[Freedombox-discuss] don't write code - user-friendly configuration

Matthew Johnson mjj29 at debian.org
Sun Sep 5 19:46:26 UTC 2010 

On Sun Sep 05 21:28, bertagaz wrote:
> > Making a device harder to use won't educate people, it will just limit how
> > many people you can reach.
> 
> More and more people are getting concerned about their privacy, this will
> probably motivate them (as a lot of people on this mailing list did, I
> guess) to search and understand how to protect it. There is an area
> between "fully automatic" and "hard"...
> 
> All internet users did learn with practice and time how it works. A lot of
> hackers did this way, reaching limits with some apps or protocol, reading
> docs... This is the way we learn, it takes time, but the mass of new users
> that came on the internet the past few years will do the same. They'll
> learn with practice, and freedombox might be a good place to have them
> learning what an open and decentralized internet is, rather than what
> companies are trying to sell them or what governments are trying to build
> by closing it.

No, they won't learn. The vast majority of internet users have no idea how it
works - they aren't hackers and they never will be. A device for hackers is all
well and good, but the idea is to make a device for people for whom a computer
is a tool. It's like a toaster, or a washing machine, or a stereo. It's
something that should just work, doesn't require reading a manual - because
they won't, doesn't need them to learn about it in order to use.

> I was just pointing that an automatically configurable box might
> sounds like a nice idea, but might also be an open door to wrong manipulations,
> false sens of security, bad choices for use cases etc. This is like in a
> network, you can put firewalls everywhere, if one of your user download
> the wrong malware, it has no meaning.

I never said it was an easy problem - but if it's not an appliance, it will
only be used by people who don't need one.

> > Not all cloud services are the same.  To take a extreme example, the routers
> > that carry your packets live "in the cloud", and obviously you aren't going
> > to stop using them.  People mustn't forget that the reason we are using the
> > Internet in the first place is because we want to communicate. If we are all
> > completely anonymous and untrackable, then that also means nobody can talk
> > to us.
> 
> This is no argument to me, you're talking about two different things. A
> router is not a centralized service hosting people's data without any
> control of them. Would you have reply the same to Eben during his talk?
> Wonder what his answer would have been...

cloud-hosted data, when you have a freedom box, is a centralized service
hosting my data when I _do_ have control of it - that's the point.

> > People use these cloud services because it is easy, and because they
> > want to communicate, and because they don't see any alternatives.
> > 
> > So if you want to fix that, you have to make an alternative that is also
> > easy and, most importantly, allows people to easily communicate.
> 
> I'm not sure "alternatives" have to follow the same rules of what it's
> trying to move on.

People are not going to change what they want to do. One of the fundamental
problems with security is that when offered the choice of doing something
insecurely, or not doing it at all people will _always_ do it insecurely.  If
you can't provide a way to do what they want securely then your security
mechanism isn't a useful tool any more, it's an obstacle to be circumvented.

We have to provide what users want and, as was said up thread, people want to
communicate with their friends and they want to do so easily. We have to allow
them to do that securely, without getting in their way.

> > I personally think if you completely ignore "the cloud" and refuse to
> > cooperate with today's web, today's DNS and everything else people are
> > familiar with (all of which require at least a little bit of "in the cloud"
> > infrastructure), then you won't achieve any of your other goals.  The trick
> > is to use the cloud, but get the balance right so people's independence and
> > privacy are protected.  We all agree that the balance is wrong today, but
> > there is no need to throw the baby out with the bath-water.
> 
> I think the cloud concept as you define it is too large, and melting
> unrelated things, which doesn't help to understand what we are talking
> about.

That may be true, but you're talking about commercial hosting providers and I'm
talking about commercial hosting providers - you think that they can't possible
have a role here, I'm saying they can. The key is providing the control to the
user.

Just as insecure communications channels over networks you don't control can be
secured by a small amount of crypto on machines you do control, I don't see the
freedom box as replacing all the parts with bits that we control - I see it as
providing that control to the user.

Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20100905/e2814652/attachment.pgp>

More information about the Freedombox-discuss mailing list