Posted
almost 10 years
ago
FreedomBox version 0.2
For those of you who have not heard through the mailing list or in the project's IRC channel (#freedombox on http://www.oftc.net/), FreedomBox has reached the 0.2 release. This second release is still intended for developers
... [More]
but represents a significant maturation of the components we have discussed here in the past and a big step forward for the project as a whole.
0.2 features
Plinth, our user interface tool, is now connected to a number of running systems on the box including PageKite, an XMPP chat server, local network administration if you want to use the FreedomBox as a home router, and some diagnostic and general system configuration tools. Plinth also has support for downloading and installing ownCloud.
Additionally, the 0.2 release installs Tor and configures it as a bridge. This default configuration does not actually send any of your traffic through Tor or allow those sending traffic over Tor to enter the public net using your connection. Acting as a bridge simply moves data around within the Tor network, much like adding an additional participant to a game of telephone. The more bridges there are in the Tor network, the harder it is to track where that traffic actually comes from.
Availability and reach
As discussed previously, one of the ways we are working to improve privacy and security for computer users is by making the tools we include in FreedomBox available outside of particular FreedomBox images or hardware. We are working towards that goal by adding the software we use to the Debian community Linux distribution upon which the FreedomBox is built. I am happy to say that Plinth, PageKite, ownCloud, as well as our internal box configuration tool freedombox-setup are now all available in the Jessie version of Debian.
In addition to expanding the list of tools available in Debian we have also
expanded the range of
Freedom-maker,
the tool that builds full images of FreedomBox to deploy directly onto machines
like our initial hardware target the DreamPlug. Freedom-maker can now build
images for DreamPlug, the VirtualBox blend of virtual machines, and the
RaspberryPi. Now developers can test and contribute to FreedomBox using anything
from a virtual machine to one of the more than two
million RaspberryPis out there in the world.
The future
Work has really been speeding up on the FreedomBox in 2014 and significant work has been done on new cryptographic security tools for a 0.3 release. As always, the best places to find out more are the wiki, the mailing list and the IRC channel.
[Less]
|
Posted
about 11 years
ago
I am pleased to announce our first FreedomBox software release. The FreedomBox 0.1 image is available here (.torrent) (sha512sum:
... [More]
867f5bf462102daef82a34165017b9e67ed8e09116fe46edd67730541bbfb731083850ab5e28ee40bdbc5054cb64e4d0e46a201797f27e0b8f0d2881ef083b40).
This 0.1 version is primarily a developer release, which means that it focuses on architecture and infrastructure rather than finish work. The exception to this is privoxy-freedombox, the web proxy discussed in previous updates, which people can begin using right now to make their web browsing more secure and private and which will very soon be available on non-FreedomBox systems. More information on that tool at the end of this post.
What have we accomplished?
This first release completes a number of important milestones for the project.
Full hardware support in Debian
A big part of the vision for the FreedomBox project revolves around the "Boxs", tiny plug servers that are capable of running full size computing loads cheaply and with little use of electricity. In many respects these are wireless routers given the brains of a smart phone. If you want to change the software on a router or smart phone today you normally need to worry about bootloader images, custom roms, and a whole collection of specialized build and install tools. We wanted to the FreedomBox to move beyond this fragmented environment and, with the help of some embedded device experts, we have managed to make our development hardware into a fully supported Debian platform. That means that anyone with a device can install Debian on it just like a laptop or desktop computer. This support is very important for ensuring that the work we do on the FreedomBox is as portable and reusable as possible.
Basic software tools selected
There is a lot of great free software out there to choose from and we put a lot of thought into which elements would be included in our basic tool kit. This includes the user interface system "plinth" that I outlined in a recent kickstarter update as well as basic cryptography tools like gpg and a one named "monkeysphere" that leverages gpg as an authentication tool. All of these are now bundled together and installed on the release image. This common working environment will simplify development going forward.
Box-to-box communication design
Some goals of the FreedomBox can be accomplished with one user and one FreedomBox but many, like helping someone route around repressive government firewalls, will require groups of people and groups of boxes working together. One of our greatest architectural challenges has been finding a way for boxes to communicate securely without so slowing down or breaking network access as to make the system unpleasant to use. We have now outlined and built the first version of our proposed solution: Freedom-buddy. Freedom-buddy uses the world class TOR network so that boxes can find each other regardless of location or restrictive firewall and then allows the boxes to negotiate secure direct connections to each other for actually sending large or time sensitive data. We believe this blended approach will be most effective at improving the security and usability of personal-server communications and all the services we plan to build into those servers.
