[Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012

Sat Jul 7 11:47:26 UTC 2012

On 07/06/2012 06:45 PM, Michiel de Jong wrote:
> On Fri, Jul 6, 2012 at 3:16 PM, Nick M. Daly<nick.m.daly at gmail.com>  wrote:
>> I'm a little leery of asking users to sign up for a service on a device
>> that's designed to let them host their own services.  It seems
>> internally inconsistent.  I don't think I have anything against offering
>> it as an option, but it shouldn't be the only one.
>
> i see your point, but what alternative do you see? if you want to
> offer any form of web presence, you need an IP address with a DNS
> domain pointing to it. the box needs to dial up to some sort of name
> service to announce where it is today. this can be either a DNS server
> or a (network of) reverse proxy(s) if you're on a dynamically assigned
> own IP. If you're behind NAT, then only a (network of) reverse
> proxy(s) can help you. The proposed DHT which resolves names to onion
> addresses is effectively a network of revers proxies too, and is not
> something we currently have working in production even on normal
> laptops afaik.

to be able to deal with NAT, which is probably the most common setup found in regular users homes, using reverse proxy seems to be a must.

i don't know of any other readily available solution besides PageKite and Tor hidden services to do this. i assume that we want a fbx to have a durable name by which they can be found, so;
- with PageKite, this probably leads to registering a domain name for a box. as this is how the regular web works, normal browser/http-client can access the page/service.
- with Tor HS, no need to register a domain. as long as you don't loose the private-key you keep the same .onion address. to access the page/service, you need a Tor-Browser, Tor-Proxy or go via tor2web though.

in the long run, i would prefer something like FreedomBuddy as Tor HS in the role of a gatekeeper. this frees from registering a domain name and still gets you a durable name/address. further, it gives the service provider more anonymity and FreedomBuddy can do access-control before revealing service endpoints to clients (either connections through Tor network or direct connections).

a simpler version of this gatekeeper could be a Tor HS 'entry-point' that simply http-redirects to yourname.pagekite.me upon successful authentication and access-control (e.g. with username/pass).

as i understand the proposition, the focus is on allowing unhosted-apps (JavaScript in an ordinary webbrowser) to access the fbx. maybe an unhosted-app could try first the .onion address directly (which succeeds if a tor-proxy is used) and fallback on tor2web if necessary?

cheers!
michael