Posts tagged ·

decentralized

·...

Privacy – A great opertunity for Free software, and funny news

Comments Off

It has been an entertaining week in the privacy and security headlines. Since the NSA stories broke last week, protecting ourselves from state surveillance suddenly became mainstream. We’ll see if that lasts, but at the very least the topic is on the table now. Security and privacy is no longer the domain of conspiracy theorist, but one of many points in a cost/benefit analysis of which service or software to use.

Perhaps the best to come out of this story is the raised awareness of alternative software and services which put users Freedoms first. A critical part of that is Free software, which allows users to inspect the software which run on their device and control who is given access to what. Taking that to the Internet, there are many solutions which give users greater control, security and privacy than do central providers.

The site prism-break.org has been set up to list some of these alternatives. However, it seems it has become so popular, that it often fails to load. Other privacy centric services has also seen significant user increase, like the search engine DuckDuckGo, which promises not to track user’s search queries.

Other headlines have been more on the funny or cute side: As expected, somebody called for impeachment of Obama (at least he didn’t smoke cigars). Then there was the Mozilla letter which asks congress to “stop watching us”. It is of course a valid request, but it might have been taken a bit more seriously if it wasn’t for the teenage troll-board 4chan listing as its first signer (due to alphabetically listing the organizations, and numbers listing before letters). Finally, there’s the hero at the centre, a 29-year old with the cool name Snowden. He was the NSA contractor who revealed the awfully designed PowerPoint presentations, and has now fled to Hong Kong. As somebody pointed out: Never had I believed I would live to see that day when an American citizen would seek political asylum in China.

Comments Off

NSA surveillance – business as usual

1 comment

This week saw two interesting, and supposedly shocking, stories about the scale of the US government’s Internet surveillance. Starting Thursday with the news that the phone operator Verizon had been ordered to hand over all meta-data on its customers’ communications to the NSA. The following day, a different program was revealed, leaked by the means of a terribly amateurishly looking PowerPoint slide deck, which showed that the NSA had direct access to all customer data and content from all the major Internet service providers, including Google, Facebook, Microsoft, and more.

The reaction to the first story is interesting in that it involves only meta-data. The same type of data collection was enacted in law by the EU in the 2006 Data Retention Directive. This directive was no secret at the time, and the scrimmage in individual member countries which started to implement it a few years back was mostly around who would pay for it; the Internet and phone providers or the government. At any rate, by now any EU citizen should expect this kind of system to be in place. It is therefore somewhat ironic when the US press pretends that there are stronger privacy protections in place on their side. The last decade has for the most shown the opposite to be true.

The second story, around the full content access, should be no big surprise either. A similar story broke seven years ago, although it was and still is considered “warrantless”. Another example from the post-911 area is the Information Awareness Office, which despite heavy criticisms in 2002, still lives on. And even before that, it has always been speculated that the US government, through CIA, NSA, FBI or other TLAs, was listening in on phone and Internet communication. Take for example the ECHELON project, which probably has been around since the cold war area. It was investigated by a committee of the European Parliament, which amongst other things concluded: “the existence of a global system for intercepting communications, operating by means of cooperation proportionate to their capabilities among the USA, the UK, Canada, Australia and New Zealand under the UKUSA Agreement, is no longer in doubt”.

So why the outrage just now? We don’t have to look further than The Guardian’s summary: “Obama defends secret NSA surveillance programs – Insists surveillance is essential for national security.” In that light, it no longer seems like a coincidence that two completely separate NSA programs were leaked on two consecutive days. As a political cheap shot, it seems to have worked very well. What’s more, Obama took the bait, and swallowed it hook, line and sinker.

So even though these stories are akin to declaring water wet, from a privacy and security point of view, it is useful that more people are made aware of and start to ponder the risks of the information systems we surround ourselves with. We just have to make sure that the outrage is directed towards the right institutions, and that any change is implemented where users need it. Voting, joining a political party, and working for change within that system is definitely a noble goal, however, it will unfortunately not protect your data any time soon. Asking the various ISP and service providers to improve their security, encrypt our data, and not hand it over to the government is also appropriate. It’s just that they are required by law to hand over data, so we cannot trust that to not happen.

