getting it made into a standard? What would it be like if that. . . ?

Michiel: Yeah, we’re getting very positive reactions always. Also from people who know what they’re talking about, they say — well, like you for instance. . .

Francis: Yeah!

Michiel: . . . being very positive from the start. And I mean, that’s the confirmation you’re getting. Otherwise it’s — normally when you work in a job, you get your salary and then you know you’ve done a good job, and if you get a raise you know you’ve done a very good job, but if you’re working nonprofit then you have to go by the sort of reactions you get.

Francis: Yeah. One of the problems of the whole system at the moment is people don’t really get rewarded for protocols in the same way they get rewarded for making a Snapchat or something, so it’s good to have people like you putting the energy into them.

Michiel: Yeah, there should be more people. I think the main thing is, it’s not that people — obviously if you work nonprofit you’re going to earn less money than if you work in a company, right? And I don’t think that for most people it’s so important to have a lot of money, but it’s just that there’s also a confirmation that you’re doing the right thing, so you have to be really convinced about yourself, I guess, that what you’re doing is worth something to be able to do that. And you see a lot of projects that just go away after a year, which is a pity.

There’s also — you sometimes get the feeling like everybody’s reinventing the wheel, like everybody starts a project and it’s the same again. I don’t think that’s so much the case; we just see it that way. I think it’s actually probably more in commercial technology where everybody creates another start-up that does local, social things, buying stuff with your friends and stuff, and there are thousands of them that all try to reinvent the same thing. Whereas in free technology we’re way less people, but I think with few people we’re having a big impact on what the future of technology could be.

Francis: Fantastic! Just before we end, I want to quickly ask you what people can do at the moment? Like what do you most need help at, or support in, to make the project work?

Michiel: Right. We need more developers to quit their job and join the revolution! That’s the main thing. That’s the main thing. And it’s easy to get — once somebody says, ‘Okay, I’m going to do this. This is important, and this is what I’m going to work on,’ then it’s very easy to get funding. It’s not so easy to get a market-rate salary. So we’re not going to be able to get the same money that you’d have at a company. But maybe you have got some savings, or you don’t have to drive a car, or especially if you don’t have to commute to an office anymore you don’t have to drive a car.

So we need these people to join and start your own project, or join some project; join our project. More people should do that, because it’s really important that the world has free technology. And otherwise if you’re — yeah, everybody can of course be aware of this and talk about it. It’s an important issue that we should not forget about, and so if you see somebody using Firefox you can just say, ‘Hey, did you know that’s free software? Do you know what that means, and why it’s important?’ Just make sure that people stay aware of that. But what we mainly need is more developers quitting their jobs and working for free technology.

Francis: I noticed on Twitter you saying remoteStorage is hiring at the moment. Can you tell us a bit about that?

Michiel: Yeah. We just got some more funding from NLnet. We’re kindly being sponsored by NLnet, which is a Dutch foundation, and Wau Holland Stiftung, which is a German foundation. And now they just gave some more money, so we’ve said ten euros per hour, which is what — we used to say a thousand euros per month, which is sort of what we live on, and now we say ten euros per hour so it’s more flexible. So somebody could say, ‘Okay, I’m coming for a few weeks,’ doing some work, publishing that, and then you say, ‘Okay, I worked 26 hours,’ and then you just get €260. So that’s the system we’re using now. So if any developer wants to try it out, we’ve got this funding. And we could pay more but then the money would end sooner, and I don’t think. . .

Francis: I have to ask — what kind of foundations are those? Are they really new, or are they like really old ones whose mission happens to fit with what you’re doing?

Michiel: I think NLnet is about 20 years old, but I’m really guessing here now. And Wau Holland Stiftung is probably about 10 years old I think, but they’ve only recently started sponsoring — well, they sponsored WikiLeaks, and they’re now sponsoring us. And so, NLnet came from where the Dutch Internet was sold to a commercial provider, and that was set into a fund to sponsor free Internet projects, and Wau Holland Stiftung was from the legacy of Wau Holland, who was one of the fathers of the Chaos Computer Club. So these foundations are just — and there’s also crowdfunding. If you’re really serious about building free technology then it’s very easy to get started just with your own savings, and then once you’ve got something going you can set up a crowdfunding campaign, and then if people will retweet it and if you’re serious about it and you don’t need a market-rate salary — and you have to say no to the job offers, of course — then yeah, it’s fun work.

Francis: Fantastic! Thank you. It’s been really great talking with you.

Michiel: Yeah! Same here.

Francis: Good luck with your project.

Michiel: Thank you!

Francis: I hope some more people join you.

Michiel: Yes. Thank you.