Concerned about Facebook, Google, and other companies that make billions brokering sensitive information, free-software champion Eben Moglen has unveiled a plan to populate the internet with tiny, low-cost boxes that are designed to preserve individuals' personal privacy. The Freedom Box, as the chairman of the Software Freedom …
Sounds like an always-on FreeNet node. If it works, then awesome. FreeNet needs more nodes to improve bandwidth (it's slow as hell right now).
Slow as hell right now?
Freenet has always been slow, even when it was the project du jour a decade ago. Partly that's because it attempts to anonymize access to data by "hopping" requests around from one point in the network to another. And partly because it doesn't even know where the data is to begin with so it has to send off lots of requests until it finds a node with a cached copy.
It is also probably the case that the LESS nodes on the freenet the faster it is. It means less hops to find a node that carries the data because there are less nodes total.
Anyway it's only superficially similar. Freedom box is not "plausible deniability box", or "anonymous box". I assume when you configure a webmail / facebook server to use your box that you enter a unique id like an IP or alias which identifies where your data is and where updates are stored. The server will know who you are to some extent since it will be talking straight to your box through a protocol like https. The box may well use encryption to protect your data in transit and to p2p copies out to friends so in some regards it is similar.
The box is running Linux of course so it could act as a freenet node too of course if it had the memory and storage to do it.
Render unto Caesar…
There is a work of a group of European (yes, European... I know it's incredible) that might predate (2009) Mr. Moglen "crusade", it promises to cost less than 29 quids and is even better focused:
and, more general:
For what I perused in the Freedom Box website, no reference to this project.
The two ideas are suspiciously very similar, swap the word "router" for "box" and you get the same kind of animal.
Is this a blatant case of stealing ideas and not crediting it? If this is the case it's a direct punch to the very principles of Open Source.
Re: Render unto Caesar…
There are a load of projects proposing this kind of thing, and I don't think that Moglen only just came up with the notion that it's a good thing. So you may want to climb down from that high horse of yours and peruse that long list of projects:
Oh noes: those nasty Freedom Box people are acknowledging the existence of other projects. Sheesh!
Stealing? Only if...
You need to be aware of the other idea to give credit, or to steal it. If you don't know about it then it's independent creation, or maybe just obvious after changes over time. I don't know if Moglen was aware of those papers, but I wasn't. I have had a Via Epia as a low power server/router for years though, and it seemed an obvious place to put Diaspora or GNU Social when they were announced. Shifting to a GuruPlug to drop power consumption is fairly obvious too, as is selling preconfigured blocks like the MeshPotato. If someone had asked me about it yesterday I wouldn't have been able to mention Peerson, or Moglen for that matter.
So, if there are lots of these projects around,
and none of them have ever taken off,
Might there be a good reason for that?
@AC: No high horses here...
... We ate them all during the crisis of 2008.
Thanks for mentioning the list but it only poorly rectifies my concerns: these projects do not create a P2P social network tout court; moreover, the list is not visible on the foundation's website.
I still think that there are too many similarities between Freedom Box and Peerson.
The latter is a real precursor (Started in 2008) and a truly open project who did the hard work of socially motivating a distributed approach on limited commodity hardware. All is visible and documented.
It's true, I cannot prove the idea was stolen but I can't believe that Mr. Moglen never tried to google "peer to peer social network"; Peerson comes third in my browser.
The good guys at Debian might insert Peerson in the list perhaps, that would be nice.
BTW: we used to have a brown Brabançon, he was high but extremely docile.
Actually, my employer is toying with the same idea
It is not as crazy as it sounds. This reverses the cloud concept such that we each own our own servers. Don't forget, that is what the Internet was originally all about - masses of disperate machines all sharing data to maintain the integrity of the 'system' after a catastrophe, such as nuclear war. All we're proposing here is what P2P wireless will hopefully do the (nefarious) carriers and that is eliminating the ISP from the equation.
If I told you in 1992 when we were all communicating using faxes and pagers that a few years later it would be possible to electronically share with anyone anywhere in real time any item of content, you would have thought me mad. Two years later, Mosaic changed everything.
