[Freedombox-discuss] Roadmap Brainstorming

Boaz alt.boaz at gmail.com
Sun Mar 20 15:49:36 UTC 2011

For what it's worth, my wishlist:

1. Asynchronous messaging (email)
2. A friend request-approval mechanism and access control system
3. Synchronous text messaging (instant messaging)
4. Synchronous voice (VoIP)
5. What I'll call “feeds”.  The equivalent of the Twitter tweet, the
Facebook status message, announcements of bigger postings elsewhere (so and
so has posted a new photo album, or whatever), comments on stuff, these
sorts of things.  Short messages published by someone, distributed to his
friends, aggregated by each of his friends into a running feed of messages
from various sources.  In short, the equivalent of the Facebook “news feed”.
 Or RSS with some extended functionality.  Both published to the world and
access controlled.
6. What I'll call “pages”.  The Facebook “profile”, photo albums, videos,
whatever.  Information, that's posted somewhere for friends to view at their
leisure.  Both published to the world and access controlled.
7. File transfer.  Both published to the world and access controlled.
8. Event announcement in machine readable format and sharing of calendar
information.  Both published to the world and access controlled.
9. Collaborative document editing.

Additionally, some things that I think will be necessary or helpful for all
of this to be feasible:

1. A user interface for all the major types of computing devices
(desktop/laptop pc, tablet, mobile phone) and all the major operating
systems (GNU/Linux, Windows, Macintosh, Android, iOS).  Access to and
control of the freedom box through an encrypted tunnel from one or more
computing devices.  This is the interface to the freedom box.

2. A crypto suite which encrypts everything all the time without the user
needing to do anything.  Session keys are used to encrypt all the types of
traffic, with perfect forward secrecy and deniability as in OTR (unless the
user specifically chooses non-repudiation for some message, which people
won't), and a single persistent public key is used to authenticate all the
session keys for all the types of traffic, but is never used to encrypt
traffic.  People's single persistent public keys can be authenticated by 0,
1, or more than 1 of:
a) Preexisting short shared secret and Socialist Millionaire Protocol as in
b) Web of trust as in OpenPGP
c) Hash commitment and short authentication string verified by voice as in
Authentication by one or more of these methods can occur whenever it happens
to occur, including long after the key is already in use.

3. A system of redundant distributed encrypted backups to friends.  It runs
invisibly in the background using who you talk to as its criteria for
deciding who to back up to (not to say the user can't change these
configurations manually, just that he doesn't need to, and people won't).
 Also, a super easy manual local backup.

4. A system whereby a person's friends' boxes can substitute for his box in
case it suffers a service outage of some kind.  As with the backup, it
should run invisibly in the background and use who you talk to as the
criteria.  It definitely needs to work for receipt of mail but ideally
should work for all the services.  Like the backup, this one is completely
imperative for the freedom box to be successful; it just won't do to have a
user's mail go undelivered because his box was down for a spell.

5. In case of loss of the freedom box, and at the same time loss of all (if
any) of the backups of the key which can recover the distributed backup
(people won't do a good job of creating and storing backups, you know they
won't), a system whereby cooperation of most of a large number of close
friends (10 of 12 or whatever) can recover the key.  This could also be
adapted to handle redeployment of a new persistent authentication key in
case of compromise (someone's box is stolen, oh no his persistent private
key is in the hands of the bad guy).  Each box could have, in addition to
the main persistent key which is authenticated to all the person's friends'
boxes and is used all the time to authenticate session keys, an alternate
persistent key, which is authenticated to all the person's friends by use of
the main key.  The alternate persistent private key is not stored in plain
text anywhere, not even on the freedom box itself, so it's not compromised
in case the freedom box is stolen.  The alternate persistent private key can
be recovered only by cooperation of most of a large number of close friends,
and can be used to revoke the main key and become the new main key.

So that's my ultimate super-ambitious wishlist.  I hope some reasonable
fraction of that is feasible in the somewhat near term.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110320/ea6f4a2d/attachment.htm>

More information about the Freedombox-discuss mailing list