3 Big Tech Control 2/3 Of The Cloud: Ludovic Dubost On Why This Is A Threat

In 2020 Ludovic Dubost, CEO of XWiki, expressed concerns about the centralization of power in the tech industry, with tech companies becoming too powerful, controlling data and cloud infrastructure. Amazon control over one third of the entire cloud market, while another third goes to Google and Azure combined!

This growing centralization poses a threat to personal data privacy and raises the potential for manipulation, including in elections, but there’s still hope, as Ludovic explained in this new interview with Website Planet, where he shares his perspectives on the current state of data centralization, cybersecurity awareness, and online privacy three years after his first warning.

The story of Ludovic Dubost and XWiki

In 2003, as I left my previous company, an audience measurement startup, where I was CTO, I wanted to create something new.

I had always been interested in web and intranet software from my time at Netscape as a Consultant. As I discovered and implemented a wiki and was amazed at how it changed collaboration and information sharing for my team, I decided to create a wiki engine based on what I had learned as a user.

The wiki engine I was using at the time (Twiki or FOSWiki since it was forked since then), was lacking the capacity to structure data, and I felt it had technical implementation weaknesses. After 6 months of work on my own, I had the first version that I published as open source and created a free wiki service online. XWiki was born.

I then started to make it known, get users to install it, and advertise its extension capabilities to build collaborative websites on top of XWiki. I got my first service clients, which allowed me to make revenue and fund improving the software.

These were the beginnings 19 years ago, and since 2003 we have become a 50 people company, with more than 7000 worldwide organizations using XWiki and with 500+ customers of all sizes. Our XWiki platform is used internally by Amazon, which funded some development, and Lenovo, which uses it as a knowledge base. Furthermore, XWiki is available for self-hosting and also as a cloud service.

Finally, as part of research projects, we have started a new software product, CryptPad, aiming to allow end-to-end encrypted real-time document editing and collaboration. In 2016, we launched a prototype online, and in 2018, we decided to continue the project and launch the cryptpad.fr service. CryptPad.fr has now 50,000 weekly users and more than a million pads open/month. Since it’s an open-source project, almost 800 other instances are currently in use.

What is your current take on the balance between centralization and decentralization? How has it changed since 2020?

The Internet has been thought to be decentralized, with protocols created to allow interoperability. Unfortunately, over the course of time, websites have replaced protocols, and economic market forces are pushing to recentralize the Internet, promising users that everything will be fine. Since 2020, we see that Big Tech companies have even increased their power and their stronghold on users and companies. Their financial power allows them to silence competition.

However, that competition exists. You have many providers of alternatives, which allow much more freedom, whether it is through Open Protocols, standards, or open source. CryptPad, for instance, proposes an open-source alternative to centralized document editing platforms. All our code is open, and anybody can install our solution on their own servers.

We are also receiving support as we also see new regulations (such as DSA and DMA in Europe) that are questioning the power of the Tech Giants and trying to recreate more competition.

Have you noticed any significant regulatory changes or policy shifts related to data privacy and technology that have impacted your industry as a whole?

In Europe, the DSA and DMA are now in place, and we are starting to see the first action related to them. Big Tech is already fighting the new obligations towards “Gatekeepers” that these new regulations include. While we believe these regulations will take a long time to change the market dynamics, this is a step in the right direction.

We also closely follow the EU-US Data Privacy Framework. We believe that the data privacy of European Users is not protected if data transfers to the US are allowed. The Cloud Act in the US provides way too many “secret” powers to the US Government to access private data or European Citizens or Residents.

In Europe, we are also very concerned about the “Chat Control” proposal that endangers the use of end-to-end encryption and, therefore, the protection of data in general.

Our industry is seeing a lot of attention, which is to be expected given the importance of technology in our lives. However, it is yet unclear how the new regulations will effectively increase data protection. In our case, we try to focus more on the software itself and provide software that any individual or organization can use freely to protect their data. We believe that this contribution is essential for the future of data protection.

Have you seen any notable advancements in the adoption and funding of decentralized and open-source technologies?

I could speak about a few notable advancements, and that is also thanks to funding, namely:

• openDesk project: This project aims to create a 100% open-source, secure, decentralized, and privacy-respecting environment for the German public administration. This project reunites 8 well-known niche open-source software providers (XWiki, Nextcloud, Collabora Office, Element (Matrix), Open-Xchange (OX), OpenProject, Nordeck (Jitsi), and Univention), and we are thrilled to be part of it since it aligns with digital sovereignty principles;
• France’s 2030 cloud strategy: The project also provides funding for sovereign solutions in Europe, and it engages 3 consortiums comprised of 39 partners of which both XWiki and CryptPad are part. However, not all the work done in these projects is open source. Even so, we are a major partner, and we will be able to improve our solutions thanks to these programs;
• The NGI Program (ngi.eu) continues to provide funding to open-source solutions. Organizations such as NLNet, OW2, or Aarhus University are managing some Open Calls from NGI and provide regular funding to open-source solutions. At XWiki, we have just recently won 150k funding to work on WAISE (Wiki Artificial Intelligence Search Engine) to allow the creation of “natural language search” based on LLMs.

