[Freedombox-discuss] Package Lists and Configuration

Johan Henselmans johan at netsense.nl
Thu Feb 7 10:23:16 UTC 2013 

On 7 feb. 2013, at 06:03, "Nick M. Daly" <nick.m.daly at gmail.com> wrote:

> Johan Henselmans <johan at netsense.nl> writes:
> 
>> I mention this because it seemed that in the Syrian situation there
>> was a rumor that satellite phone locations were used for rocket
>> attacks.
> 
> I believe that occurred, though I do not know the names involved.  Can
> anyone verify?
> 
>> The only solution I see is some server that will distribute your
>> current IP address based on who you have indicated to trust. Which of
>> course leads to the question who to trust that server.
>> 
>> Do you guys see/know any solution for this problem?
> 
> My solution to this problem is closer-ish to being done than it's ever
> been before.  It's the FreedomBuddy project.  It requires that end
> users (Alice and Bob):
> 
> 1. Meet in person to verify and trust one another's PGP keys.
> 
> 2. Alice sends Bob one message that contains the services she'll host
>   for Bob and locations where Bob can contact her through any supported
>   medium.
> 
> 3. When Bob needs Alice's services, he'll (1) start using them or (2)
>   send Alice a reply letting her know where he's hosting any services
>   for her.  That reply will include the locations Alice should reach
>   out to find Bob.
> 
> Why is this useful?  Alice and Bob may choose to use (pseudo-)anonymous
> transports to communicate, like Tor, GNUnet, etc.  They'll be able to
> establish communication paths for any system using any or all of those
> transports at once.
> 
> Finishing the outstanding functional problems (small amounts of delicate
> work) are what remains at this point.  The UI will be terrible, for now.
> Later, once the functional work is complete, it'll get pulled into
> Plinth, and will have a less terrible UI.
> 
> Nick


Thanks Nick, I have just read up on the FreedomBuddy project. (http://wiki.debian.org/Freedombox/FreedomBuddy). 

That seems a solution, until your tor/GNUnet endpoint service is compromised, which seems not too hard, considering we are talking about bad guys not encumbered by  legal restrictions. 

Compromised GPG keys is the other problem.

I still have a GPG key created in 2001, which I am sure is on some keyservers. My sloppy security behavior ( the private key had been transported from server account to server account, some of which I am pretty sure they were compromised), combined with some rainbow-tables and other brute force attack scripts make it sure that my private key would be compromised by now-if anyone would be interested.

A solution would be to make sure anyone would have a smart-card derived PGP key with opensc, so that if you can not find your smart card you should assume your key is compromised. That also poses the problem of losing ones precious would make your freedombox data lost. 

But perhaps you have  already discussed that kind of setups. 

Johan Henselmans
johan at netsense.nl

More information about the Freedombox-discuss mailing list