[Freedombox-discuss] PageKite relay service; risks, community and collaboration?

Bjarni Runar Einarsson bre at pagekite.net
Sun Nov 22 13:34:31 UTC 2015

Hi Markus!

Markus Sabadello <markus at projectdanube.org> wrote:
> Good to hear from you, remember a few years ago together with
> Michiel we submitted an entry to the Access Innovation Prize
> for combining FreedomBox+Unhosted+PageKite. I'm running the
> freedombox.me domain and its associated PageKite service. This
> service is open source and documented at:
> https://github.com/peacekeeper/freedomkite

Yes, I was looking at that and your recent messages about Let's
Encrpt - that's what prompted me to reach out - if folks such as
yourself are willing to put in that kind of effort, then there
might be more people interested in a community relay service than
just me. :-)

> I believe charging users a small fee for a domain name and
> connectivity is acceptable.

I no marketing guru, but I still think that unless this is
included in the price of the hardware itself, it'll be a hard
sell. Which isn't necessarily a problem since FreedomBox will
never reach the masses without a manufacturing pipeline. For the
hackers and tinkerers who roll their own, you may well be right,
they'll know how and want to own their own domains etc.

My logic may apply more strongly to my own work, Mailpile, since
there isn't necessarily a hardware component there, it's just a
free download.

For Freedombox, it's still worth thinking about what this means,
in particular so that if (when!) someone starts mass producing FB
hardware, the path forward is clear.

> So, your idea of a community-run network of PageKite services
> sounds very interesting, and I think we'd all like to learn
> more! If you have any more concrete thoughts, I'd love to
> contribute and try out ideas, etc.

I touched on most of the concerns and potential solutions in my
last mail - I think the best "design" for this, would be to
decouple the DNS part of the service from the relays. So the
ecosystem would look something like this:

1) Volunteers run relays according to a community code of
conduct. 2) One or more orgs keeps a registry of existing relays,
tests them for compliance with community standards (e.g. make
sure clear-text HTTP is unavailable). 3) Organizations sell or
give a way domain names; included in this service is a dynamic
DNS and DNS-based PageKite authentication (so a relay can
validate a tunnel request).

Roles 2) and 3) could be merged; their technical requirements are
quite similar, both will need a dynamic DNS service and user
database of some sort. This is a technically sophisticated role
and handling abuse etc. happens here, so these are organizations
rather than individuals.

For security reasons (as discussed in my last post), role 1)
should be separate. This is where even small players can
contribute to the network.

Some extra hacking might be needed on pagekite.py so the pagekite
relays know how to send auth requests to different places
depending on domain, but most of this is just a matter of
deploying existing tech and coordinating the communities. I would
probably release as OSS a bit more of the pagekite.net dynamic
DNS stuff to facilitate things if there's interest.

> There's a FreedomBox progress call today (Sunday), maybe you
> have time? https://wiki.debian.org/FreedomBox/ProgressCalls

I'm a bit overloaded with stuff today (am on the road a lot) so I
doubt it - maybe next week, if this is a weekly event?

All the best,
 - Bjarni

PageKite.net lets your personal computer be part of the web.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Encryption key for Bjarni Runar Einarsson.asc
Type: application/pgp-keys
Size: 14227 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20151122/38b173e1/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP Digital Signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20151122/38b173e1/attachment.sig>

More information about the Freedombox-discuss mailing list