On 06/28/2011 08:55 AM, [email protected] wrote: > First, there is no real "central" logging, no unique big > brother that the freedombox might want to defeat, but a lot of different > (from size to content) logging databases out there, maintained by a lot of > different actors.
. . . > Often, interesting databases are the one maintained by ISPs. Even if a > hosting doesn't log anything and try to avoid the "central logging of > activities" this way, ISPs are at the right place to reveal a lot of > things about "activities of the masses" (i.e revealing who browsed a > website when posts were made). > > I guess the easy answer to this other "central logging of activities" > threat is to use Tor when needed/possible. But then, wouldn't that be to > close to the "more complex problem of activists needing secrecy, > anonymity..."? I think this is a great point and one we should pay a good deal of attention to in our threat model. I don't actually think Tor is an easy answer. If we build a system that routes everyone's web traffic through Tor as a general practice, we will never gain adoption beyond the members of this list and the existing Tor user base. Most people will plug the box in, discover that their online banking doesn't work any more, that every website treats them like they are in Germany, destroying their ability to conveniently read things on many sites, to stream video from anywhere, etc, and that the general speed of their internet browsing has dropped substantially. Most people will see these results of plugging in a FreedomBox and quickly unplug it. There is a scale, it goes from the worse case scenario where everyone you interact with online knows everything else you do online, to the best case scenario, where no one you interact with knows enough about you to be sure that you are the same person from interaction to interaction. Currently most people are almost all the way towards the worse case scenario. We are not going to get them all the way towards the other end at once, but we can move them along incrementally and the first step towards that is to identify the places where the most information about us is being collected and start pushing back. For that reason, my current threat model is the over-concentration of personal information in a handful of places. At the moment, the biggest information centralizers I know about are: ISPs, search engines, and advertisers. (Governments are also large information collectors but, in the US at least, they function through the hands of the private industries. So when the NSA wants to follow all the calls in the US, it gets that information from the phone carriers rather than actually going out and bugging every phone, or even installing tracking devices on every phone tower.) We can push back against ISPs, search engines, and advertisers without having to route everything through Tor. We can use local proxies that automate best practices for direct surfing, things like the HTTPS-everywhere, TrackMeNot, and CustomizeGoogle firefox plugins. Right there we could cut down on direct click tracking and unencrypted http connections while also adding some basic data set poising for the rest of the monitoring. Throw in ad blocking and we move a step past that. Add an email and chat system and we pull even more data out of the center. Encrypt that data, even just with secure SMTP and OTR by default, and we cut the ISPs out as well. Do that with enough services and people might stop logging in to google every day. Alternately, if people are going to be logging in to Google/Yahoo, etc every day, we could offer to block that cookie to sites other than google, or to re-route search engine searches to another provider or many providers, so that one company doesn't have a complete picture of your activity online. Importantly, all of these things will work without damaging people's experience of browsing the web. Some, like ad blocking, will make pages load faster and look cleaner. Some, like HTTPS-everywhere, are simple enough that any delay should be unnoticeable. The rest, like TrackMeNot-like dataset poisoning, we should set up only to use excess bandwidth during otherwise down connection time. If we get too caught up in trying to build a box that makes people completely invisible at the cost of making the internet unusable, I fear our tools will never make it far enough in society to actually do much good. -Ian _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
