Eben Moglen Calls To Free the Cloud 173
paxcoder writes "You have been informed about Diaspora, a (to-be) distributed free social network. What you may not have known is that it was inspired by an excellent talk by Eben Moglen called 'Freedom in the Cloud.' But it doesn't stop there. At Debconf 10 this month, Moglen went further, and shared his vision of a free, private, and secure Net architecture relying on ('for lack of a better term') freedom boxes — low-price, ultra-small, plug it into the wall personal servers. He believes they will catch on since they will eventually cost less than a router, provide more functionality and freedom to the user, and even help your friends bypass any censorship by encrypting and routing their traffic. Since hardware is being taken care of, we are called to assemble the software stack. The title of this sequel talk is How We Can Be the Silver Lining of the Cloud."
All they need to do is everything (Score:5, Insightful)
Hardware that no one has adopted with software which no one has written is not a replacement for social networking sites.
I for one... (Score:4, Insightful)
Re:All they need to do is everything (Score:3, Insightful)
That's where people with vision like Eben Moglen come in.
Any old monkey can propose something that already exists.
Re:All they need to do is everything (Score:5, Insightful)
You raise a good point, but this is a chicken and egg issue. Back in the day, near the dawn of the personal computer, user's personal machines were generally not networked. You could get a network card, but there wasn't much point for most users. This is because there were not generally useful network-aware applications, there was a lack of lots of other machines to communicate with, and a lack of generally useful information to share on the network. Each of those kinds of problems posed a barrier to solving the others.
Facebook, dating sites, and other social network sites in general have the same kind of chicken and egg problem when starting up-- there is no real value for the early adopters because nobody else is there yet.
So your statement that hardware that no one has adopted with software which no one has written is not a replacement for social networking sites is completely true, obviously. But at the same time, there has to be a way to make the statement false. Otherwise, we must say that today's existing social networking sites can never be replaced. Because whatever replaces them will, at the time of their birth, have zero people using them.
It may well not work out or not catch on, but somehow, some day, today's existing status quo will fall and be replaced by something else. And something else has to be built before it can be used.
Any tech specs yet? (Score:2, Insightful)
Hoping not to have to set aside the time to wade through all the annoying happy talk just to find out there's no technical meat. Someone please just tell me: are they nailing down a protocol spec first so that we can all do our own interoperable implementations, or at least all contribute code, and so not have the time wasting nightmare that was the Freenet project?
I don't get it (Score:3, Insightful)
Am I misunderstanding, or is the entire premise of this vision relying on 99 dollar, Linux powered, "plausible deniability" boxes?
How does encryption tie into a 99 dollar wall-wart? Privacy? Mesh networking for country living?
I just don't see it.
As software engineers, the EFF are good lawyers... (Score:5, Insightful)
I see where he's going with this, and while I expect that certain aspects of the concepts will eventually be implemented in different ways, we have to be clear that the idea of everyday people administering their own servers is just not practical. I realize everyone here sees it as something we're willing to invest our time in, but most people don't. Servers exist for a reason, there are people (called system administrators) who can specialize in making sure the server software you're accessing, your data, etc. all are secure and have 99% uptime.
I'm not the kind of person who thinks that there is a divide between a sort of tech elite and the unwashed masses who will never understand this stuff. I'm one of those people who thinks that even your grandmother can learn how to recompile Apache given enough time, interest and dedication. The problem is that doctors are busy being doctors, plumbers are busy being plumbers, parents are busy being parents, and so on an so on. Even as a software developer, I prefer to not administer my own servers if I don't have to. I have friends who are very intelligent people who are very accomplished in non-computing fields who use virus and adware-ridden Windows machines. I don't suspect they're interested in taking the time necessary to fully secure a server that holds a digital representation of their life.
So this idea of a total peer-to-peer networking is not an approach I think we should pursue, not because it's not technically achievable (it totally is), but because it's not practical on a social level. This is reflected in the difference between Appleseed's approach to open source social networking and Diaspora's: Appleseed uses a federated node structure, and Diaspora claims to use a P2P, although we haven't seen the code yet, this was the original promise, and since the EFF is backing the project, it fits in with what Moglen is suggesting here.
We'll see where we end up, but I worry that if we push for Moglen's approach, we may see a small ghetto of tech savvy users who adopt it, while everyone else chooses to remain with the proprietary systems, because they're just that much less hassle. It makes much more sense to me to push for federated, hosted solutions, so that an ecosystem of servers (administered by professionals) can exist, and users can move freely between them.