Well, the personal 'server' and all manner of P2P comms will be as ubiquitous in a few years as the reverse is today. It is inevitable.
@oflife #p2pwireless #projectprecisely
OK, two questions:
1) How much storage is this $29 box going to hold? Baring in mind that it will be used for online backups as well as all the other stuff (and so realistically would need to be in the hundreds of GB range for current backup habits)
2) Sure, Facebook and all the others have quite a lot of servers that could be replaced by a large number of small devices distributed around the world, but there is also lots of IP including a shed-load of code and the developers to maintain it. How do you replace all of that?
@GettinSadda: 2 questions
"there is also lots of IP including a shed-load of code and the developers to maintain it. How do you replace all of that?"
Take a look at the list of Debian packages sometime. Then go figure that and why most of this code has been developed by people paid to do this (reason: doing this helps sell loads of services and hardware).
"How much storage ... ?"
These £29 devices and the USB attached disk drives will become a large enough market to support the open source software in their own right.
"Take a look at the list of Debian packages sometime. Then go figure that and why most of this code has been developed by people paid to do this (reason: doing this helps sell loads of services and hardware)."
I'm not quite sure what you are saying here - is it that there are already Debian packages that will run a high-quality social networking site (good enough to tempt away current Facebook users) and to run it on a set of massively distributed servers where each and any server may be connected or not at any time or may be powered off or on without warning and where latency and bandwidth to any server may vary wildly? Or are you suggesting that there is enough profit at $29 per server to fund the development and maintenance of such software?
"These £29 devices and the USB attached disk drives will become a large enough market to support the open source software in their own right."
So, a) you have increased the price from $29 to £29, b) it is now £29 plus a USB drive (which is likely to be >£29 itself) and c) You seem to be suggesting that the profit from selling the external storage will go to supporting the code (this can only really work if there is some sort of vendor lock-in... nice!)
OK fair points. There is also a large potential market for services here, suggest by AC saying he wants one but doesn't understand it. Who is going to set this up for him and is he willing to pay a contractor or trainer or book author to help him, e.g. by buying a book or paying for a training course ?
True the disk drive doesn't connect to the software support revenue directly. But the hardware market here is really massive, if you can imagine selling one of these to 50% of households in the developed world (which will double in population over the next 20 years).
You'll get some idea of who funds development of the Linux kernel program and why from this article:
The reason they do this is because there are few households now not containing consumer electronics making some use of Linux - it's probably in your broadband router, almost certainly in any set top boxes, cable TV boxes, satellite boxes or high end TVs bought in the last 3 years. The same applies to much of the open source software stack which isn't kernel code but which drives major hardware and service industries.
Another factor is because of the reusability of existing open-source/free software which comes as part of major Linux distributions (Ubuntu, Debian, Fedora) developing this proposed networking software will probably involve 95% or more of the code required involving reuse of existing components. I very rarely need to create much new code from scratch these days for a new project, I tend to reuse an existing library that does most of what I need.
I think if this had happened ten or fifteen years ago then it might have worked, but are people that currently have Facebook really going to want to buy a mini server, then buy an external drive, then buy a deep-geek book on how to set it up, then give up doing it themselves and pay some sort of consultant to finish the job for them?
Why spend loads of time and probably a good three figure sum getting this new device to work? What is in it for them? They have Facebook, and so do their friends and family. They swap photos and videos (maybe uploaded from their phone via an existing app) play FarmVille or Mafia Wars, IM each other through the day, track their favourite bands' fan pages, search for old school friends and even buy Facebook gifts. And what does all this cost? Nothing (except the gifts and any in-game charges). How long did it take for them to set up? Five minutes if they type slowly! Oh, and they give away their privacy - but then to be honest very few Facebook users actually care much about that!
I would be amazed if 0.5% of the developed world wanted one of these things, so there is no real prospect of it ever reaching 50%
I also think you may be underestimating how big a job getting a global system like this working reliably would be. Sure, you could set up Drupal and Wordpress on your personal box, even set up photo and video serving, but this is not a Facebook replacement, it is just your own personal site, like most of elReg readers probably have already.
