[Freedombox-discuss] FreedomBuddy to use Tor to resolve IP address of nodes?

Graham Burnside graham.s.burnside at gmail.com
Sat Jan 5 16:12:44 UTC 2013

On 05/01/13 15:20, Jonas Smedegaard wrote:
> Quoting Graham Burnside (2013-01-05 15:15:05)
>> I've had a couple of hours recently to catch up on how freedombox is 
>> developing. I was reading through the debian wiki and noticed that the 
>> method being used to resolve the IP address of nodes in the network is 
>> via Tor hidden services.
> It is true that some are discussing how to penetrate masquerading 
> firewalls and how to discover nodes.  Also true that some find Tor 
> suitable for handling those issues, and actively explore that option.
> Some of us, however, consider FreedomBox a project to mainstream 
> privacy-related functionality that is already mainstream among geeks.
> With "mainstream among geeks" I people who install packages with 
> aptitude (or apt-get) and generally rely on Debian to provide sensible 
> defaults for those packages.
> I believe Tor is only relevant to consider including into FreedomBox 
> when someone can provide sensible defaults for it which can be 
> integrated with the Debian packaging of Tor.
> Until then, Tor is outside the scope of FreedomBox, in my opinion.
> Don't get me wrong: Tor is a _very_ relevant tool, my point is that it 
> is not yet mature enough to mainstream among non-geeks, when not even 
> mainstream among geeks yet.
> Same goes for any other exciting inventions - I do not mean to 
> fingerpoint Tor specifically, that just happen to be the one you 
> emphasize so I feel a need to "de-emphasize" it.

I would have thought that the firewall penetration will be a non issue,
the boxes will presumably be connecting via a IPsec VPN (Strong Swan)?
In tunnelling mode this would allow NAT traversal. Finding your friend's
box (node) is the problem, for which we must rely on some form of
dynamic dns.

>> I know that Tor is well tested, but is this not far too centralized a 
>> way of bootstrapping the networks? More so, is it not going to make a 
>> lot of people nervous about hosting a node on the network. It wouldn't 
>> take more than the mention of silkroad and CP in the mainstream media 
>> to taint the whole project.
>> Has there been any discussion into alternatives? Such as running a 
>> basic xmpp client on each box, which periodically contacts your 
>> friends' boxes with its current IP address, encrypted and signed using 
>> PGP? The host freedombox JID could be distributed with public keys. 
>> This would allow anyone with a domain name to run a tracker for their 
>> friends' boxes, or to just use a free jabber server.
> I find your idea interesting.
> But please think of FreedomBox not as a box containing unique tools, but 
> as a box containing uniquely simple access to common tools.
> ...which means specifically for your idea: Please implement your idea as 
> a common concept independent of FreedomBox, and when it gains some 
> traction then suggest that FreedomBox _also_ adopts that concept - 
> either at its core or perhaps as an option among several.
> It is my understanding that those talking about Tor as core platform for 
> Freedombox, seek a high level of privacy, which is more complex to reach 
> reliably, and is not yet mainstream even among geeks.
> I imagine that those seeking high level of privacy (read: secrecy and 
> stealth) would find it outragous that their box would act as a beacon 
> towards (most likely centralized, due to the issue of non-public IPs) 
> xmpp servers.
> What I have not seen (please do correct me if simply I've missed it!) is 
> discussions taking into account the level of privacy needed, and being 
> realistic about which privacy levels are achievable at an early stage 
> reflecting what is already mainstream among geeks - which I call 
> FreedomBox 1.0.
>  - Jonas
Tor does provide anonymity, it is also a central record for all machines
see - https://metrics.torproject.org/exonerator.html

As for unique tools, FreedomBuddy certainly the glue binding together
common tools, but no more so than implementing a custom xmpp client with
say python-jabberbot (in debian repo). XMPP works on a client server
basis, so your IP is not being broadcast beyond your trusted XMPP and
DNS servers. If you really need to be anonymous, connect to them over Tor.

Now don't get me wrong, I'm a believer in decentralization, anonymity
and net neutrality, I just don't think that fbx should be rolling out
with Tor enabled in version 1.0  I think that it is a very useful tool,
and when a critical mass is met alongside say, another Arab spring, then
users should be urged to enable the service.

- Graham

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130105/d13032c7/attachment-0001.html>

More information about the Freedombox-discuss mailing list