[Freedombox-discuss] don't write code - user-friendly configuration
On Sun, Sep 05, 2010 at 06:10:26PM +0000, Bjarni R?nar Einarsson wrote:
> On Sun, Sep 5, 2010 at 5:07 PM, bertagaz <bertagaz at ptitcanardnoir.org>wrote:
> > One thing that is important when thinking about building a "better" and
> > secure network is users learning how it works, or at least pros and cons
> > of choices they will have to make when choosing how to communicate.
> Devices that does all the configuration "transparently" usually don't help
> > a lot in that, and I think there's more benefits to have a good translated
> > documentation rather than hiding everything to users.
> Although I commend your basic sentiment - it would be nice if people took
> some time to think about what they are doing, I think that is generally the
> wrong attitude when trying to build something to improve the security and
> privacy of the average netizen.
> Making a device harder to use won't educate people, it will just limit how
> many people you can reach.
More and more people are getting concerned about their privacy, this will
probably motivate them (as a lot of people on this mailing list did, I
guess) to search and understand how to protect it. There is an area
between "fully automatic" and "hard"...
All internet users did learn with practice and time how it works. A lot of
hackers did this way, reaching limits with some apps or protocol, reading
docs... This is the way we learn, it takes time, but the mass of new users
that came on the internet the past few years will do the same. They'll
learn with practice, and freedombox might be a good place to have them
learning what an open and decentralized internet is, rather than what
companies are trying to sell them or what governments are trying to build
by closing it.
I was just pointing that an automatically configurable box might
sounds like a nice idea, but might also be an open door to wrong manipulations,
false sens of security, bad choices for use cases etc. This is like in a
network, you can put firewalls everywhere, if one of your user download
the wrong malware, it has no meaning.
> > And finally, I don't understand how freedombox could fight the "evil
> > cloud" and also propose to use it. Maybe freedombox could have a plugin
> > architecture so that people willing to use such services could write their
> > own, but I don't think this project should put any effort in providing the
> > software to use them.
> Not all cloud services are the same. To take a extreme example, the routers
> that carry your packets live "in the cloud", and obviously you aren't going
> to stop using them. People mustn't forget that the reason we are using the
> Internet in the first place is because we want to communicate. If we are all
> completely anonymous and untrackable, then that also means nobody can talk
> to us.
This is no argument to me, you're talking about two different things. A
router is not a centralized service hosting people's data without any
control of them. Would you have reply the same to Eben during his talk?
Wonder what his answer would have been...
> The problem with "the evil cloud" is people are today giving third
> parties a vast amount of private, personal information, without really
> having any good reason to trust those third parties - and in fact, they
> have many reasons not to. Fundamentally, that is why most of us are on
> this list.
> People use these cloud services because it is easy, and because they
> want to communicate, and because they don't see any alternatives.
> So if you want to fix that, you have to make an alternative that is also
> easy and, most importantly, allows people to easily communicate.
I'm not sure "alternatives" have to follow the same rules of what it's
trying to move on.
> I personally think if you completely ignore "the cloud" and refuse to
> cooperate with today's web, today's DNS and everything else people are
> familiar with (all of which require at least a little bit of "in the cloud"
> infrastructure), then you won't achieve any of your other goals. The trick
> is to use the cloud, but get the balance right so people's independence and
> privacy are protected. We all agree that the balance is wrong today, but
> there is no need to throw the baby out with the bath-water.
I think the cloud concept as you define it is too large, and melting
unrelated things, which doesn't help to understand what we are talking