Monthly Archives: February 2011

Birth of the FreedomBox Foundation

Eben Moglen’s FreedomBox idea has caught my attention ever since his Silver lining in the cloud speech August last year. Unfortunately I haven’t noticed any visible progress on the project – until today. Looks like things have indeed been going on behind the scenes, as Mr Moglen has created the Freedom Box Foundation.

This inspired me to watch another of Moglen’s talks – Freedom in the Cloud (transcript here) – an older video that inspired the Diaspora project. Whilst it didn’t shine any more light on the subject (it was slightly more vague about how a FreedomBox device would function), Moglen was certainly right that people have been all to happy to sacrifice their privacy for convenience.

This blog runs on my personal home server. If the government wants to know what information I have on it or who has been accessing it, they can get a search warrant. They would have to physically enter my home and take my computer away to get it. The logs are all stored here – not on Facebook, Twitter or anywhere else. Nobody cares more about my data than me, and the government or anyone else who wants my data will have to go through me. That’s privacy.

My wife also has the option of using the home server for hosting her blog – but she refuses. Instead, she decided to post all her blogs and photos on Yahoo Blogs.

When I asked why, she told me that she wanted to know who was visiting her website and asked if I could tell who visited my website.

“Sure I can… kinda. I can give IP addresses. I can look up what countries those IP addresses have been allocated to. Alternatively, I could potentially see people’s user-names who visited my website if somebody logged in – required if somebody wants to post something.”

My wife was not impressed. “I want to see a list of user-names for everyone” she claimed. “Simple” I replied – “only allow people to view content when they log in”. In theory they shouldn’t have any privacy concerns since they obviously already need to be logged in to visit your site at Yahoo.

“Ah – that won’t work. They are already logged in when they visit other blogs. Nobody will create a separate login just for one blog – people are too lazy and nobody will visit.”

And there you have it. Seemingly, many people who use Yahoo Blogs (and presumably Facebook) feel the same way. I personally don’t care who visits my website and don’t see why I should care. If somebody wants me to know they visited, they can drop me an e-mail or post a comment.

OpenID would solve part of the problem my wife describes – it would reduce the burden of creating a new account, but won’t eliminate additional steps. It also requires the reader to already have an OpenID account to see any benefit, and it’s just not popular enough. I just spent a few minutes clicking through my bookmarks, and I could only find one website with OpenID support – SourceForge – and even then they only support a limited number of OpenID providers.

Will the FreedomBox project fix my wife’s use-case scenario? Most probably. One of the primary goals is “safe social networking, in which, without losing touch with any of your friends, you replace Facebook, Flickr, Twitter and other centralized services with privacy-respecting federated services”. Most probably Yahoo Blogs is popular enough that it would be included in that list.

How would the transition work though? If my wife had a FreedomBox, she would presumably be able to navigate a web interface to have it suck down the Yahoo Blogs data and host it locally. Next, her Yahoo page would add a link to her FreedomBox URL. When people visit, they would either be granted or denied access based on whether she had previously granted a particular user access. If denied, there would be an option to request said access.

However, say my wife decided to use a FreedomBox prior to all her Yahoo friends having one – how would she be able to be sure person X is Yahoo Blogs person X to grant X access? That’s where things get tricky, and is the part of the picture I’m not too clear on.

The only thing I could imagine working would be for person X to have an account on a third-party website that can talk whatever protocol the FreedomBox uses. Obviously this means another account, but as would be the case with Yahoo Blogs the one account sign-in would support access to all the FreedomBox blogs. Further, like OpenID providers, the third-party website in question would be able to be hosted anywhere. Perhaps OpenID providers themselves will even provide this functionality thereby eliminating the sign-up process for those already with an OpenID account.

I imagine it’s going to be a hard battle, but if it picks up it has the potential to be unstoppable.