Michael Chisari
http://opensource.appleseedproject.org/ [appleseedproject.org]
Re:As software engineers, the EFF are good lawyers (Score:4, Insightful)
Servers exist for a reason
Unfortunately, the reason is no longer "to make it easy for people who cannot administrate their own server." All too often, the reason is becoming "to collect data from people and sell it to marketers, by convincing them to do things they were already doing before on a server that is programmed to collect data."
Like so many other things, though, I see this is as becoming relegated to geeks who actually care about the issues, and remaining completely unknown among the majority of people. Case-in-point: email cryptography; most people are not doing it, not because it takes too much effort to verify keys, but because they are completely unaware of cryptography.
Re:I for one... (Score:4, Insightful)
...can't wait for these wall-wart 'freedom boxes' to get rooted on an astronomical scale.
Or for laws requiring all such devices to be pre-rooted according to government specifications in various countries. Also making all non-rooted devices illegal to own or operate without a special license. Of course, this would probably lead to astronomically large security holes for others to exploit, and which you are not allowed to patch.
Re:All they need to do is everything (Score:5, Insightful)
I can't help thinking this is how the Communist Manifesto would have sounded if it had been written by Marvin the Paranoid Android. ;-)
Re:As software engineers, the EFF are good lawyers (Score:3, Insightful)
Case-in-point: email cryptography; most people are not doing it, not because it takes too much effort to verify keys, but because they are completely unaware of cryptography.
Sure I could do that at work but we are forced to use Exchange now, and for me that means OWA on Linux. I could paste in ASCII armored PGP messages but I am pretty sure that this would get me a tap on the shoulder from corporate IT with the possibility of being shown the door on the spot.
So fair enough its their workplace but some countries are going the same way (see UAE vs RIM) and my country (Australia) wants port blocks and filtering on http.
So maybe encrypting your email will eventually be regarded as a security risk (for the country, not the individual) eventually.
Re:Transcript (Score:3, Insightful)
nobody cares about freedom. (Score:2, Insightful)
Nobody care about freedom, and that is why the idea is doomed. People want to connect with their friends on facebook. You start talking about computing freedom, their eyes glaze over and they suddenly remember they need to go clean their fish tank.
99% of people only care about their own personal convenience at the moment. Nothing beyond that.
Here's the thing... (Score:5, Insightful)
It's fine to build a better server. But a network is not just the nodes; a network is also the paths, and the paths, my friends, are not anything either the telecomm concerns or the government are going to allow us to control, or have any of our own. And this gives them, if they think they need it, complete control over these new systems. If traffic passes over their paths that concerns them, they'll just shut it down.
So while I appreciate the idea, it's literally only half-baked. Wake me up when someone builds an inexpensive network in unregulated RF space. Until then, control, and therefore freedom, is unattainable.
Re:I for one... (Score:2, Insightful)
If the hardware is genuinely free, then what in the world is there to "root"? That concept only makes sense with nonsense like Apple/Google telephones.
It may be to late... (Score:3, Insightful)
I2P? (Score:2, Insightful)
Ugh. It's in Java!
I'm sorry. I don't want to seem ungrateful, but I just don't need the headaches that come with a Java runtime. Easy installation and maintenance is a must for a successful end user software. Adding a runtime that isn't really all that open source mucks things up needlessly. Plus it runs more slowly.
I like Tor. I'd like to see a distributed Facebook clone built atop Tor.
Re:Transcript (Score:4, Insightful)
Videos should be downloaded, and viewed from the local hard disk.
Decentralized Architecture Won't Protect Privacy (Score:3, Insightful)
Email is a decentralized protocol, but there are reasons why people give up their privacy and prefer web mail for convenience. What Eben Moglen described is basically making decentralized protocols for everything including social networks and such. But even when we created the perfect decentralized protocols of everything, I don't think that it will prevent data mining and protect user's privacy.
To simplify the view, just lets say we can do everything with email, let's say all the user's personal data are stored in email messages. To really protect my privacy, not only I'd have to host all my emails, but I'd have to set up my own email server as well. Not only I shouldn't use the web interface, but I also should't use the POP/IMAP/SMTP services that Gmail or Yahoo or my ISP provides. Now building my own web interface would not be so hard, as I'm hosting my own server. But making sure of my server is on most of the time and physically managing and backup my email data on my server would not be so trivial. What happen if I travel oversea and my server crashed or my home went out of electricity? What happen if disaster happened and everything in my house including the server and backup are gone?
