Slashdot Mirror
Eben Moglen Calls To Free the Cloud
paxcoder writes "You have been informed about Diaspora, a (to-be) distributed free social network. What you may not have known is that it was inspired by an excellent talk by Eben Moglen called 'Freedom in the Cloud.' But it doesn't stop there. At Debconf 10 this month, Moglen went further, and shared his vision of a free, private, and secure Net architecture relying on ('for lack of a better term') freedom boxes — low-price, ultra-small, plug it into the wall personal servers. He believes they will catch on since they will eventually cost less than a router, provide more functionality and freedom to the user, and even help your friends bypass any censorship by encrypting and routing their traffic. Since hardware is being taken care of, we are called to assemble the software stack. The title of this sequel talk is How We Can Be the Silver Lining of the Cloud."
Hardware that no one has adopted with software which no one has written is not a replacement for social networking sites.
...can't wait for these wall-wart 'freedom boxes' to get rooted on an astronomical scale.
Hoping not to have to set aside the time to wade through all the annoying happy talk just to find out there's no technical meat. Someone please just tell me: are they nailing down a protocol spec first so that we can all do our own interoperable implementations, or at least all contribute code, and so not have the time wasting nightmare that was the Freenet project?
We don't need yet another new programming language. Let's just pick an existing language and fix its flaws.
Am I misunderstanding, or is the entire premise of this vision relying on 99 dollar, Linux powered, "plausible deniability" boxes?
How does encryption tie into a 99 dollar wall-wart? Privacy? Mesh networking for country living?
I just don't see it.
I see where he's going with this, and while I expect that certain aspects of the concepts will eventually be implemented in different ways, we have to be clear that the idea of everyday people administering their own servers is just not practical. I realize everyone here sees it as something we're willing to invest our time in, but most people don't. Servers exist for a reason, there are people (called system administrators) who can specialize in making sure the server software you're accessing, your data, etc. all are secure and have 99% uptime.
I'm not the kind of person who thinks that there is a divide between a sort of tech elite and the unwashed masses who will never understand this stuff. I'm one of those people who thinks that even your grandmother can learn how to recompile Apache given enough time, interest and dedication. The problem is that doctors are busy being doctors, plumbers are busy being plumbers, parents are busy being parents, and so on an so on. Even as a software developer, I prefer to not administer my own servers if I don't have to. I have friends who are very intelligent people who are very accomplished in non-computing fields who use virus and adware-ridden Windows machines. I don't suspect they're interested in taking the time necessary to fully secure a server that holds a digital representation of their life.
So this idea of a total peer-to-peer networking is not an approach I think we should pursue, not because it's not technically achievable (it totally is), but because it's not practical on a social level. This is reflected in the difference between Appleseed's approach to open source social networking and Diaspora's: Appleseed uses a federated node structure, and Diaspora claims to use a P2P, although we haven't seen the code yet, this was the original promise, and since the EFF is backing the project, it fits in with what Moglen is suggesting here.
We'll see where we end up, but I worry that if we push for Moglen's approach, we may see a small ghetto of tech savvy users who adopt it, while everyone else chooses to remain with the proprietary systems, because they're just that much less hassle. It makes much more sense to me to push for federated, hosted solutions, so that an ecosystem of servers (administered by professionals) can exist, and users can move freely between them.
Michael Chisari
http://opensource.appleseedproject.org/
Servers exist for a reason
Unfortunately, the reason is no longer "to make it easy for people who cannot administrate their own server." All too often, the reason is becoming "to collect data from people and sell it to marketers, by convincing them to do things they were already doing before on a server that is programmed to collect data."
Like so many other things, though, I see this is as becoming relegated to geeks who actually care about the issues, and remaining completely unknown among the majority of people. Case-in-point: email cryptography; most people are not doing it, not because it takes too much effort to verify keys, but because they are completely unaware of cryptography.
Palm trees and 8
For people who hate watching video as much as I do, here's a transcript: http://www.softwarefreedom.org/events/2010/isoc-ny/FreedomInTheCloud-transcript.html
Case-in-point: email cryptography; most people are not doing it, not because it takes too much effort to verify keys, but because they are completely unaware of cryptography.
Sure I could do that at work but we are forced to use Exchange now, and for me that means OWA on Linux. I could paste in ASCII armored PGP messages but I am pretty sure that this would get me a tap on the shoulder from corporate IT with the possibility of being shown the door on the spot.