Web cleaning
Our first service, a piece of software you can use today to start making your web browsing more secure and private, is called "privoxy-freedombox". This software combines the functionality of the Adblock Plus ad blocker, the Easy Privacy filtering list, and the (HTTPS Everywhere](https://www.eff.org/https-everywhere) website redirection plugin into a single piece of software to run on your FreedomBox. Combining these different plugins into software for your FreedomBox means that you can use them with almost any browser or mobile device using a standard web proxy connection. Because of our focus on building the FreedomBox as part of Debian this software will soon be available to anyone running a Debian system regardless of whether you are using our target DreamPlug hardware, a laptop, or a large rack server somewhere.
As you read this packages should already be available in the Raspbian repositories, which is the optimized version of Debian used on the Raspberry Pi hardware. Hopefully we will get that onto the main Debian mirrors over the next month; if you are interested in building it for yourself in the meantime, the source is available from gitorious. As we build additional components for the FreedomBox we will continue to work on making them widely available.
What is next?
As you may have seen, our Project Lead, Bdale Garbee, is about to begin a well earned early retirement from his long time role as Open Source & Linux Chief Technologist at Hewlett-Packard. Over the coming month Bdale and the rest of the Foundation team will be putting together plans for the next stage of FreedomBox development and the road to a 1.0 release. News and updates will follow at freedomboxfoundation.org (rss).
[Less]
|
Posted
almost 12 years
ago
Wow. Thanks to everybody who showed up in New York to hack on the
FreedomBox and other projects. This event was a bit of an experiment.
Instead of doing a FreedomBox Hackfest, we opened the event to other
projects that share our goals of private
... [More]
, free communication. We were
lucky enough to get developers who work on Guardian, Access, Tor, CryptoCat, Commotion Wireless, EFF, TrackMeNot and other initiatives.
The resulting cross-pollination of skills and ideas pushed all of
these projects forward with speed and focus!
While all the projects hit impressive milestones this week, it was
FreedomBox that had the most activity. Here's what we did:
Boruch Baum, Daniel Howe and James Vasile worked on validating the
regexes in freedombox-privoxy. That package is much closer to
stable now. Boruch and Daniel did the heavy lifting. They took a
problem that had, frankly, stymied us, and put in the attention and
research to get it moving again.
Ariel and James brainstormed the user experience on first boot.
Ariel made a series of slides detailing requirements in this area,
which means we now have a roadmap for first boot.
Bryan Newbold hacked a configuration management solution into
Plinth so now the front end can talk to the system. He and James
are making a demo module for documentation.
Nick Daly added a command-line interface to FreedomBuddy. This
interface can be used to query the FreedomBuddy service, and will
be pushed to the public repository by the end of the week, with the
next weekly image. The interface currently depends on the HTTP(S)
interface, which is a limitation that will soon be removed.
Nick and Simo Sorce began implementing a self-configuring OpenVPN
system using the FreedomBuddy's command-line interface. That will
also be available by the end of the week.
Nick internationalized the FreedomBox UI with help from several
other folks. Work will be completed in the next few weeks to
support Python's standard approach to internationalization,
GetText.
Pablo Arcuri started internationalizing FreedomBuddy to include a
Spanish translation. It may soon also have a Farsi translation.
Nick and Nadim Kobeissi considered, and ultimately rejected,
including CryptoCat on the default FreedomBox image, because of
its reliance on PHP. Nadim is building a CryptoCat 2.0 that will
be based on XMPP. When that is ready, we'll integrate it as
FreedomBox's secure chat solution.
James explored browser fingerprint munging in freedombox-privoxy
using advice from Eva Galperin. He concluded that this is a task
better left to a browser plugin and might start speccing that
plugin.
James discussed thread modeling methodologies with Matt
Hollingsworth and started nudging FreedomBuddy toward a more
defined and explicit threat model.