The only way to make sure your own data is secure from government hands, and be aware of any requests that might be made against it, is to store it yourself. If you are storing something they are after, that will of course not stop them from knocking on your door, but at the very least you will know.

The right response to these stories is not blind rage, resignation, or declaring defeat. Rather it should be to decentralize: Avoid large scale, single point of failure, services. Build and maintain your own systems, based on free and open source software, so you can be confident that no warrantless access is granted. Make sure data is encrypted, communication is encrypted and signed, and nothing flies in plain-text over the Internet. If you are dealing with sensitive information, maybe as a lawyer, as a doctor, or a secret business deal, anything else is simply incompetent, or possibly gross neglect.

The fragile cloud

Comments Off

It was less than two months ago that I echoed John Naughton’s warning that “nothing lasts forever”. Naughton was talking about the “empires” of Facebook and Apple, but it is certainly true on a small scale for individual services as well. Google just announced that they will shut down their RSS Reader, along with a few other APIs and services. The reader in particular seems to have sparked a bit of an uproar, since it has small but loyal crowd of followers.

Many users feel betrayed, however as Alex Kantrowitz points out in Forbes, none of them actually paid for the Reader services, and thus the feeling of ownership is misplaces. As the old cliché goes: If as a user of a web service you don’t pay, you are the product, not the customer. You’d think some have learnt by now, but it will take many more of these stories before that message is clear.

So are the alternatives? Well, but of course there are! Many of them! Each user will have to decide for himself what fits his purpose and use best, but that’s a choice which is worth appreciating. Some will maybe continue with a web service style application, while others have learnt that “the cloud” can evaporate right in front of their eyes, with little chance of saving the remains of what once was.

Comments Off

DIY Internet – Fiber by Farmers

Comments Off

The online magazine Motherboard recently ran a feel-good story about a community of British farmers in Lancashire who dug their own ditches to put down Internet fiber. The background was the ever so typical story about the big telecos not bothering with sparsely populated areas because it’s not worth the investment on their bottom line. So the a local group got together and found that they might as well build their own high-speed connection. Any nothing should stop them from doing that, right?

Well, the article also mentions a few similar stories from “The Land of the Free”, where digging your own ditch is now legislated against. In the interest of the free market economy, of course. Parallels are drawn to big company lobbying and FUD in the late 19th and early 20th centuries, when rural communities formed their own electric utilities. It states optimistically that there are to this day thousands of local communities with local electric services, but also that most of it was (and is) consolidated into a small group of companies.

Another interesting approach to Internet build-out which is mentioned is Google’s Fiber project, with Kansas City as the Guinea pig. However, there the roll-out is in “big company” fashion, with marketing “threats” of missing the boat if they don’t sign up NOW. Not your friendly farmer dig-out, in other words.

Regardless of strategy though, the local, sometimes DIY, approach to physical layer last-mile build-out fits very well with the scale-free network topology of the Internet. It is with this kind of ungoverned and unplanned growth it thrives best. Legislating against it of course make no sense at all, but waiting for a big tele or cable company to do the job should really not be encouraged either.

Again, small and decentralized triumphs over big and inefficient. It’s simply the way of the future.

Comments Off

The CitizenWeb Project

Comments Off

At the end of last year, I wrote about DIY “cloud” services; how to get started with your own web server, blog, e-mail server, chat server, VOIP server. Add to that distributed services for social networking and micro-blogging like Dispora and Identi.ca; free software for file sharing like GNUNet; and even free and intendant dark / mesh nets. The trend is clear, there is strong momentum towards free software and alternative services.

Now there is also a public face to this, in the form of a new initiative: The CitizenWeb Project.

