|
From: | Melvin Carvalho |
Subject: | Re: [GNU/consensus] Fwd: FYI: Securing the Future of the Social Web with Open Standards |
Date: | Mon, 22 Jul 2013 22:13:04 +0200 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 07/22/2013 06:01 AM, Melvin Carvalho wrote:
>
>> Klaus Schlesiek wrote: In essence, Edward Snowden has raised the
>> question of "trust".
>
*** Yes Klaus, you're right. I share most of your analysis. I posted
some of it yesterday and will correct the draft of the GNU/consensus
Whistle [0] to mention trust as well as privacy.
At least there's a shared agreement that we're living a momentum for
radical change.
*** That is the challenge we need to overcome! Two days ago I was
>
> Crowd funding is a good idea. Although it tends to be non
> optimally allocated.
>
sitting in a library with a friend and I was proposing that we could
bring 10 developers from various projects and sequestrate them in a
cheap country to fix the inter-project communication for good. That
would not take a lot of investment to do it under nice weather
conditions, for 6 months to a year, and it certainly wouldn't take
that long to move from the actual mess to properly functioning
grassroots federation. We could do that with the Mocambos network in
Brazil (Vince?).
- From there, we could start worrying less about whose project is
mo'betta, and focus instead on figuring out a network of peers, a
scheme to mix global economies of scale for setting up infrastructure,
and local funding for sustaining local communities into cooperating
across state boundaries to build what we really want: a
privacy-preserving, censorship-resistant, local-community-operated
network of networks that will redefine democracy, or rather: res publica.
*** Yes! But we're facing huge inertia: of nation states, of
>
> Decentralized payments could change things.
>
capitalist banks. Can we get cooperative banks on our side? Can we
convince people that in order to escape from Prism, they need to
invest in their^Hpublic communications infrastructure, and in
their^Hcooperative financial infrastructure; and that this is not out
of reach!
*** Yes! We don't need a leader, we need leadership. And consensual
>
> I agree although Linus was also an exceptional mind, coder and
> community leader. He had a pure focus, ie to port the UNIX kernel
> to GNU as free software.
>
> In the social web we cant assume that we'll be blessed with someone
> as brilliant as Linus, and there is mixed focus, so working
> together becomes important, which is one area where standards can
> maybe help. I say *maybe* because a standard that is restrictive
> may sometimes be counter productive.
>
leadership. Based on ethical values, and clearly defined objectives.
The more I look at it, the more I think we should go for the simplest
possible thing, and leave convenience out of it, because convenience
is a vector for surveillance and control.
Ironically, Mozilla made a "Prism" project some time ago that would
allow to run a feature-stripped firefox to reduce risks, and make the
web app look more like a native OS app. A concept that Ubuntu recycled
pretty well, so much that it became itself a vector for
commodification of the user into a consumer.
*** Oh, I think we're on the path to reaching a GNU consensus on free
>
>> Before we can start to speak about standards, we need to have a
>> consensus of those interested in a post-faceboogle social web
>> about its structure and capabilities. You may call this worthy of
>> a standard in itself, but very basic properties have to be agreed
>> upon before serious efforts
should be
>> invested into realizing it.
>
social software :)
*** +1, but only if it's end-to-end, otherwise, see (8).
>
> Together with Elijah of the LEAP project we came up with this list
> of priorities:
>
> 1) Client side encryption
>
*** We tend to always repeat the same: public communication does not
>
> +1 Certainly should be an option, or a default, but key management
> is hard and a topic in itself, it takes time. I would say a goal
> to build towards.
>
need to be encrypted, so it's a use case that should easily be agreed
upon. Yet, everything that is not explicitly public is, in my opinion,
to be private: that means, in the current context, strongly encrypted.
>
> 2) Social graph obfuscation
>
*** +1
*** +1. I've been looking into OwnCloud 5 and Git-Annex lately.
>
> 3) Self determined data storage
>
>
> 4) Scalability
>
*** +1
*** Are you talking about Friendica (probably the largest surface of
>
> 5) Integration of old friends on legacy networks (which would
> compromise 1 and 2 for those, of course).
>
>
> +1 Some projects are underway to build this kind of 'driver'
>
contact with legacy networks), GNU Social (AKA StatusNet+Free Social),
others?
*** Including OFFLINE! I'm not sure whether that is covered by the
>
> 6) High availability - you should be able to access your data when
> you want it.
>
more server-sideish "HA".
*** +1, and with various ACLs: I can't trust my phone as much as my
>
> 7) Device portability - you should be able to access your data
> from multiple devices at the same time
>
laptop for example. And certainly not a random computer in a random
cybercafe. [1]
*** Honestly, I'm not sure that is a sane decision. Not until there
>
> 8) Client choice - you should be able to use a mobile, desktop, or
> html5 app client (once webcrypto is deployed in browsers).
>
are some things fixed:
- 1 TLS certification authorities (utterly broken and mostly
untrustable)
- 2 TLS perfect forward secrecy implementation everywhere (servers,
browsers) including protection against TLS-downgrade attacks. That's
mostly a matter of proper configuration though.
- 3 _javascript_ protection: Libre JS to ensure the code run on the
page is genuine and not malicious
- 4 proper protection against XSS, CSRF, and other MITM
3 and 4 are way out of reach at the moment. HTML5 is bringing new
attack vectors, and the development of the Web is going towards more
usage of centralized resources (+1, Like, Login with X, analytics,
etc.) without mentioning _javascript_-less CSS-based or DOM-based XSS,
plugin-based infection, and mobile phone network insecurity as a whole.