So fair enough its their workplace but some countries are going the same way (see UAE vs RIM) and my country (Australia) wants port blocks and filtering on http.
So maybe encrypting your email will eventually be regarded as a security risk (for the country, not the individual) eventually.
http://michaelsmith.id.au
I love pointing out unnecessary port blocking in the U.S. - most major U.S. ISP's block port 80 outbound, along with various other mostly email and FTP related ports just for the hell of it. I know that Time Warner, before it left Houston, had a nasty habit of sniffing traffic and if they determined you had a VPN session open to a work based server they insisted you buy a pro account.
The preceding post was not a Slashvertisement.
That's one of the dumbest things that I've ever read here.
I don't know... you've written some spectacularly dumb things, Mr. Anonymous Coward.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
I'm split on this. Mostly I think it's excellent because it sounds feasible to get a lot of people behind it, which would then make it quite effective. It'll bring back a level of "privacy" that we took for granted not many years ago. It will also open up the connotations that come with that, although I'm sure that has/will be discussed to tiring length.
But where my concern really is, is the trend that those in power see something like this as if it's only purpose is crime. They will be scared of this, because it will undermine their ability to do their job. When there's something they are scared of, they clamp down on it and make an example of someone. If you're that person it doesn't matter if you've done anything wrong, because they will find something, and bend it to the context that allows them to say you've broken a law. eg It could be an image sitting in your browser cache that they can object to based on someones' religion, that came in an ad on a page.
Early adopters will face significantly higher risk than those adopting once the project is well established. In this countext I see three distinct routes:
At one end of the scale, you may even get buy in, but hopefully won't attract too much negative attention. Potentially, you may have a more "legit" user base who have positive community concerns. At the other end of the scale, things could get rather ugly. The authorities will. not. like. you. They will do everything in their power to shut you down, and there will be significant risk to innocent people who had good intentions at heart. This is also very likely to attract the people who the authorities will have a legitimate concern over. You're going to get those in any scenario, but the proportions will make a big difference.
Take care. I really do believe this has a legitimate positive place in modern society.
Funnyhacks - Wierd, unusual, and fun hacks
Nobody care about freedom, and that is why the idea is doomed. People want to connect with their friends on facebook. You start talking about computing freedom, their eyes glaze over and they suddenly remember they need to go clean their fish tank.
99% of people only care about their own personal convenience at the moment. Nothing beyond that.
It's fine to build a better server. But a network is not just the nodes; a network is also the paths, and the paths, my friends, are not anything either the telecomm concerns or the government are going to allow us to control, or have any of our own. And this gives them, if they think they need it, complete control over these new systems. If traffic passes over their paths that concerns them, they'll just shut it down.
So while I appreciate the idea, it's literally only half-baked. Wake me up when someone builds an inexpensive network in unregulated RF space. Until then, control, and therefore freedom, is unattainable.
I've fallen off your lawn, and I can't get up.
Just look at what some governments are telling Research In Motion (blackberries) that they have to hand over the encryption keys. I am not sure that they will allow such systems to exist. Sad state of affairs when one does not have a right to privacy. The public might think its cool at first, then FUD will be spread and the average Joe will be prohibited from installing such a device. Nice concept, but the governments will not allow this to take off. It might be best for this to unfold slowly and without much fan fair. Then if it is designed properly, it will become hard for governments to discern who has these units. But then again the old witch hunts may start again. Just plain sad over all.
Just this week a platform was announced, http://bit.ly/9KFubG, that combines the ARM based Plug computers and the Amahi Home Server. This could be an excellent candidate for a One Click install App for the Amahi platform. I think we may be on to something here.....
Ugh. It's in Java!
I'm sorry. I don't want to seem ungrateful, but I just don't need the headaches that come with a Java runtime. Easy installation and maintenance is a must for a successful end user software. Adding a runtime that isn't really all that open source mucks things up needlessly. Plus it runs more slowly.
I like Tor. I'd like to see a distributed Facebook clone built atop Tor.
We don't need yet another new programming language. Let's just pick an existing language and fix its flaws.
Well, firstly I think it*'s assumed that bandwidth gets faster, better and cheaper. This may or may not happen and will probably vary wildly by geographic region.
Secondly, have you heard of WASTE? It hides its traffic by using multiple ports, changing bitrates and packet sizes, wrapping encrypted data in SMTP, HTTP or other protocols and generally being sneaky.