“The CitizenWeb Project is a mission to fight for a free, open, and above all a decentralized Internet. In order to achieve this, it aims to empower everyday internet users with the information and resources they need to take matters into their own hands. We seek to spread the word about how to secure yourself online and how to declare “digital independence” in this age of the Google hivemind and Facebook privacy nightmares. While these services may be convenient, they carry very dangerous implications for our freedoms. This is only getting worse with time, as the corporations behind these services become entangled and indiscernable from government services and real-life social obligation. And it is only getting worse for the most sensitive users: journalists, activists, muckrakers and whistleblowers.

There are viable alternatives to these invasive and ubiquitous services. The CitizenWeb Project is therefore focused on giving the tools to each individual user to become an independent “citizen” of the Web — to decentralize their social networks and platforms, to become the TRUE owners of their data, and to communicate and network in security.”

Comments Off

The Do-It-Yourself Cloud

1 comment

“In the cloud”

The buzzword “cloud” seems to be here to stay for quite a lot longer. The problem is that it is rather ill-defined, and sometimes it is used to mean “on the Internet”, regardless of how or where a particular service or content is hosted.

It is not before we pick up further buzzwords that we can add some meaning to the term: Although there are even more terms used, I would like to focus on two of them: Infrastructure as a Service (IaaS), or what traditionally has been called “hosting”; virtual or dedicated machines which you can install and operate on OS root level with little or no oversight. Examples include your local hosting provider, and global businesses like Amazon EC2 and Rackspace.

Secondly, Software as a Service (SaaS), where you don’t write the software or maintain the system yourself. All it takes is to sign up for a service, and start using it. Think Google Apps, which includes GMail, Docs, Calendar, Sites and much more; or Salesforce, Microsoft Office 365, etc. Often these services are billed as “free”, with no financial cost to private users, and the development and operating costs of the provider is financed through various advertisement programs.

Black Clouds

The problem with the later model, Software as a Service, is that it can put many constraints on the user, including what you are allowed to do, say, or even make it difficult for you to move to another provider. In his 2011 essay “It’s the end of the web as we know it”, Adrian Short likens the later model to tenants: If you merely rent your home, there are many things you will not be allowed to do, or which you do not have control over. Short focuses on web hosting where using a service like Blogger will not let you control how links are redirected, or were you to move in the future, take those page-clicks with you onto your new site. The same goes for e-mail: If AOL decides that their e-mail service is not worth-while tomorrow, many people will lose e-mails with no chance to redirect. Or look at all the storage services which collapsed in the wake of the raid on MegaUpload. A lot of users are still waiting for FBI to return their files.

More recently, the security expert Bruce Schneier wrote about the same problem, but from a security perspective. We are not only tenants he claims, but serfs in a feudal system, where the service providers take care of all the issues around security for us, but in return our eye-balls are sold to the highest bidder, and again it is difficult to move out. For example, once you’ve invested in music or movies from Apple iTunes, it is not trivial to move to Amazon’s MP3 store; and if you’ve put all your contacts into Facebook, it is almost impossible to move to MySpace.

In early December, Julian Assange surfaced to warn about complete surveillance, and governments fighting to curb free speech. His style of writing is not always as straight to the point as one could wish for, but in between there is a clear message: Encrypt everything! This has spurred interesting discussion all over the Internet, with a common refrain: Move away from centralized services, build your own.

Finally, Karsten Gerloff, president of the Free Software Foundation Europe (FSFE), touced on the same theme in is talk at the LinuxCon Europe in Barcelona, in November 2012. He highlighted the same problems with centralised control as discussed above, and also mentioned a few examples of free software alternatives which distributes various services. More about those below.

Free Software

The stage is set then, and DIY is ready to become in vogue again. But where do you start, what do you need? If not GMail or Hotmail, who will host your e-mail, chat, and other services you’ve come to depend on? Well, it is tempting to cut the answer short, and say: “You”. However, that does not mean that every man, woman and child has to build their own stack. It makes sense to share, but within smaller groups and communities. For example, it is useful to have a family domain, which every family member can hinge their e-mail address off. A community could share the rent of a virtual machine, and use it for multiple domains for each individual group; think the local youth club, etc. The French Data Network (FDN), has a similar business model for their ISP service, where each customer is an owner of a local branch.

