Do the little things matter?

In a widely shared video, US Admiral McRaven addressing University of Texas at Austin's Class of 2014 chooses to deliver a simple message: make your bed every day.

A highlight of this talk is the quote The little things in life matter. If you can't do the little things right, you'll never be able to do the big things right.

In the world of free software engineering, we have lofty goals: the FSF's High Priority Project list identifies goals like private real-time communication, security and diversity in our communities. Those deploying free software in industry have equally high ambitions, ranging from self-driving cars to beating the stock market.

Yet over and over again, we can see people taking little shortcuts and compromises. If Admiral McRaven is right, our failure to take care of little decisions, like how we choose an email provider, may be the reason those big projects, like privacy or diversity, appear to be no more than a pie-in-the-sky.

The IT industry has relatively few regulations compared to other fields such as aviation, medicine or even hospitality. Consider a doctor who re-uses a syringe - how many laws would he be breaking? Would he be violating conditions of his insurance? Yet if an IT worker overlooks the contempt for the privacy of Gmail users and their correspondents that is dripping off the pages of the so-called "privacy" policy, nobody questions them. Many people will applaud their IT staff for choices or recommendations like this, because, of course, "it works". A used syringe "just works" too, but who would want one of those?

Google's CEO Eric Schmidt tells us that if you don't have anything to hide, you don't need to worry.

Compare this to the advice of Sun Tzu, author of the indispensable book on strategy, The Art of War. The very first chapter is dedicated to estimating, calculating and planning: what we might call data science today. Tzu unambiguously advises to deceive your opponent, not to let him know the truth about your strengths and weaknesses.

In the third chapter, Offense, Tzu starts out that The best policy is to take a state intact ... to subdue the enemy without fighting is the supreme excellence. Surely this is only possible in theory and not in the real world? Yet when I speak to a group of people new to free software and they tell me "everybody uses Windows in our country", Tzu's words take on meaning he never could have imagined 2,500 years ago.

In many tech startups and even some teams in larger organizations, the oft-repeated mantra is "take the shortcut". But the shortcuts and the things you get without paying anything, without satisfying the conditions of genuinely free software, compromises such as Gmail, frequently involve giving up a little bit too much information about yourself: otherwise, why would they leave the bait out for you? As Mr Tzu puts it, you have just been subdued without fighting.

In one community that has taken a prominent role in addressing the challenges of diversity, one of the leaders recently expressed serious concern that their efforts had been subdued in another way: Gmail's Promotions Tab. Essential emails dispatched to people who had committed to their program were routinely being shunted into the Promotions Tab along with all that marketing nonsense that most people never asked for and the recipients never saw them.

I pointed out many people have concerns about Gmail and that I had been having thoughts about simply blocking it at my mail server. It is quite easy to configure a mail server to send an official bounce message, for example, in Postfix, it is just one line in the /etc/postfix/access file:   REJECT  The person you are trying to contact hasn't accepted Gmail's privacy policy.  Please try sending the email from a regular email provider.

(NOTE: some people read this and thought I meant everybody should run their own email server, but the above code is just an example to encourage discussion. There is discussion about adding a similar feature to block messages from Gmail to ProtonMail webmail accounts, so anybody can do this without their own server and take back control over their privacy)

Some communities could go further, refusing to accept Gmail addresses on mailing lists or registration forms: would that be the lesser evil compared to a miserable fate in Promotions Tab limbo?

I was quite astounded at the response: several people complained that this was too much for participants to comply with (the vast majority register with a Gmail address) or that it was even showing all Gmail users contempt (can't they smell the contempt for users in the aforementioned Gmail "privacy" policy?). Nobody seemed to think participants could cope with that and if we hope these people are going to be the future of diversity, that is really, really scary.

Personally, I have far higher hopes for them: just as Admiral McRaven's Navy SEALS are conditioned to make their bed every day at boot camp, people entering IT, especially those from under-represented groups, need to take pride in small victories for privacy and security, like saying "No" each and every time they have the choice to give up some privacy and get something "free", before they will ever hope to accomplish big projects and change the world.

If they don't learn these lessons at the outset, like the survival and success habits drilled into soldiers during boot-camp, will they ever? If programs just concentrate on some "job skills" and gloss over the questions of privacy and survival in the information age, how can they ever deliver the power shift that is necessary for diversity to mean something?

Come and share your thoughts on the FSFE discussion list (join, thread and reply).

Please also see the subsequent blog on this topic, Fair communication requires mutual consent