Concerned about Facebook, Google, and other companies that make billions brokering sensitive information, free-software champion Eben Moglen has unveiled a plan to populate the internet with tiny, low-cost boxes that are designed to preserve individuals' personal privacy. The Freedom Box, as the chairman of the Software Freedom …
I don't think it would have any real effect on facebook - FB'ers love to use it wherever they are and whenever they want. This isn't going to supply the same experience.
However, the idea of being able to side-step the monitoring/controlling culture that has grown so rapidly is very appealing. I hope it seriously takes off from that point of view.
Of course, that would trample over so many gov & business interests that I think the birth is going to be somewhat difficult.
God bless you, Eben
So you plug the box into a wall, and then what happens?
A secure, democratically run and operated Facebook auto-magically appears? And 500 million users auto-magically sign up to it?
I'll always respect the man who drafted the GPL, but F/OSS types have never been very good at writing software that non-geeks want to use. That seems to be the bit Eben has forgotten.
Maybe it's time to think of that nice retirement shack in Hawaii, the bloke deserves it. But less "brainstorming" like this please.
Hack one appliance, pwn the world. He sees a single cheap and simple answer to all our privacy / security issues, I see the most effective tempting of Fate in history.
There's an old saying about eggs and baskets that applies here. At least I have the choice of *not* entrusting my data to Facewank....
As a geek
I love the idea of running a Linux micro-server. Heck I already run my own email server.
Of course the services provided by these boxes would have to offer a high level of security, and if I was going to host other people's data without knowing what it is, I would want a decent level of immunity if that data turned out to be illegal. Getting in trouble for what someone else has done behind your back is the opposite of freedom.
Nonetheless it sounds like a worthy idea. A decentralised peer to peer "cloud" run by the people for the people. Everything open-sourced so that security can be confirmed and improved rather than simply assumed. At any rate it's gotta be more secure than trusting Facebook with all your data.
I don't know if it will take off though. No doubt governments and lobby groups would shit a brick; "if we can't control it then all sorts of illegal things will happen". It's a bit like arguing against space exploration because colonising space will surely lead to a spate extraterrestrial rapes. It's just a bullshit argument people use to scare each other out of making any meaningful progress in their lives.
They want to believe that the world is too dangerous for us to be allowed any real freedom and in the process they make that danger a visceral reality by cultivating the idea that a constant state of autopanic is not just healthy, but a duty you owe to society as penance for being born. Sort of religion 2.0 if you will.
Go back to sleep, the Facebook has you.
Round of applause
If for nothing else, anyone who so publicly speaks truth unto Zuckerberg gets my vote.
Forget the box
Not sure why the "box" has to be part of the offering TBH. I suppose it's nice (and probably necessary for most of the technofear crowd) to get the whole thing as a turnkey appliance, but I'd hope that the software will be readily available for install on other hardware. Some of us already have always-on devices that would do the job just as well. As others have mentioned, this is pretty much what Diaspora, and that Peerbook thing that sadly sank without trace were getting at.
I guess there'd be a homogeneity angle: one user, one box, with the same spec in capacity and grunt, contributing the same and getting the same in return. But then again, parity in connectivity is impossible (for the foreseeable future in the current consumer comms world) so all boxes cannot be equal anyway. What if the peer (or, I assume, peers) housing your data nuggets all happen to be housed on boxes that are on dialup, or in the home of a massive bandwidth-hog?
Dr Moglen, if you can pull it off, this pint's for you.
Not so implausible
You could do this with a device which would work like a smart WiFi router, running Debian and I2P (http://www.i2p2.de) for security. Doing it for $29 might be a stretch....
I really like this idea
While I do it, I am not comfortable storing my backups in the cloud.
I’m entirely dependent upon the goodwill of the service provider and I have to trust them with my data.
To mitigate this problem I currently compress and and encrypt my critical backups to a single file which I then upload to the service provider. This means that the data should be useless to them – but it does make for a rather inefficient upload.
However the concept of a cloud of peer-to-peer devices capable of storing portions of my encrypted data – something like bittorrent – is facinating.
