[Freedombox-discuss] Initial User Experience (was: Tor .onion domains)

Jonas Smedegaard dr at jones.dk
Mon May 9 10:43:16 UTC 2011

On 11-05-09 at 07:36am, Michael Blizek wrote:
> On 18:16 Sun 08 May     , Jonas Smedegaard wrote:
> ...
> > I imagine a box offering these - as yes/no or as gradual sliders:
> > 
> >   * Selfish -- [ ] modest  [ ] medium  [ ] mostly
> >     [ ] store own secrets
> >     [ ] ask friends to keep backups of my secrets
> >     [ ] fetch torrents
> >     [ ] connect to Tor
> >     ...
> >   * Among friends -- [ ] modest  [ ] medium  [ ] mostly
> >     [ ] keep backups of friends' secrets
> >     [ ] share files
> >     ...
> >   * Public -- [ ] modest  [ ] medium  [ ] mostly
> >     [ ] publish documents ( website, blog...)
> >     [ ] act as mirror for friends' public documents
> >     [ ] contribute to WikiLeaks-like mirror of others' secrets
> >     [ ] run a Tor exit node
> ...
> > The idea is to emphasize egocentric vs. friend-oriented vs. 
> > world-contributing, and for each sort by how controversial the tools 
> > are.
> I think a sharing page which make a distinction based on the risk 
> rather than friends vs. public is more straightforward.

[details snipped]

> Whatever you publish or for yourself should not be here. There should be a
> separate page where you can configure whether you want to run web/mail/...
> servers or not. 

And slightly later, Michael added:
> OK, maybe this "quick configuration" is not such a good idea in this 
> way.
> Maybe more like:
> ( ) no sharing
> ( ) run low risk low traffic services
> ( ) run all low risk services
> ( ) custom
> ... or directly showing the custom config...

I disagree.

I believe that from a user point of view, before even considering risk 
level, there is a question of "who do I want to provide freedoms?".  
Risk level can even be skipped - default is obviously "no risk".

If I gave such a box to my mom, then - even though being my mom and 
therefore quite curious and encouraging about what I do myself - she 
would likely turn off the box again, not run such a thing under her own 
bed, if its main question communicated to her was "how much risk are you 
willing to take?"

But let's not talk about my mom.  Let's invent a persona - Jimmy:

Jimmy is not at all interested in engaging in cyberwar - he just wants 
to hang out with friends.  Some of his friends do not appear at Facebook 
and asking them about it In Real Life, they suggest him to go buy one of 
those FreedomBoxes to join their virtual hood.  Sure, some of those 
friends may be Freedom Fighters, but he is not (yet).

Jim activates the box, is asked a few questions, and is then hooking up 
with his friends.

What was he asked?  Was he - up front - asked about risk level?  Nope, 
that was not necessary, because anything that can be applied a default 
need not be asked - and the sensible default here is "no risk!"


The "no risk" of being killed in traffic is to stay in bed - or no, 
wait, then you can still be killed by a car or jumbo jet crashing into 
your house, so really the "no risk" of being killed in traffic is to 
commit suicide so that you are sure to be killed by something else.

The act of buying (or accepting as a gift) the FreedomBox is slightly 
risky, and turning it on raise the risk.  As does telling the box your 
maiden name, and teaching it the names of all your 
friends/lovers/crime-buddies or the pin code of your creditcard.

So really it is not "no risk" but "tiny risk" or "in the safe zone".


First, Jim is asked the very minimal of personalizing his box: Give it a 
name!  Technically there is more to it - a cryptograhically unique blob 
is generated, which stays on the box for now but is used later as basis 
for e.g. WebID and GPG.  If later creating additional names for other 
members of the household then more such blobs are created, and if later 
doing a reset then the blob(s) are erased from the box.

Next he is asked if the name is a) private, b) can be revealed when 
anyone asks, or c) is proactively promoted to the world.

Above he implicitly made choices affecting the risk level.  The machine 
cannot know if he stupidly named the box after his creditcard pin code, 
but if he chose b) or c), we can start show a little "risk meter", still 
far down in the "safe zone".  Jim can perhaps (depending on the UI) 
click on this risk meter to get to those questions on preferred risk 
level, but if not it is simply informed to him what his actions cause on 
the risk meter.

With name and exposure-of-name, Jim now has a machine which he can 
reach, and if he chose b) or c) then others can too.  It does nothing 
other than that, because no services was activated.  So he is not yet 
finished with its initial activation.

There is a bunch (well, in first revision a rather tiny bunch, but 
still) of services on the box, and he is done when picking and 
activating at least one of those.

The box need to somehow prioritize what to suggest first - to rate the 
services.  Jim already tought the box a tiny hint about risk level in 
the answer of the exposure-of-name question.  But too little yet.

We don't wanna scare off neither Jim nor the friendly journalists 
checking out the potential doomsday machine, so by default we want to 
suggest some harmless services.

If Jim chose a) as exposure-of-name, then e.g. Backup-of-PC would be 
proposed first, as that involves only himself and the box.  When 
multiple services rank equally high then (depending on UI) they are 
shuffled around at each view.

If he chose c) then also Live-chat and Public-website (with optional 
blog and microblog extensions) would rank highest.

If activating e.g. Host-public-web-forum or Public-website with blog AND 
public comments enabled, then in addition to the risk meter would emerge 
an altruism meter, being low initially (so far _interest_ in altruism 
exist, but none practiced yet).

If Jim chose b) or c) then a Find-friends feature emerge.  Until some 
friends are actually located it is possible to activate friends-only 
services, but they rank at most next-highest as it makes little sense 
to socialize alone.

With at least one friend located, e.g. Offer-backup-mirror-for-friends, 
Friends-only-chat and Friends-only-website rank highest together with 
selfish and self-centered (and if c) chosen also altruistic) services.

If Jim chose a) then e.g. Offer-backup-mirror-for-friends would still 
rank pretty high, because maybe Jim didn't realize initially the 
consequence of avoiding the social network. If then selecting a service 
which require proactive exposure of machine name to his friends, before 
it is activated he is asked if ok to change his former choice for 
exposure-of-name - and the risk meter then goes up accordingly.

The meters not only measure based on core exposure-of-name config and 
choice of activated services.  As mentioned already, altruism meter also 
measures how much offers to the public is in fact being used.  Similarly 
risk meter takes into account what kind of services are active, and the 
meter can be configured to weigh e.g. "public exposure" or "friends not 
part of selected GPG web of trust" as especially risky.

What do you think?

Anyone wanna actually implement it?

I imagine the "intelligence" of slowly more personalized prioritizing 
done by clever use of SPARQL interactions to a local 4store database.

4store is in Debian now.  Clever queries still pending.

 - Jonas

 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110509/bf0088bb/attachment.pgp>

More information about the Freedombox-discuss mailing list