For the software to provide the services we need in our own stack, we find ourselves in the very fortunate situation that it is already all available for free. And it is not only gratis, it is free from control of any authority or corporation, free to be be distributed, modified, and developed. I’m of course talking about Free and Open Source Software (FOSS), which has much to thank Richard Stallman for its core values, defined in the GPL. (“There isn’t a lawyer on earth who would have drafted the GPL the way it is,” says Eben Moglen. ["Continuing the Fight"]). We may take it for granted now, however, we could very easily have ended up in a shareware world, where utilities of all kinds would still be available, but every function would come with a price tag, and only the original developers would have access to the source code, and be able to make modification. Many Windows users will probably recognize this world.

Assuming one of the popular GNU/Linux distributions, most of the software below should already be available in the main repositories. Thus it is a matter of a one-line command, or a few clicks to install. Again a major advantage of free software. Not only is it gratis, it usually refreshingly simple to install. The typical procedure of most proprietary software would include surfing around on an unknown web site for a download link, downloading a binary, and trusting (gambling really) that it has not been tempered with. Next, an “Install Wizard” of dubious usefulness and quality gives you a spectacular progress bar, sometimes complete with ads.

The DIY Cloud

The following is a list of some of the most common and widely used free and open source solutions to typical Internet services, including e-mail, web sites and blogging, chat and voice and video calls, online calendar, file sharing and social networks. There are of course many other alternatives, any this is not meant to be an exhaustive list. It should be plenty to get a good personal or community services started, though.

  • The Apache HTTP web server is the most widely used web server on the Internet, powering shy of 60% of web sites (October 2012). It usually comes as a standard package in most distributions, and is easy to start up and configure. For the multi-host use-case, it is trivial to use the same server for multiple domains.
  • If you are publishing through a blog like this one, the open source WordPress project is natural companion to the Apache web server. It too is available through standard repositories, however, you might want to download the latest source and do a custom install, both for the security updates, and to do custom tweaks.
  • For e-mail, Postfix is typical choice, and offers easy setup, multi-user and multi-domain features, and integrates well with other must-have tools. That includes SpamAssassin (another Apache Foundation project) and Postgrey to handle unwanted mail, and Dovecot for IMAP and POP3 login. For a web-frontend, SquirrelMail offers a no-frills fully featured e-mail client. All of these are available through repository install.
  • Moving into slightly less used software, but still very common services, we find the XMPP (aka Jabber) servers ejabberd and Apache Vysper, with more to choose from. Here, a clear best-of-breed has yet to emerge, and furthermore, it will require a bit more effort on the admin and user side to configure and use. As an alternative, there is of course always IRC, with plenty of software in place.
  • Taking instant chat one step further, a Voice-over-IP server like Asterix is worth considering. However, here setup and install might be tricky, and again, signing up / switching over users might require more effort. Once installed, though, there are plenty of FOSS clients to choice from, both on the desktop and mobile.
  • Moving on to more business oriented software, online calendar through the Apache caldav module is worth exploring. As an alternative the Radicale server is reported to be easy to install and use.
  • A closely related standard protocol, WebDav, offers file sharing and versioning (if plain old FTP is not an option). Again, there is an Apache module, mod_dav, which is relatively easy to set up, and access in various ways, including from OSX and Windows.
  • DIY Internet

    That list should cover the basics, and a bit more. To round it off, there are a number of experimental or niche services which is worth considering to their propitiatory and closed alternatives. For search, the distributed YaCy project looks promising. GNU Social and Diaspora aim to taken on heavy weights in social networking. Finally, GNUNet and ownCloud are peer-to-peer file-sharing alternatives.

    The future lies in distributed services, with content at the end-nodes, rather than the hubs. In other words, a random network, rather than scale-free. Taking that characteristic back to the physical layer (which traditionally always has been scale-free), there are “dark nets” or mesh nets, which aim to build an alternative physical infrastructure based on off-the-shelf WiFi equipment. Currently, this at a very early experimental state, but the trend is clear: Local, distributed and controlled by individuals rather than large corporations.