To me (8) is the convenience door open to keeping the spyware operate
as is. We should aim instead for much more ambitious things: secure
hardware, end-to-end encrypted connections (see (1)).
*** +0 Again I see that as a convenience door open to spooks. True
>
> 9) Multiple identity - you should be able to maintain multiple
> identities, and choose to link them or not.
>
unlinked identities are to remain... unlinked. Maintaining multiple
identities on a single device for example, is hard to protect in case
it is compromised...
*** +1. Identities are made to recognize people.
>
> These are sometimes called 'nyms' (short for pseudonyms) ... yes
> it's important to think in terms of multiple identities, most
> systems restrict you to one, and even worse, one that is a subset
> of their particular world view.
>
It is in the interest of bureaucracies and surveillance systems to
recognize people globally. That's why they want you to bear a "family
name" and well as a "given name", to get a passport and an identity
card (a recent invention that's supposed to prevent crime, but
everybody knows that criminals can forge identities), or in a too soon
future an implanted chip (now sold as "cool" for VIPs in hype clubs,
"life saving" for people with medical conditions or soldiers,
"protective" for inmates, or "efficient" for cattle).
But in social networks, people are used to share identity with their
own circles, and independently of their "Real Name (TM)". If you're
"Mister Smith" to your employee, you're "John" for your neighbor,
"daddy" for your children, "honey" for your wife, "spud" for your
former classmates, etc. Your identity only means that the people
susceptible to interact with you know who they are addressing
consistently, and you do as well know who is talking to you.
Identity is not about 1 person, but about a bi-directional
relationship. I have nothing to do with the NSA, nor any suspicious
government, nor any marketing entity that want to commodify me. So to
them my identity must be ephemeral.
*** It depends. If I'm willing to use the Briar Transport Protocol,
>
> 10) Protocol agnostic - you should be able to cross-communicate
> with different protocols, be they XMPP, HTTP, or p2p based.
>
obviously I don't want nor need that it interoperates with anything
else. Again, spooks might want that, but not me.
If I want to communicate using a protocol, with someone who is using
another, there should be a possibility for me to bridge that
communication to that protocol, but I would not put that as a requirement.
*** Yes.
> Although I would love to see this happen, it's perhaps taking on
> too much for the first phase.
>
*** +1. Private group communication is fundamental.
>
> 11) Secure groups - groups with membership determined
> cryptographically. Groups function as a virtual user, with all
> users in the group able to receive and send as the group, because
> they share a private group-key.
>
It's also a hard problem: sharing a private group key was discussed at
length last year during the hackathon in Berlin. Two main issues were
raised: 1) how do you bootstrap the key? 2) what to do when people
join or leave a group?
So maybe the notion of group must be revised as well to match
volatility of the concept. Transient groups might form and want
ephemeral communication; more stable groups will arise and want
perennial archives. Etc.
*
For me, most of the points you propose are conveyed by the
GNUnet/Secushare project, which you mention in your presentation, and
that is the explicit goal of the GNU/consensus project. For which I'm
being an opportunistic Bolchevik and wish for a (somehow short)
dictatorship of the Web people until we are ready to move to a true
p2p architecture. :)
==
hk
[0] The GNU/consensus Whistle is an upcoming monthly newsletter that
should start its life soon. A draft is available on the GNU/consensus
wiki at http://libreplanet.org/wiki/GNU/consensus/whistle/002013-07
and you're welcome to edit it.
[1] 3 years ago:
http://libreplanet.org/wiki/User:Hellekin/A_User_Perspective_Of_GNU_Social
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
iQIcBAEBCgAGBQJR7YfuAAoJEEgGw2P8GJg9wBEP/Rdc/Akdiei2xEJ6t2aT6Qvn
WHbD72x9TdmP2Q5jj5iHJPnZO3xFCeRx73ZXeXbZKjVTOkP2pG+d5KXCVq7/wUwk
joy0hptBJVW6LSdv1hggf9s4emwfT0K8SyNxl2t5l1KC5EPVLcflZYWsQ2lmw61C
8JJPM2QtPVJbAQ+FiNZnK4DJebzfUPVvkQ19ImANrm/SPAtO0LqnO3UUXWbtRmLf
IXS43+PQn+Yq8Gm/hLVZxaZDR4RVF86eER2fV/993+DUZJczMogNapslQ19Z8VRo
mXXFhg2T9zP1A8w4ZGJJPB6ar5havCBlaS7xWp+zwTDuuwy3pt4VkLpGGG/oNRM5
NGDEed3pGJXloyZ2kapk8vowcVhT8ano/f+uJCbMavhU6f407CjpDAEo+Y1wWhbl
whWOI+oOOkitQfSbSwPP1I2x/JSCJMhI2lSzhC8o1/cMofbmZV8z3tEFAeizFtBa
1VHXYbVzNxhzgDVQqSe8ioj7Q2bd55hvPHaTHdxwTibENjyErij/M6bZJ1wIEYEi
WT+dlePfhfa2/LdVsi5i5BJ4/u+GWLhFKFE9lQevdECJkdS3wzuCBd6SRK3poPee
I5TmAiJZT3XfGZaAXKPjaP/zEK0JoXtiDnI5oki1t5B6BJERT9hSIPxxc4/G1rUZ
xH960Bxxi8w8gYe/KgJi
=LPX5
-----END PGP SIGNATURE-----
[Prev in Thread] | Current Thread | [Next in Thread] |