Seems like a cool strategy to me!
OK, I just read the transcript here: http://www.softwarefreedom.org/events/2010/isoc-ny/FreedomInTheCloud-transcript.html
And I'm not saying I don't respect Eben Moglen, or what he says there. Sure, he lays out great ideas, ideas worth doing.
But he is still misguided. The war he is proposing to fight mainly with distributed home-based technology to ensure some privacy through encryption can't be won. As long as we have an economic system based mostly on greed (and also ignorance), everything he tries to do will fail, if only because, after he wins, greed will buy new laws from ignorant people and put him in jail, and then greed will go house to house and pull every one of those wall warts out, getting neighbors to turn in neighbors who have them ("If you see something, say something"), same as people with radios were turned in in various countries in WWII. See:
"They Thought They Were Free: The Germans, 1933-45, But Then It Was Too Late"
http://www.press.uchicago.edu/Misc/Chicago/511928.html
He should know that ISPs will be able to track down every one of those things in short order, if only by hiring a million people out of the 20 million or more unemployed in the USA to go house-by-house with blanket search warrants and portable packet sniffers looking for "unlicensed" equipment. And other countries will find the things even faster. So, his approach is, at best, a slightly delaying and confusing action. Greed and ignorance will win unless we directly address greed and ignorance (well, even addressing greed and ignorance indirectly and subtly may be OK, too. :-).
Do I have an alternative? Yes I do. As I outlined here:
http://slashdot.org/comments.pl?sid=1746980&cid=33177866
where I wrote the following paragraph:
As I see it, there is a race going on. The race is between two trends. On the one hand, the internet can be used to profile and round up dissenters to the scarcity-based economic status quo (thus legitimate worries about privacy and something like TIA). On the other hand, the internet can be used to change the status quo in various ways (better designs, better science, stronger social networks advocating for things like a basic income, all supported by better structured arguments like with the Genoa II approach)
http://w2.eff.org/Privacy/TIA/genoaII.php
to the point where there is abundance for all and rounding up dissenters to mainstream economics is a non-issue because material abundance is everywhere. So, as Bucky Fuller said, whether is will be Utopia or Oblivion will be a touch-and-go relay race to the very end. While I can't guarantee success at the second option of using the internet for abundance for all, I can guarantee that if we do nothing, the first option of using the internet to round up dissenters (or really, anybody who is different, like was done using IBM computers in WWII Germany) will probably prevail. So, I feel the global public really needs access to these sorts of sensemaking tools in an open source way, and the way to use them is not so much to "fight back" as to "transform and/or transcend the system". As Bucky Fuller said, you never change thing by fighting the old paradigm directly; you change things by inventing a new way that makes the old paradigm obsolete.
Now, might such a public intelligence system run well on a system of wall warts like he describes? It probably would. But it does not absolutely need them. So, while they may be useful, the conception of cooperative sensemaking and cooperative design of a better future is by far more important.
And here is a document I put together that decribes four heterodox economic alternati
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
One other link: :-) http://www.progress.org/fold21.htm
"Social reformers must first eliminate their own ignorance to educate themselves to gain knowledge of the basic causes and remedies for social problems, including the economics, politics, and ethics of the problems and solutions. Then when they educate others, they must at the same time invoke their antipathy to the problem and arouse their sympathy with the remedy. When the masses are roused with sympathy and armed with knowledge of the remedy, the few greedy opponents will either be swayed themselves to join the righteous battle, or be overwhelmed by the greater force of the righteous revolution. To remedy social ills, replace ignorance, apathy and greed with knowledge, sympathy, and charity. "
And another link, while I am at it, too:
"What Social Science Can Tell Us About Social Change"
http://sociology.ucsc.edu/whorulesamerica/change/science.html
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Well with the right mesh software and some cheap high-gain antennas, yes. We can circumvent the power of incumbent networks in urban and suburban areas by building our own Othernet - where everyone can be anonymous and the limit of bandwidth is the contributed aggregate. Latency would be too high for gaming and VOIP outside the local area - but local sharing, VOIP and gaming would be fine. Encrypted offsite backups on a cooperative basis could be arranged. We could help each other in our mutual best interest. We could even build neighborhood clouds if we wanted to. In LA, in New York, in all of the major markets it's absurd that people pay for Internet links when all of the value is flowing the other way across the link. Building our own networks would shift the balance of power. IPv6 could be helpful here.
