[Freedombox-discuss] FreedomBuddy to use Tor to resolve IP address of nodes?

Jonas Smedegaard dr at jones.dk
Sat Jan 5 15:20:49 UTC 2013 

Quoting Graham Burnside (2013-01-05 15:15:05)
> I've had a couple of hours recently to catch up on how freedombox is 
> developing. I was reading through the debian wiki and noticed that the 
> method being used to resolve the IP address of nodes in the network is 
> via Tor hidden services.

It is true that some are discussing how to penetrate masquerading 
firewalls and how to discover nodes.  Also true that some find Tor 
suitable for handling those issues, and actively explore that option.

Some of us, however, consider FreedomBox a project to mainstream 
privacy-related functionality that is already mainstream among geeks.

With "mainstream among geeks" I people who install packages with 
aptitude (or apt-get) and generally rely on Debian to provide sensible 
defaults for those packages.

I believe Tor is only relevant to consider including into FreedomBox 
when someone can provide sensible defaults for it which can be 
integrated with the Debian packaging of Tor.

Until then, Tor is outside the scope of FreedomBox, in my opinion.

Don't get me wrong: Tor is a _very_ relevant tool, my point is that it 
is not yet mature enough to mainstream among non-geeks, when not even 
mainstream among geeks yet.

Same goes for any other exciting inventions - I do not mean to 
fingerpoint Tor specifically, that just happen to be the one you 
emphasize so I feel a need to "de-emphasize" it.


> I know that Tor is well tested, but is this not far too centralized a 
> way of bootstrapping the networks? More so, is it not going to make a 
> lot of people nervous about hosting a node on the network. It wouldn't 
> take more than the mention of silkroad and CP in the mainstream media 
> to taint the whole project.
> 
> Has there been any discussion into alternatives? Such as running a 
> basic xmpp client on each box, which periodically contacts your 
> friends' boxes with its current IP address, encrypted and signed using 
> PGP? The host freedombox JID could be distributed with public keys. 
> This would allow anyone with a domain name to run a tracker for their 
> friends' boxes, or to just use a free jabber server.

I find your idea interesting.

But please think of FreedomBox not as a box containing unique tools, but 
as a box containing uniquely simple access to common tools.

...which means specifically for your idea: Please implement your idea as 
a common concept independent of FreedomBox, and when it gains some 
traction then suggest that FreedomBox _also_ adopts that concept - 
either at its core or perhaps as an option among several.

It is my understanding that those talking about Tor as core platform for 
Freedombox, seek a high level of privacy, which is more complex to reach 
reliably, and is not yet mainstream even among geeks.

I imagine that those seeking high level of privacy (read: secrecy and 
stealth) would find it outragous that their box would act as a beacon 
towards (most likely centralized, due to the issue of non-public IPs) 
xmpp servers.

What I have not seen (please do correct me if simply I've missed it!) is 
discussions taking into account the level of privacy needed, and being 
realistic about which privacy levels are achievable at an early stage 
reflecting what is already mainstream among geeks - which I call 
FreedomBox 1.0.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130105/f386f7c0/attachment.pgp>

More information about the Freedombox-discuss mailing list