[Freedombox-discuss] Diaspora becoming a community project

[Michael Rogers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 30/08/12 15:38, Nick Daly wrote:
> This is also what makes it really difficult for a FBX to receive
> email. :\
> 
> I think some folks were talking about buying records, of some sort,
> a while ago.  Don't recall what came of it, though.  Anybody with
> a better memory want to pipe up?

I believe this is the single biggest obstacle the FreedomBox has to
overcome, and I'm surprised it hasn't received more attention.

To put it bluntly, an unskilled user can't run a server on a typical
home broadband connection. There are several reasons:

* Most home broadband connections have dynamic IP addresses
* Forwarding a port through a home router requires skills that many
people don't have; the process can't be automated or reduced to simple
instructions because home routers have non-standard password-protected
web interfaces
* UPnP and NAT-PMP are unavailable, disabled or broken on many home
routers
* Even if you get past the home router, some ISPs have a second layer
of NAT, or a firewall that blocks incoming connections

Dynamic DNS solves the first problem, but the other three aren't so
easy. Based on data collected from millions of LimeWire peers, only
25% of home computers can receive incoming TCP connections even if
they use UPnP and NAT-PMP.

As far as I can see, the only solution is to use a service like
PageKite, so any box that's unable to receive incoming TCP connections
can instead make an outgoing connection to a reverse proxy that
receives incoming connections on its behalf.

Tor hidden services are fine for box-to-box connections, but they
don't allow people to run web, email and chat servers that their
non-box-owning friends can connect to, which I thought was the whole
point of the project.

If that analysis is correct, we should look at the reverse proxy issue
in more depth. Questions to ask include:

* Are the protocols open standards?
* Are the implementations free software?
* Are there any limitations on what services can be run (email, XMPP)?
* How much trust must the user place in the provider (MITM, logging)?
* Are there any providers other than PageKite?
* Can we expect other providers to emerge?
* Will users be able to switch providers?
* Should the service be bundled with the box?

Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQP5c7AAoJEBEET9GfxSfMIYoH/0aLQO7oHwESyGNn0n0Qlf9f
y/5iyKHA1X7Ln6iXgHQv/G7zDGgO9ZOUGsIc2dKBLqyejsQPu9OdC0hUaUy6K0SJ
lJBJchXETAaz97b1mtOWPYgjvOwwDOlsMZis8AdivpphKY6RvHuwvSnOXojxDYnp
kysoSReuCIa/HGUFM1JyzBzg8uphpLI26LHEiBY6pJaJxrNavzkXkeNXeQEReBDl
x1PH6lGXGOk4WfJERqC5J2gfYYDipesbxuYAn6h12CoylgoxXK+mkBzCisKhof4I
K3C0fI620nuJtFhPP0h4hqTMfpO5FMJjWZsOM3uR7yfHJWEgV/Z59DN9+xxa/lE=
=3PpL
-----END PGP SIGNATURE-----