The only thing is; do we really need a dedicated device – surely this could be done (or is perhaps is already being done?) via our existing machines.
swing and a miss
I would suggest that the average user doesn't care enough about privacy to bother with this.
Can you imagine Paris taking the time to configure exactly which of her banal status updates and indiscrete photos are available to exactly whom?
The people of Egypt might care...
The governments of the world are becoming more brazen in their attempt to reduce the ability of people to communicate with each other freely, and to control what people are able to see in Internet. People will care when it is too late, like what happened to the people of Iran with their revolution. The point of this device is to prevent the government from controlling everything, and to build awareness of the problem.
The problems will be non-technical, I suspect
The UK already imprisons people for refusing to disclose encryption keys. Next time the government is feeling a bit blairish, they'll find a way of defining ownership of these devices as "going equipped to commit acts of terrorism/domestic extremism/whatever".
I'd rather build the functionality into some other kind of always-on device which has another overt purpose, e.g. a GSM femtocell or an intruder alarm or a fridge or (Oh the irony) a home protection CCTV system --- come to think of it a wireless IP camera is quite a good cover job as it already has the radio hardware for partaking of meshiness.
So like a cloud ...
... "Secure backups that automatically store data in encrypted form would be performed on the Freedom Boxes of our friends"
Only without the SLA. So basically, like the cloud, but even worse.
I think I'll continue to store my securely encrypted data in my fire safe then, ta very much.
It's been tried before
Back in 1996, John Gilmore proposed putting Linux-based "crypto walls" on the boundaries of every network, which would opportunistically IPSEC-encrypt all traffic in and out of your network when the other side supported it too. His goal was to have 5% of Internet traffic encrypted within one year. He failed.
I suspect the main cause of failure was lack of any global trusted key infrastructure. However the idea *might* work if it was restricted to just your circle of friends, and you explicitly set up links between them.
You would need some sort of "pairing" mechanism to make this as simple as possible whilst remaining secure. For example, your box generates a one-time password, which you print out and give to your friend (or E-mail it, if you are not too paranoid) and they use it to establish the first connection. Under the hood it might issue a certificate from your own CA, for instance.
With a large circle of friends you'd want to avoid the N^2 problem, so you could provide a simpler way to join friends-of-friends, maybe with a simple click via an existing pairing. The other party would have to accept or reject this too, of course.
Most of that aready done?
It's been a while since I looked at it but IIRC some of that sounds a lot like the One Swarm project - or at least I think that's what it's called :)
The evil overlord
“has done more harm to the human race than anybody else his age.”
I do love temperate academic statements. Mr. Zuckerman is 27. By the age of 22, Alexander the Great had (to mention nothing else) laid waste Thebes, Tyre, and Gaza. I really don't regard getting adolescents to post naughty pictures of themselves as being on the same scale as mass murder.
I beg to disagree, sir.
After all, Justin Bieber is only 16 or so.
Look at the damage he's inflicted. I fear he's only getting started...
I like the general guard/store-your-own content idea...
...but I don't see a one-use standalone purchase making much headway compared to the free, managed, on-line services like Facebook etc.
However, if the general concept can be rolled into other devices seamlessly, say into a media server box (a-la-Apple-TV), integrated into a TV, or, for instance, installed within a connected personal media device, say like your smart phone, then there is probably a rosy future for this concept, once someone has battled with the security aspect (can you say "war-walking").
Now, that's an idea, perhaps someone could tell Champneys, who email you your username and password when you sign up for their site and then offer no way to change your details (I bought the missus some stuff for Valentines), I've had to ask them to delete the account.
I'm just going to put all my money, credit cards, photographs of my family, oh and my dog in this box for safe keeping. You won't be able to steal it because it's prot.... oh.... it's gone.
Cable Co says No
The general public is so walled off behind NAT, firewalls, and throttles that peer-to-peer communications would be fragile at best. The Skype supernode collapse was a good example.
This will all be fixed when competition between ISPs forces them to upgrade to IPv6 and allow the free flow of traffic. Any day now. Holding breath...
Together with IPv6 it would save a lot of problems
Instead of having to upload your pictures to Facebook or Flickr in order to share them with your peers, you can now just upload them onto your server and send the URL. Essentially you can have your own cloud.