Half my family are on Facebook and all of my family are on my own GNU Mailman list hosted on my own server. When this becomes available in a way I can reasonably install and use, then I and a couple of other family members are likely to leave FB other than as a reducing and automated output-only message and URL feed because it sucks big time. Why am I on FB now ? Because I don't want to miss the traffic exclusively on there, but also so I know what we need to establish in competition.
So as far as I am concerned this doesn't compete with FB because the latter sucks so much. It does compete with GNU Mailman, and it promises to do so quite well:
a. by reducing the geekiness of the skills needed to operate your own server to something a greater proportion of the population are likely to want to do, e.g. making this more like setting up your own broadband router. Many users configure these devices, but most probably just plug them in and play.
b. By using the Rsync protocol over SSL to exchange files and photos rather than the SMTP protocol used by GNU Mailman. Rsync is much more efficient for this job, SSL gives it the privacy.
c. Running your own SMTP server and keeping spam off your network is really hard, hopefully running GNU Freedom Service will be designed to be a lot easier.
True, early adopters who want to make some money off it will need higher levels of skill than later plug and play adopters.
Mailing lists are also too inflexible. It is possible as I do, to have one hosted by yourself for your extended family, and very useful. But you want to do social networking with friends and family, and family extends to in-laws and their many seperate networks as with friends. Mailing lists have a binary membership relationship with each individual - you are either in or out and subtleties such as limited sharing based upon authenticated friend of friend relationship protocols are too subtle a requirement for a set of mailing lists and sublists to handle.
The hard part of this will be getting the software both sufficiently simple so anyone can buy one at their local supermarket and plug it in, and enough users can also understand how to configure it. I suspect that early adopters who have moderate tech skills will be more willing to seed and centre these networks of family and friends. Later adopters will simply want to run in synchronisation mode so they get at all their media and messages more quickly without having to administrate very much, other than to input a few domain names of groups they are attached to and personal credentials they have with these groups.
I admire your spirit (and the obligatory geek-fu) but I think that you are mistaken about what most people want.
Facebook is successful because the vast majority of the general public actually like what it does and even how it looks. They like all that stuff that turns you off. That's why Zuckerberg is ridiculously rich.
To the average Facebook user, your suggestion of setting up and running a nice little 'family and friends mail-do-hicky' is about as attractive as the idea of growing your own organic cotton and hand weaving it into your own clothing. They would rather just pop down to Tesco or Asda and buy Jeans for £3 and a T-shirt for £1.50 in an 'attractive' range of designs.
I host a number of websites, some are exclusively for family content. However, these days when I do post something on these sites most members of my family just say "why don't you put it on Facebook, then I'll see it along with all my other stuff".
1) Who is going to back these up? When I cloud my data backup gets done by someone else who knows how to do it. Joe Sixpack will not be able to make a useful backup strategy.
2) Security: Without proper administration these will soon become the world's biggest botnet.
It is always easy to solve problems if you ignore the hard parts.
Pay people and they'll do it
"Half my family are on Facebook and all of my family are on my own GNU Mailman list hosted on my own server."
Good luck with your hobby and all that, but you seem to be in total reality denial.
"The hard part of this will be getting the software both sufficiently simple so anyone can buy one at their local supermarket and plug it in, and enough users can also understand how to configure it. I suspect that early adopters who have moderate tech skills will be more willing to seed and centre these networks of family and friends. Later adopters " [blah blah]
Yes it is hard, isn't it? And GNU nerds and Unix beardies have never been able to do it. Not once. If they could, we wouldn't need Microsoft or Facebook.
They prefer sitting around and talking about it - that's all they've done for 20 years. Maybe paying people for their work isn't such a bad idea. It's the missing incentive.
Canonical, publisher of Ubuntu, has done more than just sit around talking about getting a Linux distro onto nearly every desktop. So much so, that their critics accuse them of aping Apple. I, like you, made complaints about the open source community, but Canonical has listened to, and what is more important, acted on our complaints. I am so impressed with their work that I am betting on them to rule the internet in the near future. Oh, and what is Ubuntu based upon? Why, its a fancy version of Debian! The same OS that is proposed for this cheap little box.