This hackfest was an unqualified success. Big thanks to our partners,
ISC (especially Ray Short), OpenITP and ISOC-NY for pooling resources
to pull it off! Thanks also to Elizabeth Boylan, who managed
logistics and never once complained about our disorganization. Ian
Sullivan worked his usual behind-the-scenes magic. Dragana Kaurin
organized the people and the reporting and stipends. And Willie
Theaker provided key support in arranging for people, food and
supplies to always be in the right place at the right time.
[Less]
|
Posted
almost 12 years
ago
FreedomBox, OpenITP, InformSec and ISOC-NY have partnered up to host a circumvention tools hackfest in NYC right before HOPE. We've got four days to plan, code and learn! If you want to hack on anti-censorship or anti-surveillance tools, bring your
... [More]
project, bring your skills and bring your friends. This event will be focused on writing code and solving design problems. We won't have any long presentations (there will be enough of those at HOPE), though we will have lightning talks and will give away a door prize or two.
Where: Columbia Law School, Jerome Greene Hall, 116th and Amsterdam
When: July 9 - 12, 10 am
Who: Privacy and free communication hackers like you
Please RSVP to kaurin at openitp.org and tell us what you plan to work on, what kind of projects and people you hope to meet, and which days you will join us.
Feel free to repost this invite or to link to it.
Some modest travel stipends are available for amazing projects. Email James Vasile (james at openitp.org) about those.
Some projects we know will attend: Commotion Wireless, Cryptocat, Guardian Project, the Lantern Project, and Access.
If you are looking for lodging, take a look at this list of nearby hotels. If you want a hostel, there's one on 103rd and Amsterdam.
Big thanks to our partners, all of whom are contributing crucial support and resources.
[Less]
|
Posted
about 12 years
ago
Hackfest Report
The FreedomBox Hackfest at Columbia University was a huge success. We
hosted 25 people of diverse talents and interests. Some folks came to
learn, acquire DreamPlugs and do a guided install of Bdale Garbee's
FreedomMaker. Others
... [More]
took up parts of the (task
list)[http://freedomboxfoundations.org]. We learned a lot about the
boxes, ideas for routing, data modeling, and security concerns. Lots
of people pitched in on the tasks list, and descriptions of that work
are below. Most importantly, we had a lot of fun meeting each other
and collaborating. If you are interested in any of it, please ask
about it on the discussion list, especially if you want to help!
Huge thanks to everybody that participated. Many people came by just
to learn about the FreedomBox, talk about their use cases and offer
encouragement. That activity is very helpful, and we appreciated the
fresh perspective.
We intend to do more hackfests, perhaps in more cities in the near
future. This weekend was a great success in progress, bug squashing,
design, and first-draft implementation of key FreedomBox
infrastructure.
Thanks again to everybody and especially to Columbia University,
Elizabeth Boylan, and ISOC-NY for logistical and material support.
Progress and Activities
Nick Daly, Issac Wilder, Ian Sullivan and I fleshed out my earlier,
nascent Port Santiago work (more about that below) and implemented
some basic FreedomBox discovery and connection functionality. Nick
and Issac also sketched out a DHT scheme (codenamed Neruda) for
finding boxes. Nick and Issac each did presentations on the
routing issue. Joly Macfie from ISOC-NY took video of those
presentations and will get them online this week.
Nick and Ian iterated hard on paired boxes (a dedicated,
hard-coded, factory-set proxy server and client connection) as a
way to roll out freedom to small numbers of people stuck behind
national firewalls. We now have paired boxes that locate each
other on the network and proxy for each other!
Barbara Mack came to us with expertise in data model-ling, and she
spent her time doing deep thinking on the person model and how it
connects to the rest of the FreedomBox.
BoxySean installed FreedomBox on a GuruPlug and updated the Wiki
with details on how to do that more easily. There are a lot of
GuruPlugs out there, and his work is a big help.
BoxySean and Brian Newbold started work on configuring the
FreedomBox as a wifi router and connecting that up to Plinth for
UI. They identified some FreedomMaker bugs. BoxySean updated the
list on those bugs and we've been following up on closing them.
A team of people (most notably Marcus and Tyrone) from the
FreedomTower project explored
ways the FreedomBox can be added to their mobile internet stations
to provide Free communication services to people connecting to the
net via those stations.
