[Freedombox-discuss] In-the-cloud infrastructure and business involvement (was: distributed DNS)

Thu Mar 17 13:38:51 UTC 2011

Hey Boaz, glad we agree on many things.

Yes, it may be in our best interest to work with domain registrars,
> for example, to help make them more freedom friendly.  But when you
> start talking about XMPP servers and SMTP relays and "VPN providers"
> and on and on and on, step back and remember for a second that the
> *entire purpose* of this list and this project is to enable people to
> *not* rely on other people's servers but to run their own instead.  If
> we force freedom box users to rely on someone else's big server on
> another continent for some function, we have failed with respect to
> that function.
>

Why is it bad to rely on a application-layer routing solution, but OK to
rely on the IPv4 and IPv6 routers on the Internet's back-bone?  Or is it all
bad and we just have no choice at the lowest layers?

As long as a service provider neutrally relays your data without modifying
it or filtering, does it really matter whether he is relaying IP, TCP, XMPP
or HTTPS streams?

People with proper, unfiltered IP addresses won't need any of those things,
so they're obviously optional in that sense. But I suspect that in practice,
only a minority will actually be able to do without.  We'll see, I guess?

>It's better that it exist than not, but Tor's anarchistic volunteer
> structure *causes* privacy issues which would be decreased or even
> eliminated if it were a centralized system run >by some really responsible
> dudes.
>
> I completely disagree.  You cannot just run a tor relay and start spying on
> tor users.

Sure you can! Is there anything preventing me from setting up an exit node
tomorrow and sniffing all the clear-text traffic that goes through it?  By
making it nice and fast I can encourage lots of people to use it...

My only point was that Tor's model is "anybody can randomly spy on our users
and we just accept that and live with it".  It's not a bad model, it works
really well.  Tor is awesome. :-)

But it is actually *easier* in a sense to spy on Tor users than it is to spy
on Facebook users (for example).  It's easier in that anyone can do it,
there is almost no barrier to entry.  Tor users are safer because they are
more educated, Tor is open about its limitations, and the Tor project gives
them tools which compensate for the limitations of the network (the browser
bundle, HTTPS everywhere).  And because the network is large and
decentralized, it becomes very hard to make targeted attacks, even though
"random acts of spying" are trivially easy.

But this is all quite off topic, aside from the fact that understanding the
dynamics of these things is useful.

And thanks for running a Tor relay, I've been meaning to set one up myself.
:-)

>I'd personally rather my service providers were motivated by a desire to
> earn my custom, than motivated by the desire to snoop on my traffic. That's
> exactly the choice we >always seem to end up with on the Internet, and it's
> why we're all on this list in the first place. :-P
>
> I thought we were on this list to help people reclaim their privacy by
> running their own services out of inexpensive and easy to use plug
> servers.
>

Yup!  That's why we are here now.

To help the people that lost their privacy because they repeatedly opted for
the convenient, free-as-in-beer, subsidized by advertisements (spying),
centralized services. That pattern of behavior is how we got here.

-- 
Bjarni R. Einarsson
The Beanstalks Project ehf.

Making personal web-pages fly: http://pagekite.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110317/ea579687/attachment.htm>