Getting the picture yet, Anonymous Coward? This so-called "freedom box" will NOT be the final answer. There will NEVER be a final answer because the busybodies and wannabe rulers of this weary old world are very busy going about what they perceive to be their business, even if they have to stick their long noses into yours and mine. I think that taking a whack at those long sensitive noses with this sort of thing is well worth the trouble and expense. Let's say it will cost 100 USD. What would that come to in pounds? See what I mean? Even if the costs have been underestimated by a factor of three, it will be fine because if it works, it works, and everyone who has any sense will want them.
I don't understand all of this...
But I think I want one ASAP.
sounds great, but is it feasible?
Could work I guess
Apps like Diaspora are making a big deal of the idea of personal privacy, that your content goes into a "pod" that you control absolutely. So I guess this concept ties into that, especially since Moglen is the inspiration behind Diaspora too.
I suppose this box could work pretty much how Facebook / Twitter work now with regards to 3rd party sites / apps. i.e. you manage a list of sites that have access to your data. A new web site that wants your personal data must redirect to a web frontend on your box where you grant / deny the permissions asked for. At some later point you could then revoke the permissions completely. I suppose the box, friends & sites could then use P2P to cache data to speed up actions a bit and sync up over time. I'm not sure how this arrangement would account for services that need to index, cache, or otherwise construct metadata, e.g. a photo web site might want to read meta data from all your pictures into a database table and also make a bunch of thumbnails. I guess there would have to be a permission associated with this need, and the contract between site & content would have to have some legal bite to prevent abuse.
Biggest issue would be in persuading cloud service providers to use it, or producing a rival app that did which was so compelling that the old provider withered away. I think it's too early to say if Diaspora will do that to Facebook, but I wouldn't shed any tears if it did.
As an aside Freedom Box is a pretty stupid name even if it's technically accurate. Time for an obscure comedy reference; I wonder if it accelerates to dangerous speeds or sticks to certain kinds of skin.
Could the cloud block it?
For years I've had this nagging idea in the back of my head that the killer app for me would be a crazy personal content aggregator - like an RSS reader meets DownThemAll meets ReadItLater on a home server meets SquidProxy on steroids meets your own personal news channel with scrolling news ticker meets LastPass type of thing.
If it looks like a duck (i.e. normal web user and browser), acts like a duck, etc - the cloud providers would be in a tough spot to block it. Heck, the only reason Hulu and co can block GoogleTV - AFAIK - is that the browser is actually honest about it being Google TV. Just like the only reason robots.txt works is that the people programming said bots tell them to respect the rules.
Anyway, enough about that and back on topic... I think the tough part here (assuming I really grasp what they're talking about) is really going to be recreating an interface for your local stuff, and a security model that's usable. For this thing to work it will have to be an order of magnitude simpler than the all-in-one home/SME servers (WHS, ClearOS, etc) which many of us gearheads know and love.
Dead simple, slicker than cat crap on linoleum, rock solid, and secure - easy right? ;)
Why stop at facebook?
These things could also do cooperative web crawling and make search engines obsolete.
He could put a radio in each one and then if they are sufficiently densely deployed they can mesh network.
In fact, why not attach a touch screen to these boxes and a battery, say and make them seem worthwhile spending the cash on.
Interesting concept - but this will never bloody work.
Interesting concept - but this will never bloody work. Far too many what ifs, I'm not even going to start. Maybe in a different format it could but a doo-dar you have to physically plug in? What is this, the '80s or something?
There is one simple solution already - become educated in online security and safety - know the risks and benefits and make informed decisions. That aint gunna happen for all people either I guess. Maybe we are all just screwed!
Paris, 'cus she's the original "plug in and forget it" device!
I must be thick
It sounds to me like hew wants to embed TOR in a wall-wart sized server.
Or am I missing something?
