Interview with Ludovic Dubost on privacy, cybersecurity, and decentralized and open-source technologies

20 Oct 2023 5 min read

Written by

The XWiki Team

Ludovic Dubost, our CEO and Founder of XWiki and CryptPad, was interviewed by Roberto Popolizio from Website Planet about the current state of data centralization, cybersecurity awareness, and online privacy and how open-source technologies are fighting the Big Tech companies. The topics of this discussion are a follow-up to the interview Ludovic gave for Website Planet 3 years ago. We are providing you below with the highlights of the written exchange. For the extended version, you can also read the full interview.

What is your current take on the balance between centralization and decentralization? How has it changed since 2020?

The Internet has been thought to be decentralized, with protocols created to allow interoperability. Unfortunately, over the course of time, websites have replaced protocols, and economic market forces are pushing to recentralize the Internet, promising users that everything will be fine. Since 2020, we see that Big Tech companies have even increased their power and their stronghold on users and companies. Their financial power allows them to silence competition.

However, that competition exists. You have many providers of alternatives, which allow much more freedom, whether it is through Open Protocols, standards, or open source. CryptPad, for instance, proposes an open-source alternative to centralized document editing platforms. All our code is open, and anybody can install our solution on their own servers.

We are also receiving support as we also see new regulations (such as DSA and DMA in Europe) that are questioning the power of the Tech Giants and trying to recreate more competition.

Have you seen any notable advancements in the adoption and funding of decentralized and open-source technologies?

I could speak about a few notable advancements, and that is also thanks to funding, namely:

  • openDesk project: This project aims to create a 100% open-source, secure, decentralized, and privacy-respecting environment for the German public administration. This project reunites 8 well-known niche open-source software providers (XWiki, Nextcloud, Collabora Office, Element (Matrix), Open-Xchange (OX), OpenProject, Nordeck (Jitsi), and Univention), and we are thrilled to be part of it since it aligns with digital sovereignty principles;

  • France’s 2030 cloud strategy: The project also provides funding for sovereign solutions in Europe, and it engages 3 consortiums comprised of 39 partners of which both XWiki and CryptPad are part. However, not all the work done in these projects is open source. Even so, we are a major partner, and we will be able to improve our solutions thanks to these programs;

  • The NGI Program (ngi.eu) continues to provide funding to open-source solutions. Organizations such as NLNet, OW2, or Aarhus University are managing some Open Calls from NGI and provide regular funding to open-source solutions. At XWiki, we have just recently won 150k funding to work on WAISE (Wiki Artificial Intelligence Search Engine) to allow the creation of “natural language search” based on LLMs.

What strategies have worked best so far to sustain the funding and development of open-source projects?

There certainly isn’t a one-size-fits-all approach here, but I can speak for XWiki and CryptPad. What we did in the beginning for XWiki was a mix of providing service on top of the product and then being paid to improve it. Along the way, we found other ways in which to sustain the product and that is:

  • Educating our customers on various touch points so that they understand why it’s important to pay for open-source and free software. The real value of open-source software is not the fact that you could try to avoid paying providers, but really the transparency of the software and the collaboration which is happening on the software itself

  • Offering the option of 3-year deals and different prices for customers that have support contracts versus customers that haven’t purchased this. This approach has helped us create long term relationships with our customers and helps support the development of the product

  • Have business-ready extensions included in the subscription. At XWiki we publish all the source code of our business ready extensions but only provide them as paying extensions through our extension store.

  • Providing a Cloud service is also an important approach which allows to relate directly with the customers and users (paying and free)

  • Research funding and customer paid R&D

Of course, not everything went perfectly smooth from the beginning, and we applied to CryptPad the lessons learned while developing XWiki. Nowadays, because XWiki is also at a point of maturity business-wise, we also support the CryptPad development. Besides this, the main ways in which we fund the CryptPad developments are through R&D grant programs, subscriptions, and donations through Open Collective, and significant funding projects such as “Development of Cloud-based collaborative Office suite” as part of France 2030’s national cloud strategy.

Finally we see that Venture Funding can be a real challenge for open source. While the majority of open-source software (OSS software) was created by VC backed companies, we also see that some investors tend to push these companies to close down their open-source contribution in order to prioritize profit. This has been at the core of the decision of Hashicorp to switch to a non open-source license, which ultimately led to the OpenTofu fork of Terraform which joined the Linux Foundation.

We can see that VC funding is a double-edged sword. We, at XWiki, don’t believe that it’s an ethical business behavior and we have preferred to stay independent and do “Community Open Source” with no “Contributor License Agreement” which means that our business is based on open-source principles today and also in the future.

Have there been any notable changes in how businesses prioritize cybersecurity over convenience? What are they still doing wrong, and how should they fix that?

Cloud providers have promised convenience and price reduction because of their ability to mutualize, and this may have been true until they have gathered an immense amount of data.

Today, users are realizing that the more data, the more reasons to try to steal it, and even though the large Cloud companies promise to be highly competent in security, they still leave holes.

Additionally, as the cybersecurity requirements grow, the promise of low prices also vanishes. On top of this, some software providers have decided they should stop serving customers on-premise, despite their customers’ wishes. We know especially about this as we have seen numerous Atlassian customers coming to us because of Atlassian’s decision to stop “Confluence Server” and push customers to the Cloud or to switch to a much pricier offer to stay on-premise.

We still see customers who are not blinded by the promises of delegating all their IT to the Cloud. We at XWiki consider that we have to provide the choice to our customers to run on the Cloud for convenience or on-premise for full control. Additionally, we have specifically built CryptPad to provide a solution that gives an additional layer of cryptographic security on top of the user’s data.

What should people do now to protect their data and privacy against the growing centralization of power?

It really depends on the level of personal competence in understanding the way data is gathered, processed, and shared and the actual differences between the different technical providers.

If you are a technologist or a company with an IT department, you have the possibility to understand how data privacy actually works and read behind the lines of the marketing offerings. You might even have the possibility to run some software yourself.

Now, the first step is to decide to give a change to an alternative solution. In the current centralization of power, the major actors choose everything for you. While you think you are choosing to use a specific Big Tech solution, the reality is that you end up using their services because of the foothold they have on the market.

If you, like us, are concerned about this power, the first step is to take action, say “No” to Big Tech firms and pick alternative solutions that propose a different way of doing things.

One of the important things we have learned with CryptPad is that the more users we have, the more users are understanding CryptPad, and it becomes more natural to them. At some point, some of our users go back to a Big Tech solution and find it difficult to use because they got accustomed to our solution. A big reason why people don’t make the switch is because they are used to the other solutions, not because they are that much better.

So, as a user, just make the switch. Prioritize your privacy and your data protection, and prioritize open source. Get more people to join you. The more we are, the more all the solutions will get used as the new norm.

You may also be interested in: