[Freedombox-discuss] Initial User Experience (was: Tor .onion domains)

Michael Blizek michi1 at michaelblizek.twilightparadox.com
Mon May 9 15:59:55 UTC 2011


On 15:50 Mon 09 May     , Jonas Smedegaard wrote:
> On 11-05-09 at 02:39pm, Michael Blizek wrote:
> > Why does the *box* need a name???
> To be reachable.  MAC address or IP number is less user unfriendly.

OK, this explains some things. But I disagree at one point here. The box
should not have one name/address. It should have several - one for each
identity - or none if the user wants to be invisible.

> > Sorry, but I disagree. Making your name public and maybe even linking 
> > it to your IP is something a would call very high risk. When 
> > publishing stuff, the user has to evaluate the risk for himself.
> Not "your name" but "the name of your box".
> So you consider e.g. owning a domain name "very high risk"?  I don't.
> I do consider it very high risk to own a domain name in combination with 
> doing criminal (according to your government, if not to yourself) 
> activities, but such _combination_ is a different matter.
> Please give examples of what you consider low, medium and high risk (not 
> just shoot down my suggestions).

It is not having a domain which is dangerous. But having a dyndns name which
links your name with your IP address is. The user may think he is at least
somewhat anonymous due to a dynamic IP. Then freedombox comes and...

low risk:
No user data is visible to anybody elseand your IP address is only visible to
nodes which anonymise (your) traffic. e.g.:
- running a tor bridge/middle node
- running a wlan hotspot which tunnels everything over tor

med risk:
User data may be visible and your IP address may be visible an some cases, but
not in a way which imposes a too serious risk. e.g.:
- you may share data with friends, but not with the public
- you may have a dyndns pointing to your machine; However FB should not
  suggest users to do this unless there is anything which really needs this.
- you may operate a filtered wlan hotspot

high risk:
- part of your data is visible to the public
- running a tor exit node or other proxy server

I put publication things high on the risk scale, because I think users really
should be aware what they are doing when they publish things. In many
countries there is no free speech. Even in countries with free speech there
are often tons of restrictions. Actually I do not think we should categorise
publication into any "risk class" at all. I proposed using it for ressource
sharing only.

> > > There is a bunch (well, in first revision a rather tiny bunch, but 
> > > still) of services on the box, and he is done when picking and 
> > > activating at least one of those.
> > > 
> > > The box need to somehow prioritize what to suggest first - to rate 
> > > the services.  Jim already tought the box a tiny hint about risk 
> > > level in the answer of the exposure-of-name question.  But too 
> > > little yet.
> > 
> > This might be a way if your goal is publication and communication. But 
> > I do not see it fit for ressource sharing. How do you expect users to 
> > do ressource sharing without doing any of the 
> > publication/communication stuff?
> I fail to see it much different, and did hint about resource sharing.
> Please play along (not just shoot down): Describe how _you_ imagine 
> ressource sharing being experiences by our friendly non-geek end-user.
> Perhaps your emphasis on solving some details you see as tricky might 
> enlighten me on what you find weak in my draft.

This about users wanting to do these things:
- "I want to use this to back up some of my data in the LAN, but I do not want
  to bother with these social networking stuff."
- "I want to setup a blog as a tor hidden service."
- "I want to share some photos in my LAN. I also do not care whether it runs a
  tor hidden service."

None of these need any DNS. When the user says he wants to setup a blog, we
can ask him how ho wants to do this:
( ) dyndns
( ) static ip
( ) remote webspace via ftp
( ) pagekite
( ) tor hidden service
( ) ...

> Let me try play along with you (even if I suspect that I disagree on the 
> premise): our friendly non-geek becomes in danger if using the 
> FreedomBox for blogging.  Do I get that right?

Partly yes. If you do blogging you should know what you are doing.

> Then what do you consider sensible to offer our friendly non-geek?
> Let's talk about user experience that makes sense.

1) Setup (dyn)dns only if needed and after a warning that it may reduce your
   anonymity when surfing the web. If not needed, the user should never be
   asked. If needed, the name belong to services (e.g. your blog) and will be
   automatically inactive if the services are turned off.
2) Allow the user to do blogging and stuff, but after a warning that his data
   will be visible to others.

> I see no contradiction.  Makes perfect sense to me to provide the user 
> with _both_ fuzzy (a.k.a. "complex and confusing") suggestions at an 
> initial summary page (if we for a moment assume that we are talking 
> about a web-based user interface) and _also_ provides a link to a page 
> listing all available services, sorted by some sensible yet static 
> grouping.

You could ask the user questions like:
[ ] I want to stay in contact with friends
[ ] I want to publish
[ ] ...

and then suggest applications and set up dns *as* *needed*. But please do not
start with:
Enter your DNS name:____________________
( ) I want everybody in the world to know me
( ) I want it public
( ) I do not want it public

... and then discard(?) the dns when the user says "I do not want it public".

programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com

More information about the Freedombox-discuss mailing list