[Freedombox-discuss] Identity UI

Mon Jun 25 08:00:42 UTC 2012

i hadn't thought of the option of using .onion URLs! that's a
supercool solution to all 5 points, indeed.

I'm also not doing any of the actual coding, and also definitely don't
want to tell anyone else what they should work on, but i trust that
everybody reading this will simply ignore me where appropriate. :)

so i guess, continuing the assumption that we want to use asymmetric
key pairs for identity, there are several things we need, and for
those there are basically two solution paths: Tor, or reverse proxy +
ssl.

Pros of Tor:
- it is the only (or at least the most mature) option we know of to
not inadvertently disclose your geographical position. Since
freedombox is for a large part about privacy-by-design, that seems to
be a strong argument
- if freedombox has Tor on it, and a significant number of boxes get
sold and deployed, then freedombox is helping Tor (Tor only works well
if there are a lot of nodes), which i think is in itself good.
- compared with the reverse proxy + ssl cert solution, it's more decentralized.

Cons of Tor:
- it might be too resource-heavy to run on some of the hardware (so
may make the default model more expensive)
- some people may consider running a Tor node illegal, and even if
it's not illegal, you will probably have to be prepared to deal with
take-down notices from your ISP. Of course, as more people run Tor
nodes, this burden is shared among more people, so putting it into
Freedombox would actually help to solve this problem.
- Tor is a powerful tool, and every tool can be a weapon. I think its
merit as a tool outweighs its power as a weapon, but even so, i
wouldn't want to force other people to run a Tor node without properly
knowing what it is. Everybody has a right to understand (explained in
laymen's terms, if necessary) what software is running on the hardware
they own. So if we put Tor into freedombox, we should IMHO add some
documentation that explains "your freedombox will make your internet
connection into a channel of free speech for others, and may help
activists in suppressed regimes speak their mind without being
prosecuted.". So i would word it positively, but at least not make a
secret of how powerful the installed software of freedombox is. Simply
as a consumer's right (please don't flame me for this one). :)
- compared with the reverse proxy + ssl cert solution, onion URLs are
not easy to remember. i think we could find ways to make it work
though, probably. people found ways to work with mobile phone numbers,
for instance, which are also not very human-memorable in themselves.

to bring this back to the original topic:

- if we use Tor, then your identity is uniquely identified by either
the key pair itself, or by an onion URL where the public key is
hosted.
- if we use reverse proxy + ssl, then your identity is uniquely
identified by either the key pair itself, or a domainname on which the
public key is hosted.

I think this influences the UI of identity. In particular, if we make
people learn their onion URL or DNS URL, then it's unnecessary to make
them also learn their key pair. We can then hide the key pairs behind
that onion or DNS URL, and remove complexity from the UI that way.

cheers,
Michiel