[Freedombox-discuss] Independent email services

Thomas Lord lord at emf.net
Sun Feb 27 16:57:16 UTC 2011 

On Sun, 2011-02-27 at 09:43 +0100, Michael Blizek wrote:
> Hi!

Hi. 


> [....]  I guess relationships between the
> (sub)domain provider and the user can be much more loose. For example, the
> FB-foundation, debian, hardware vendors and others could register some
> domains in order to give users free subdomains. The freedombox could integrate
> an interface for selecting domains from a list and quick registration. Abuse
> by (sub)domain providers could be further to reduced by requiring them to sign
> a contract to get listed.

This is a really interesting problem.   You gave me an
idea for something to put on the FreedomBox Foundation
wishlist:  a kind of "Better Box Businesses Bureau" to
reputation track public small business FreedomBox service
providers.

The DNS case, though: Do you mean (A) or (B) here:

(A) The foundation and a few other big orgs buy some domains.  They 
give subdomains to freedombox users.

(B) Anyone who buys a domain and signs a contract can be registered
as a freedombox subdomain provider.   The contract is with one or more
of the big orgs.

I think you mean (B) but I wanted to be sure.

Either way, there is a big bug.

We will have created a centralized database of essentially
all the freedomboxes.    Recently, the US government made a mistake and
shut down, en masse, tens of thousands of domains allegedly linked to 
child porn -- only to realize a few days later that they only meant to 
shut down a few 10s of sites, and that the rest were innocent.   The 
government did this at the DNS level - it seized the domains.

With what you described, there is a ready-made master list of which 
domains need to be shut down to disrupt all freedom boxes.   In 
most realistic implementations, not only a list of domains but of the
people running them and the easily traced owners of subdomains.

Problems like that make me want to stick mostly with the 
friend of a friend model and the small-business-but-
-without-central-registration model.

-t





> 
> On 23:15 Sat 26 Feb     , Thomas Lord wrote:
> > > There should not be that much centralisation worries
> > > as long as there are enough (sub)domain providers you
> > > can choose from.
> > 
> > For example, in my extended family there are a few
> > of us who are tech-savvy.  We could coordinate to
> > set up and share out domains, a fat pipe, hard-to-
> > admin services and so on ... while other relatives 
> > can still use their personal boxes for easier to admin
> > and most private stuff.
> > 
> > I think that is towards the right model of how these
> > things get deployed:  they are "sold" (or otherwise
> > got in the hands of) real world groups --- tribes ---
> > whether that means friends and family, clubs,
> > samizdat societies or what have you.   Within each group,
> > there are specialized roles.  
> 
> This is certainly a way to do it. But I guess relationships between the
> (sub)domain provider and the user can be much more loose. For example, the
> FB-foundation, debian, hardware vendors and others could register some
> domains in order to give users free subdomains. The freedombox could integrate
> an interface for selecting domains from a list and quick registration. Abuse
> by (sub)domain providers could be further to reduced by requiring them to sign
> a contract to get listed.
> 
> If this is not enough, we could still do this with tor-hidden services or
> "real" domains, the friend to friend model you have suggested or some kind of
> decentral name services.
> 
> 	-Michi

More information about the Freedombox-discuss mailing list