What strategies have worked best so far to sustain the funding and development of open-source projects?

There certainly isn’t a one-size-fits-all approach here, but I can speak for XWiki and CryptPad.

What we did in the beginning for XWiki was a mix of providing service on top of the product and then being paid to improve it. Along the way, we found other ways in which to sustain the product and that is:

• Educating our customers on various touch points so that they understand why it’s important to pay for open-source and free software. The real value of open-source software is not the fact that you could try to avoid paying providers, but really the transparency of the software and the collaboration which is happening on the software itself
• Offering the option of 3-year deals and different prices for customers that have support contracts versus customers that haven’t purchased this. This approach has helped us create long term relationships with our customers and helps support the development of the product
• Have business-ready extensions included in the subscription. At XWiki we publish all the source code of our business ready extensions but only provide them as paying extensions through our extension store.
• Providing a Cloud service is also an important approach which allows to relate directly with the customers and users (paying and free)
• Research funding and customer paid R&D

Of course, not everything went perfectly smooth from the beginning, and we applied to CryptPad the lessons learned while developing XWiki. Nowadays, because XWiki is also at a point of maturity business-wise, we also support the CryptPad development. Besides this, the main ways in which we fund the CryptPad developments are through R&D grant programs, subscriptions, and donations through Open Collective, and significant funding projects such as “Development of Cloud-based collaborative Office suite” as part of France 2030’s national cloud strategy.

Finally we see that Venture Funding can be a real challenge for open source. While the majority of open-source software (OSS software) was created by VC backed companies, we also see that some investors tend to push these companies to close down their open-source contribution in order to prioritize profit. This has been at the core of the decision of Hashicorp to switch to a non open-source license, which ultimately led to the OpenTofu fork of Terraform which joined the Linux Foundation.

We can see that VC funding is a double-edged sword. We, at XWiki, don’t believe that it’s an ethical business behavior and we have preferred to stay independent and do “Community Open Source” with no “Contributor License Agreement” which means that our business is based on open-source principles today and also in the future.

Have there been any notable changes in how businesses prioritize cybersecurity over convenience? What are they still doing wrong, and how should they fix that?

Cloud providers have promised convenience and price reduction because of their ability to mutualize, and this may have been true until they have gathered an immense amount of data.

Today, users are realizing that the more data, the more reasons to try to steal it, and even though the large Cloud companies promise to be highly competent in security, they still leave holes.

Additionally, as the cybersecurity requirements grow, the promise of low prices also vanishes. On top of this, some software providers have decided they should stop serving customers on-premise, despite their customers’ wishes. We know especially about this as we have seen numerous Atlassian customers coming to us because of Atlassian’s decision to stop “Confluence Server” and push customers to the Cloud or to switch to a much pricier offer to stay on-premise.

We still see customers who are not blinded by the promises of delegating all their IT to the Cloud. We at XWiki consider that we have to provide the choice to our customers to run on the Cloud for convenience or on-premise for full control. Additionally, we have specifically built CryptPad to provide a solution that gives an additional layer of cryptographic security on top of the user’s data.

Have you observed any improvements in end-user understanding and prioritization of cybersecurity since 2020?

While many customers “love” CryptPad and praise us on Mastodon for the work we have done, the majority of users and organizations still don’t understand. The security industry also has a big responsibility as they are more keen to sell “protection” than to direct users to solutions which are secure by design. We hope that we will see a change in the next few years.

What should people do now to protect their data and privacy against the growing centralization of power?

It really depends on the level of personal competence in understanding the way data is gathered, processed, and shared and the actual differences between the different technical providers.

If you are a technologist or a company with an IT department, you have the possibility to understand how data privacy actually works and read behind the lines of the marketing offerings. You might even have the possibility to run some software yourself.

Now, the first step is to decide to give a change to an alternative solution. In the current centralization of power, the major actors choose everything for you. While you think you are choosing to use a specific Big Tech solution, the reality is that you end up using their services because of the foothold they have on the market.

If you, like us, are concerned about this power, the first step is to take action, say “No” to Big Tech firms and pick alternative solutions that propose a different way of doing things.

One of the important things we have learned with CryptPad is that the more users we have, the more users are understanding CryptPad, and it becomes more natural to them. At some point, some of our users go back to a Big Tech solution and find it difficult to use because they got accustomed to our solution. A big reason why people don’t make the switch is because they are used to the other solutions, not because they are that much better.

So, as a user, just make the switch. Prioritize your privacy and your data protection, and prioritize open source. Get more people to join you. The more we are, the more all the solutions will get used as the new norm.