[Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
Bjarni Rúnar Einarsson
bre at pagekite.net
Tue Jul 10 12:49:40 UTC 2012
On Tue, Jul 10, 2012 at 12:08 PM, Melvin Carvalho
<melvincarvalho at gmail.com> wrote:
> Thanks for the explanation. In practical terms, where, typically
> would/could this reverse proxy run?
There are a few options:
1) A commercial provider (e.g. my pagekite.net service)
2) A VPS or home server with a public IP (so a friend could run it)
3) A grassroots organization of volunteers
Of these 1) and 2) are real today, 3) is not.
For out-of-the-box instant gratification and user-friendliness, 1) and
3) are realistic options, I tend to think 2) is not.
Also note that 3) is IMO not a realistic option for clear-text
traffic, because there are significant risks of abuse by malware
authors and other nasty folks who would just love to "volunteer" to
inject crap into your websites.
> One of the fundamental motivations for freedombox is for a user to keep
> their own logs. Therefore, if I've understood correctly, trust in the
> reverse proxy would need to be paramount?
Your web server logs stay on your web server. :-)
PageKite as written does not log much when running as a relay, it even
obfuscates IP addresses before writing to its log. It does not log
the contents of a stream.
Of course, anyone could hack the code and add more snooping, but that
is already the case for all the other routers you rely on (at you ISP
and the Internet backbone) for clear-text communication.
So as usual, if you are concerned about snooping, you use end-to-end
HTTPS. This reduces the snooping potential to information like: "IP
x.y.z.a communicated with host.foo.com over SSL at Date/Time and
transferred N bytes". Again, this is exactly the same info as all the
existing routers on the Internet can (and often do) already collect.
Using PageKite in MITM SSL mode provides a middle ground where all the
other routers are denied access to the contents of your communication,
but the PageKite relay could still snoop. So there is still a risk,
but it is (depending on who your adversary is) significantly
decreased, especially if you have a good trust relationship with the
person running your PageKite relay (and they know how to keep their
servers secure).
--
Bjarni R. Einarsson
Founder, lead developer of PageKite.
Make localhost servers visible to the world: https://pagekite.net/
More information about the Freedombox-discuss
mailing list