We need a WAP wizard to set us free, someone to market the guerilla wireless Othernet and related devices. A few brave souls to get it started. That's all. Some people are already doing this with fiber or copper gigabit fenceline networks, using wireless bridges to cross rights-of-way (roads and so on). Most of us posting here have more advanced networking in our homes (gigabit), more powerful PC's, more storage left unused (many terabytes) than the core Internet had in 1995. That should be sufficient for our towns or cities now. Wireless bandwidth is up to a limit of 600mbps, which will do for crossing a highway.
We've been conditioned by our consumer societies to accept that the wire that connects us to The Internet is based on a bill from a company. Nothing could be further from the truth. We are the value in the Internet - consumers with desires to be fed. Network enough of us together and the wider Internet will build a bridge to us . Ultimately the idea of paying for Internet could and should go away for most of us. Let the vendors build the road if they want our consumers in their markets. This is entirely what Google's high-speed broadband initiative is about. The people are the money, and the links are currently too slow to capture all but a small fraction of it.
Help stamp out iliturcy.
I'm not sure. It seems the other way around. As soon as Cold War ended freedom in western democracies stated deteriorate gradually. Seems the Cold War was what was keeping freedom alive in democratic countries. Or may be a conservation law is at work here - as freedom increase in one place it decrease in another.
Email is a decentralized protocol, but there are reasons why people give up their privacy and prefer web mail for convenience. What Eben Moglen described is basically making decentralized protocols for everything including social networks and such. But even when we created the perfect decentralized protocols of everything, I don't think that it will prevent data mining and protect user's privacy.
To simplify the view, just lets say we can do everything with email, let's say all the user's personal data are stored in email messages. To really protect my privacy, not only I'd have to host all my emails, but I'd have to set up my own email server as well. Not only I shouldn't use the web interface, but I also should't use the POP/IMAP/SMTP services that Gmail or Yahoo or my ISP provides. Now building my own web interface would not be so hard, as I'm hosting my own server. But making sure of my server is on most of the time and physically managing and backup my email data on my server would not be so trivial. What happen if I travel oversea and my server crashed or my home went out of electricity? What happen if disaster happened and everything in my house including the server and backup are gone?
So have these problems are exactly the reason why people choose Gmail. By hosting the server on the cloud, all the uptime, backup, and management problems are solved out of the box. Of course there might be better solution than Gmail, but I doubt if it will success commercially. Now lets say we created free software stack that performs better than Gmail and work out of the box. With the software in hand, all we need is just a place to host the server. User would then have three choices: 1. Buy a server plug and host it at home, 2. Purchase web hosting and host it as a black box in the cloud, and 3. Let Google host the same software for free but with storage and data shared with everyone. While option 2 is supposed to be the optimum choice, majority of people would still choose option 3 simply because it is FREE.
So IMHO the real challenge to make the public to adopt a decentralized architecture is to come out with a better business model. Simple hosting charges won't work when there are free alternatives, and there is no way to make black box hosting free. Average Joe will neither want to purchase troublesome sheeva plug nor would they want to pay for hosting in the cloud. Decentralized architecture will not prevent centralized hosting and data mining, what it does is allow us to switch from one provider to another easily. Whether the user choose a free provider that mine data or become their own provider, its entirely their choice.
The other problem with privacy in decentralized architecture is that you actually get less privacy when you use centralized identification. People here often complain that they don't want Facebook to know they like or comment on some random webpages. While that might be a problem, most of our information can already be found in the Internet publicly. If OpenID become the norm, my ID at Slashdot, Twitter, Facebook, Digg, YouTube, and whatever random forum should remain the same. This would be even true for a decentralized data architecture because you need a universal way to identify yourself. With OpenID, a simple Google search will reveal this post I'm writing in Slashdot, the comment I gave on random YouTube video, the articles I digged and liked, and whatever sites that I participated in. Actually all these information already available publicly, but what really stops Google on mining it is the lack of unified ID.
In conclusion, while a decentralized data architecture might seem good, it doesn't help much if most of our information is already available publicly. Protecting private data is only feasible unless we can find a way for providers to provide hosting services. And even if all these problems can be solved, I still don't think the privacy problems could be solve with just that.
If you put a + at the end of a bit.ly url you can see the statistics and where it links to like so..
http://bit.ly/9KFubG+
In this case it's going to: http://blog.amahi.org/2010/08/11/amahi-for-the-marvell-plug-computer-released-get-yours-free/