This "Freedom Box" remembers me of maddog's Project Cauã <http://www.projectcaua.org/>.
Will never take off
Let me be the first to say: What a load of bollocks.
"Decentralised storage" works fine within your house. However "decentralised storage" when applied to P2P equals piracy, pure and simple. (Yes I know some people use P2P for legitimate things. You're so much of an exception that your slice of a pie charge won't fit into a single pixel. Sod off until you're statistically significant.)
And these boxes are still at the mercy of any government. They need a defined way to communicate, so anyone in control of comms can cut that off. But to make matters worse this time, we're at the mercy of Eben Moglen and whatever the FSF decide is the Right Thing To Do, which is not always the right thing for the rest of the world.
And the FSF is so good at responding to consumer's needs!
Shame on you Graham Bartlett for acknowledging reality.
You really don't get this Free Software thing, do you? Announce a manifesto and start a campaign to get everybody to use dc, so nobody needs to use this expensive proprietary Excel crap from M$FT. Make sure you spell Microsoft as M$ to show your moral superiority.
When the campaign fails blame an evil conspiracy for messing it up, or the users for failing to see the advantages of proven open source infrastructure.
Copsewood can help you here.
"And these boxes are still at the mercy of any government. They need a defined way to communicate, so anyone in control of comms can cut that off"
Duh. Are you saying you could keep your connection to facebook open if the government decided to cut comms? Of course what you point out is a huge problem, but it is a comms problem and nothing really to do with the privacy problem this sort of device is intended to address.
Personally I think an overly technological solution to privacy issues is doomed to fail - maybe not commercially ( i may find a market among geeks/those who actually care), but in terms of addressing the wider privacy issues.
Any successful solution short of violent revolution will involve education, technology and legislation in the right balance. I have long been of the opinion that personal information should be licenced. A "DRM" that works for the individual rather than against, if you will.
It's no big deal technologically to conceptualise a framework whereby all designated personal data is automatically tagged with meta-data which could include authorisation, authentication, expiry and other non-arbitrary parameters which mandate how it is used. Whatever the complexities to the average joe of PKI infrastructure itself, it boils down to 2 simple questions: 1) "Do you want to give this data to organization X? 2) For how long? Educating users in these 2 simple questions is sufficient, - and much easier than explaining PKI to them :)
The legislative angle is equally simple - to keep any of this data at all, organizations (including government departments, etc. ) must be licenced by the state - no licence, no data. Add compliance with an individual's own restrictions to the DPA/PCI, etc. and we're all set.
Now of course there will always be people who grant access in perpetuity to all data in order to have an "easy" life as a marketing mark, but at least the tools to control the untrammelled dissemination of personal data will be in the hands of those whose hands it should be in.
A router with USB hard drive running OpenWRT.
Some Commercial Router/WiFi/Media boxes can do this off the shelf too. At the minute the cost is closer to $290 though (including Hard Drive).
Also it can be done securely today with a hosted Server account from about $20. Solves issues of traffic and "always on". Customise the free mail server, add Drupal, Wordpress, Joomla and whatever plugins. Give your friends accounts. Say goodbye to Facebook, Twitter, Flickr, Google Docs.
I hate to be a naysayer, but a) this already exists (Shiva Plug, anyone?), and b) it doesn't address the more fundamental problem of who controls the network infrastructure (if you're using this for, say, moving data around during such events as happened in Egypt). If the lines get disconnected by your government/provider/mother you won't get far with a wall-plug server.
That's not even mentioning the enormous potential for abuse of a server that you just "plug in and forget about", considering the general public's level of computer knowledge.
I will say, however, that combined with some mesh networking and someone who knows what he/she's doing and this could be quite an interesting idea.
If all the people who 'wish them well..' as you put it, did by stock then maybe it could succeed - think of it as an investment in your privacy, rather than an investment for financial profit.
If you want profit - buy Google shares - I want privacy ...Where do I sign....
I'm a sceptic...
But that isn't a bad idea, and there's no technical reason why it shouldn't work.
