[Freedombox-discuss] Rouge Freedomboxes and government intervention

Tue Jun 21 18:37:53 UTC 2011

On Tue, Jun 21, 2011 at 07:43:43PM +0200, Jonas Smedegaard wrote:
> On 11-06-21 at 11:56am, Anthony Papillion wrote:
> > Hi Everyone,
> > 
> > I've been following the discussion here on the list and one thing I've 
> > not seen a lot of discussion about is government intervention. Since 
> > the Freedombox will be open source and use a peer to peer methodology, 
> > what's stopping a hostile government from running their own 
> > 'Freedombox Honeypots' and targeting/locating users for arrest?
> 
> "FreedomBox for Freedom Fighters" certainly need more thought in that 
> area.  Not realistic for a first release of FreedomBox IMO.
> 
> "FreedomBox for consumers" need no special anti-government design, just 
> the core implicit anti-centralized-logging design.

Hmm, I'm not sure both use cases can be splitted that easily.

Or I'd like to see it from another point of view:

Most of the times "Freedom fighters" ARE "consumers". I mean the
separation isn't that clear. Your life isn't being a "Freedom fighters".
And they aren't the only one being watched or needing some of their data
or communication being kept private.

There are maybe other ways to consider the problem:

1) This "peer to peer methodology" shouldn't be something turned on by
default for every data/communication/users on the freedombox. If it is,
only by using technologies like tahoe-lafs, where hosters aren't able to
read your data.

If no one disagree, should it be added to the specs?

2) Users should be able to create easily multiple identities, to separate
their own use cases and privacy policy for each one, depending on the
activity it will be involved in.

I.e someone could have and identity for it's public related stuffs, (i.e
using a facebook bridge, publishing a lot but yet not compromising
informations through this channel), that will have relaxed sharing
methodology, and another separate identity, with different, more private
sharing policy for more governments (or corporation) observed activities,
i.e with trusted friends / concerned people only. And why not many others
connected to others Web of Trust ;)

I agree that the "consumer" (let say the already present in Debian and
easily implemented) part of the Freedombox project should be build asap,
but still this kind of questions should be considered. It often might not
be related to what is the state of package X in the Debian archive, but
more a question on how it could be implemented.

And it often is better to think of both use cases at first, rather than to
have to migrate to the first quick implementation to a new one
implementing privacy/anonymity. This isn't incompatible with the
implementation of the first quickly, but with the second in mind. Though
work...

bert.