A title is required
So in theory, this device sounds like it can be the basis of the world's first completely independent, distributed spam and malware distribution network. Or am I just being cynical?
Why couldnt this software be an add-on to existing home routers? Or a replacement OS? Use NAS storage vs USB drives.
How long will it be before an exploit is found and there are bad things happening on this network of magic boxes?
How will they be addressed? IPV6?
Re: Another thought
Well essentially you could do that. However in many markets the router is controlled by the ISP, so an extra little box would have it's advantages.
IPv6 would be a sane way to address them.
Obviously another important step is that you have many independent implementations, so a single flaw won't to much of a problem. Besides once you avoid a few problems, it's comparatively easy to write secure software.
I dont see it flying.
it reminds me a lot of Segway, before they were available to public. They sounded cool and all (to some), but the glitter quickly faded when regulations and the reality hit that they weren't all THAT handy.
There are 'free' ways around the privacy issue for those really concerned that Facebook and Google are up to all kinds of evil with the menial data they gather from us..
Like I'd trust the French with my data . . .
ISPs generally do not expect their high-speed internet customers to be running servers out of their homes. In the case of cable internet, as well as some other services, there's a lot less bandwidth in the reverse direction. So, at least initially, people using these boxes would face problems similar to people using peer-to-peer file sharing systems (well, not including getting sued by the music industry).
Freedom doesn't come in a box ("What a country!")... it will need improvements in the Internet connections that come to our homes as well.
"Nonetheless it sounds like a worthy idea"
Yes, that's the trouble.
Privacy or piracy?
Back in the Good Ol' Days, it was possible to buy land and other property from more innocent (so called 'primitive') demographics by offering shiny beads and mirrors.
Today we use free e-mail, storage and shiny mirrors (Facebook).
Those for whom their privacy is worthless or 'fair exchange' are destined to become the colonised slaves of these gift-bearers...
What the nerds are doing today, everyone else is doing tomorrow.
Many many nerds already run their own home server they can ssh into from outside, often hosting a personal website and maybe more. Some even use a SheevaPlug to do this. Bundle this up so it's easy and it's quite possible it could sell well. Reason being, it doesn't just replace facebook and other cloudy services, it gives you more power then you had before. For instance remote access to home devices. You just have to make this all easy and it really could sell like hot cakes. One related cool tech no one has mentioned that I see related is n2n, the p2p vpn.
Bulletproof photo/financial record/birth certificate repository
Free online storage services such as dropbox, Virgin Media's 'stuff' etc provide no guarantee as to the actual integrity/availability of the data. Hell, even massive commercial cloud based services aren't using RAID class drives, ECC RAM or ZFS. But an eSATA (USB is FAR too slow) disk/nas formatted with ZFS and using rSync for offline backup with my family & friends... well, that's what I'm building. Now, if I can persuade my neighbours to join in wirelessly, I can have distributed off-line/off-grid storage and be part of Cameron's Big Society :-P.
2TB Wireless, MobileMe connected Time Capsules maybe pricey but when John Lewis are selling them to middle-aged, middle-class to people like my parents...
People are actively looking for alternatives to Facebook and some people just refuse to use it, it's only a matter of time before something better replaces it.
Paris, because she'll rSync with anyone.
Eben Moglen explicitly mentions "the willingness of Google to resist the state" as one reason to use this. If the state is on your case, I'm afraid you're SOL on an awful lot of levels, and this box ain't gonna help you. In fact you're probably better sticking to FB and hoping you don't get spotted in the background noise.
But it isn't in stores yet.
There used to be a tiny device called 'Yoggie' that had similar functionality built into it, but the company went bust, taking everything with it as it was subscription based, and expensive.
If Moglen wants the Freedom Box to be real, and stay real, it has to survive birth.
- Product round-up Coming clean: Ten cordless vacuum cleaners
- Something for the Weekend, Sir? I need a password to BRAKE? What? No! STOP! Aaaargh!
- Episode 13 BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
- Vulture at the Wheel Ford's B-Max: Fiesta-based runaround that goes THUNK
- Worstall @ the Weekend BIG FAT Lies: Porky Pies about obesity