You can demo it on half a dozen Linux boxes-most if not all of the software already exists. Then just shift it to a plug computer with a drive.
Downside: P2P is inherently fragile as ISPs can spot it and throttle.
I can imagine Facepalm bods looking to buy up patents to block it.
I had the same idea
a few months ago, why share my data into a proprietary silo (Facebook) when I can keep it all local and then allow access to services that want to aggregate it?
Let's move distribution from the centre to the edge - become a producer not just a consumer.
Doesn't make it less of a good idea, just late to the party.
Not been paying attention during FOSDEM?
Eben gave a similar (if not the same) speech during a FOSDEM keynote. Looks like that was a bit too early for the El Reg reporter. Probably related to the beer event the night before?
Moglen vs History
Our country has a longer history than his, and hence perhaps more lessons to be drawn. The Enclosure of our Commons shows no sign of being reversed anytime soon.
Moglen gave that same speech at FOSDEM, after which I blogged about it at http://bahumbug.wordpress.com/2011/02/14/moglen-vs-history/
I expect Facebook is a flash in the pan, like Second Life a couple of years ago. But the trend is not.
But in reality it's never gonna work. "Here Fackbookers, pay $29 or however much to continue chatting and sharing photos etc with your friends... obviously only if they've paid their $29 too." And he says that Google, Fackbook et al are at the behest of governements etc, whats to stop the US governement or any soverign state demanding the master keys to whatever encryption software is on these things in the interest of national security or they'll be banned from sale?
If it works, Put me down for a dozen
Lovely idea, but...
What a really lovely idea, but most people don't see a problem with Facebook or gmail. Without them seeing a problem, why would they either spend money or time and energy setting this up?
I'm a huge fan of Google mail and you know, if Google use my mail to anonymously target adverts at me, that's a price I'm very happy to pay. I consider it a great deal.
“He has to remarkable extent succeeded with a very poor deal, namely 'I will give you free web-hosting and some PHP doodads and you get spying for free all the time,'”
Spying on me?
It knows exactly what I want to tell it, nothing more, nothing less.
So I like Travel, Books and Beer. It gives adverts that I choose either to read or ignore (mainly ignore). If he wants to know about spying suggest he speaks to someone from the former East Germany
You'd think so, however Facebook already sneakily spies on your way around the web.
See those innocent looking "Like" buttons popping up everywhere? Facebook are the ones serving them so they known what you're looking at (and knows it's you if you haven't disabled cookies)
There's even a damn gnu on the Freedom Box website. Surely it can't be THAT hard?
I will watch this project with interest...
I've heard about that. It's called Opera Unite
Too bad it requires you to leave a computer on 24/7 at home.
Pym's law states that there is no limit to the amount of resource an individual can use given that the resource is free. It shows us that functions like secure back up will quickly outstrip the storage space available, no matter how big that storage space currently appears.
He's on to something
Whilst I'm not sure a dedicated hardware solution is the answer, it's good to see people questioning the dominance of the large cloud-based providers.
Back in the days when building your own website was highly technical, there was a place for locked-down easy-to-use templated systems - like Facebook - but now there are codeless web development systems available where you can build your own site, host it on your own hardware, under your control, for free - there is no excuse. You don't need to be a programmer any more.
Aha, I hear you say, but the benefit of services like Facebook is the 'network effect' of all its users. But there's no need for that to be centralised. After all, the whole underlying structure of the web assumes resources will be all over the place.
..I kind of Opera Unite on a low power pc?
How much storage would you have on this little magic box.
My Latop has 42gb and my home pc has 300gb of data to back up.
My friends have a couple of TB each.
Even my mom has about 10gb of stuff.
Wake me when he's got a real product to promote instead of a bunch of ideas and pipedreams.
- Leaked screenshots show next Windows kernel to be a perfect 10
- Amazon warming up 'cheapo web video' cannon to SINK Netflix
- Something for the Weekend, Sir? I need a password to BRAKE? What? No! STOP! Aaaargh!
- Episode 13 BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
- Vulture at the Wheel Ford's B-Max: Fiesta-based runaround that goes THUNK