So have these problems are exactly the reason why people choose Gmail. By hosting the server on the cloud, all the uptime, backup, and management problems are solved out of the box. Of course there might be better solution than Gmail, but I doubt if it will success commercially. Now lets say we created free software stack that performs better than Gmail and work out of the box. With the software in hand, all we need is just a place to host the server. User would then have three choices: 1. Buy a server plug and host it at home, 2. Purchase web hosting and host it as a black box in the cloud, and 3. Let Google host the same software for free but with storage and data shared with everyone. While option 2 is supposed to be the optimum choice, majority of people would still choose option 3 simply because it is FREE.
So IMHO the real challenge to make the public to adopt a decentralized architecture is to come out with a better business model. Simple hosting charges won't work when there are free alternatives, and there is no way to make black box hosting free. Average Joe will neither want to purchase troublesome sheeva plug nor would they want to pay for hosting in the cloud. Decentralized architecture will not prevent centralized hosting and data mining, what it does is allow us to switch from one provider to another easily. Whether the user choose a free provider that mine data or become their own provider, its entirely their choice.
The other problem with privacy in decentralized architecture is that you actually get less privacy when you use centralized identification. People here often complain that they don't want Facebook to know they like or comment on some random webpages. While that might be a problem, most of our information can already be found in the Internet publicly. If OpenID become the norm, my ID at Slashdot, Twitter, Facebook, Digg, YouTube, and whatever random forum should remain the same. This would be even true for a decentralized data architecture because you need a universal way to identify yourself. With OpenID, a simple Google search will reveal this post I'm writing in Slashdot, the comment I gave on random YouTube video, the articles I digged and liked, and whatever sites that I participated in. Actually all these information already available publicly, but what really stops Google on mining it is the lack of unified ID.
In conclusion, while a decentralized data architecture might seem good, it doesn't help much if most of our information is already available publicly. Protecting private data is only feasible unless we can find a way for providers to provide hosting services. And even if all these problems can be solved, I still don't think the privacy problems could be solve with just that.
Re:It could be so. (Score:2, Insightful)
In the early days of the internet, the freenet (yes, it has been around that long) was almost as valuable as the non-free one.
I was there. In the early days the freenet was more valuable than the Internet simply because the Internet was not to be had by common people. Expectations are indeed now different, and that's curious. These expectations are built of nothing but advertising. They have no substance.
I could - hell, I might - connect an aggregate 5,000 homes to a localnet. Between us we earn $300M a year and typically spend it all. It's a market. What idiot wouldn't pay to connect to it? With that I'm not going a half mile from my house. Stretch it out to a mile and you can triple those figures. I don't live in a rich area - I'm in the burbs of a secondary market. In Manhattan that much income is not even one apartment building. In LA one property development might be 10 Billion dollars a year market or more. To ask those people to pay for a fast Internet connection is just ridiculous. We have been sold a bill of goods.
The Internet desires us more than we desire it. We are the engine of economic growth. It should come to us, not the other way around.
Re:Here's the thing... (Score:5, Insightful)
I know. I'm an extra-class HRO.
The FCC has long been complicit in awarding, maintaining and ensuring that access to the RF spectrum is thoroughly monopolized through them. That's why they never allowed local AM and FM stations at the citizen level worth a damn; that's why even the ridiculously expensive "low power FM" stations were only drizzled out, and even then, incompetently and mega-slowly; that's why HRO's are restricted from playing music, "broadcasting" (meaning, transmitting to a general listening audience, like SWLs, rather than just to other HROs); that's why any number of restrictions exist. The government protects and serves the corporations before the citizens get even one moment of consideration. And that in turn is part of why we'll *never* have access to a citizen's "network band" or anything like it. The other part is the government's perceived need to monitor us. That's only getting more intense as well.
What we actually need is a new *method* of communication, and worse, we need to get a jump on it before the government does. What? I don't know. But as different from RF as laser links are, and as non-interfering as they are as well. Quantum coupling or something. I don't know. All I know is that the Internet as it exists now is more locked-down and regulated every day. The odds of actually increasing freedom within its bounds... pitiful.
Re:Why Eben Moglen is misguided... (Score:4, Insightful)
Re:Here's the thing... (Score:3, Insightful)
The telecoms don't control wifi frequencies. These "freedom boxes" could earch be a node in a wireless mesh network. I've been wishing that someone with clout would start this for some time.