[Freedombox-discuss] Rouge Freedomboxes and government intervention

[William Gardella]

FreedomBox-Discuss.NeoPhyte_Rep at OrdinaryAmerican.net
writes:

> On Wed, Jun 22, 2011 at 5:11 PM, Neophyte Representative
> <FreedomBox-Discuss.NeoPhyte_Rep at OrdinaryAmerican.net> wrote:
>> On Wed, Jun 22, 2011 at 4:47 PM, Jonas Smedegaard - dr at jones.dk wrote:
>>> On 11-06-22 at 04:43pm, Neophyte Representative wrote:
>>>> On Wed, Jun 22, 2011 at 4:33 PM, Jonas Smedegaard - dr at jones.dk wrote:
>>>> > So due to violent regimes killing Karlas, you suggest we do not
>>>> > label a box helping Joannas making a silverlining of the cloud as
>>>> > "FreedomBox"?
>>>> >
>>>>
>>>> Yes.
>>>>
>>>> I don't take The Ultimate Sacrifice lightly.  I'd MUCH prefer we have
>>>> those folks alive to help make progress.
>>>
>>> How?  By putting not yet stable stuff into early releases of FreedomBox?
>>
>> I agree the ultimate extension of my logic is that only extremely
>> tested, stable components should be advertised as FreedomBox
>> components.  Given my understanding of The Ultimate Sacrifice, I
>> believe we owe Freedom Fighters nothing less.
>>
>> What, Jonas, do you understand the phrase "The Ultimate Sacrifice"
>> means?  Do you understand any responsibility for allowing a false
>> sense of anonymity?
>>
>
> First my apology for raising the heat in this discussion without
> adding to the light.  In subjects where I invest my passion, I have
> found I need to avoid face-to-face communication because I cease to
> think clearly.  It has been obvious to me for some time that telephone
> conversations and Internet Relay Chats suffer from the same effect.  I
> guess even the delays inherent in email are insufficient to keep my
> thoughts well structured.
>
> As you can see I have some fears for the some of the participants in
> this enterprise.  Let me now propose a scenario that better addresses
> those fears.
>
> Make FreedomBox a brand.  We need to work on the many components that
> can be used in A FreedomBox.  We need to do that in a manner that
> allows thoughtful self-education about the risks and thorough testing
> against well documented test packages to occur.  If, instead of a
> downloadable FreedomBox image, we offer a Branding of components, we
> can work on each component within the facilities of the Debian project
> without making it look like a thoughtless download implements full
> anonymity.
>
> This way Joanna gets to use a Debian release with the quality
> implications of such an improved product, but Karla learns there is
> much to consider about using her download as a weapon in a serious
> fight by following the discussions of the improvements of the Debian
> components.
>
> I think that addresses my fears and hope it adds some enlightenment to
> the project.


For both Joanna and Karla, we're not going to get to the point anytime
soon where someone can simply turn on a plug computer or an old
hand-me-down computer, install a debian-stable Pure Blend to it (or run
said Pure Blend as a liveusb/livesd/whatever), and expect Complete
Security.  I think some of these concerns, though, can be addressed
through documentation and even through the Freedombox Pure Blend's
version of the Debian installer.  Documents like the anonops.ru guide to
anonymity should be included, and the installer should give lots of aid
and guidance in the configuration of all the networking and storage
components of the Freedombox, from mail to Tor to NAS services, all with
security-minded defaults.  It should also enforce/recommend good
security practices, like only allowing SSH authentication in public-key
mode by default.

It's also worth pointing out how atrociously bad the tools currently
used by activists really are--any step beyond current norms, where the
protesters in the most heavily censored and monitored countries are
using Facebook, Twitter, and Gmail, and thus leaving themselves open to
being completely cut off from their network, is an improvement, and the
more nodes the more improvement.

Also, from a technical standpoint, I'm not sure the "silver lining" and
the "perfectly anonymous box" can ever really be the same physical
system, even if they can be based on the same OS distribution.  The
"silver lining" server Freedombox is an inherently stateful system which
is vulnerable to physical access even if all of its software is free of
exploits.  The anonymous Freedombox could run the same operating system
very easily, but should be a live or ramdisk system with only volatile
state--nothing persistent that could be seized by a legal or illegal
search.  Tin Hat Linux is an interesting example of one such system that
aims to provide a degree of protection to physical access attempts; it's
a Hardened Gentoo distro which resides solely in a ramdisk by default.