Freedom in online services is about data: if I have my data in a service, who gets access to it, and who gets to decide if and when it gets deleted? Does the user have total control, or the service provider?

Freedom in traditional software, what the GNU project started with, is also about data, but it was always implicit that the user had total control, since they controlled the machine and could decide what software to run.

That is why online services are a threat to freedom. Even when they are running on a completely free software stack, users still do not necessarily have control of their data. If the user has all the four essential freedoms defined by the Free Software Foundation, it is not enough, since they cannot change the code actually running on the server.

It is, obviously, impossible to allow each user to change the code running on the server. However, it seems to me necessary to add a fifth freedom, for services: the user must be able to retrieve all their data from the service, and to remove all their data from the service.

This may need better phrasing, but the goal is to make it easy to stop using a service, and to change to using a different service. That will allow users benefit from any changes to the code they make. It is not perfect, since in many services much of the value comes from a network effect, where the service is better because everyone else is using it as well. However, that is more a question of quality than freedom.

It is unclear to me whether the freedom of the service should dictate that people other than user who owns the data should be able to freely access it. The Open Software Service Definition and the Franlin Street Statement, both excellent and important documents, seem to think that is necessary, but I am not sure.

A sixth freedom may also be necessary, one that limits what the service provider can do with the user's data, but that is less important to me, I think, at least for now.