[Qgis-user] QGIS for safe organization use.

Greg Troxel gdt at lexort.com
Tue May 23 10:00:11 PDT 2023 

Simon via QGIS-User <qgis-user at lists.osgeo.org> writes:

> Now, a large portion of the information regarding the buildings and
> their locations is confidential, and so I'm wondering if the
> geodatabase and layer that I plan to create will be safe and
> protected, or if other users will have access to them since QGIS is
> free and open source?

I will address the larger academic point to the assembled list readers,
and not discuss your specific situation.  I do not want to let the "Free
Software might not be safe" idea go unchallenged.

The idea that QGIS is not safe *because* it is Free Software (and also
Open Source software) is fundamentally incorrect.  There are two
entirely separate concepts:

  1) When you run the software:

    a) what ability does the software have to send the data it is
       processing to third parties, if it tried?

    b) does the software have bugs that would result in access by a third
       party?

    c) is the software maliciously coded to send data to third parties?

  2) What is the license of the software?

    a) May you obtain and run it without specific additional
       permissions?  Or do you have to pay?
    
    b) Do you have obligations, such as if you distribute a modified
       binary, that you also distribute the corresponding sources?

Software quality is a hard problem, but the idea that Free Software is
unsafe and proprietary software is safe (with respect to 1a) and also
the other way around are both totally unsupported by evidence.  One has
to look at the track record of each software package.

Point 1)c) is a huge issue.  With Free Software, almost always the
authors are writing it because it solves some problem of theirs, not in
order to exploit or monetize other's data.  Some Free Software is part
of a business plan and is Free Software according to the license but
outside the Free Software community.  With proprietary software that has
high license costs (e.g. ESRI), it being non-malicious is quite
plausible (but people cannot read the code and verify that) because
there is an explanation for how the company makes money.

With proprietary software that is distributed at zero or low cost (iOS
and Google app stores), significant amounts of it contains libraries
that exfiltrate data.  I call this malware, even though that is for some
reason not the usual definition.  (To me, a program is malware if it
acts contrary to the interests of the person/organization operating the
computer it is running on, especially if the behavior is not adequately
described by an easily-available written specification.)

There is perhaps a third concept, "the cloud", which really means "a
computer someplace else under someone else's control".  That is
something that can appear with both Free Software and proprietary
software.  However, the Free Software community has a norm that programs
that require a specific server are bad, while ones that come with the
server code that let you set up your own instance are better.  QGIS is
not tied to any specific server instance; that would be viewed as
outrageous by this community.

With respect to licensing, using Free Software and not creating derived
works is not administratively difficult in a corporate or military
environment.  It merely requires reviewing the license to understand the
rules -- which you have to do with a proprietary license, except that
proprietary licenses are usually so restrictive that actual compliance
is difficult.

> At first, I was planning to work with ArcGIS Pro but I'm currently
> waiting for a license. When or if it comes through, I'll stick with
> ArcGIS but for now QGIS seems to be the best alternative.

I would expect that people in your situation generally have a
procurement requirement to evaluate the approaches and make some
best-fit decision.  With Free Software, there is no need to obtain
additional per-seat licenses so that other people can use the tool.  I
have the impression that ArcGIS is quite expensive, but I've never tried
to find out what the price is.  This is of course a complicated issue
and I could not begin to suggest a particular answer without knowing
vast amounts of details (and then, there are other issues; see below).

> If QGIS is not safe, are there other safe and similar softwares you can recommend?

I believe that QGIS is safe (as far as software on a computer goes;
paranoia comes in many shades), and I don't see any reason to think it
is less safe than ESRI.

Unfortunately I, like all Americans, am legally precluded from giving
you advice about your specific situation due to ITAR.  I would suggest
you find a consultant within Canada.  Thank you for being upfront about
your situation.

Greg

More information about the QGIS-User mailing list