Sean O'Brien familiarized himself with Plinth and intends to
contributing to the router front-end setup effort.
David Garson dropped knowledge on configuration systems and virtual
machines as test beds.
I updated Plinth with a new template
featuring some design work by Robert Martinez (about which I will
say more in a separate update).
I updated Plinth with a new template and chased down some bugs.
Boxysean explored Plinth's bugs as well, albeit involuntarily.
We'll have patches on those shortly.
Port Santiago
There is a problem we have been referring to as the "magic routing
problem". It is the question of how two FreedomBoxes find each other
on the internet and establish communication, even if one or both boxes
are firewalled and neither is findable via DNS. We called it "magic
routing" because we hadn't started to design the routing system and so
we had to assume it happened by magic.
Our solution to this problem is to piggyback on the Tor network.
Hidden services rely on Tor for routing and discoverability. The
system works quite well and the Tor project does excellent work at
maintaining that system and strengthening it against attack.
Nick Daly and Ian Sullivan built a simple server that listens on a
local port and is reachable from the outside world by a Tor hidden
service. It accepts authenticated queries and responds with
information. For example, it can give your IP address to friends you
trust.
To avoid burdening the Tor network and also to avoid the delays
associated with using Tor, Port Santiago will allow two FreedomBoxes
to decide on a faster (though less anonymous) method of communication.
Subsequent communication will happen on that channel.
Right now, we are using Santiago to discover a FreedomBox's IP address
for the creation of encrypted proxy tunnels. This will allow a
FreedomBox to provide uncensored, unmonitored internet access to a
friend who is stuck behind a national or corporate firewall.
Nick did the heavy lifting on this work with help from Ian Sullivan
and in consultation with many of the Hackfest participants. Nick's
documentation and code will be up on github soon.
Neruda
Port Santiago lets FreedomBoxes provide some basic information via a
Tor hidden service, but users need a way to find out the onion
addresses of their friend's services. The most obvious way to do this
is with distributed hash tables (we also considered less obvious
methods that piggyback on existing infrastructure, like bit.ly links).
Issac and I planned out the DHT, how to access it, the data
structures, and API. We are calling this system Neruda.
Neruda will allow users to take a GPG key and look up a user's
Santiago onion address. Issac Wilder is speccing this out and coding
it.
One benefit of reaching Santiago via a Tor onion address is that
FreedomBoxes do not need to update Neruda very often. Even if your IP
address changes, your onion address shouldn't. Updating your Neruda
record is a rare event and it is acceptable to refresh Neruda's tables
relatively infrequently. This might allow us to devote fewer
resources to it.
Key Signing
FreedomBoxes are going to make a lot of use of GPG to authenticate
identity and sometimes to encrypt data as well. To strengthen the web
of trust, we did some key signing and also introduced some
participants to gpg, generated keys and taught key management.
[Less]
|
Posted
about 12 years
ago
FreedomBox Hackfest in NYC on Presidents' Day Weekend
We're having a hackfest and you should join us!
It's in New York on February 18th, 19th and 20th. There are a lot of
places we might make progress. Some easy ideas:
streamline the install
... [More]
process
improve documentation
turn the box into a wireless router
setup monkeysphere for proxies/VPN/tunnels
finalize the privoxy settings
work on building a central communications system around tor hidden services
This will be fun for people of all skills and experience. A day of
pizza, beer and throwing bits against the box will make for great
progress.
If you would like to help (or even if you just want to come by to say
hi), please email
[email protected].
If you have ideas for discrete tasks that might be tackled with a
couple days of cooperation, please do join us.
[Less]
|
Posted
over 12 years
ago
Enhanced Privacy and Security for Web Browsing
One thing many people agree the FreedomBox should do is web filtering
for privacy and ad-removal. Toward that end, the FreedomBox will act
as a web proxy to clean up and protect web traffic.
We have a
... [More]
first draft version of privoxy
up on git. It
upgrades your web traffic to prefer ssl encryption whereever it can.
It also strips tracking software from web pages to give you greater
privacy and anonymity as you surf.
If you are a privoxy user, please do give this package a test run and
report any problems on the
issue tracker.
We are working on upstreaming these changes to the privoxy project,
and in the mean time, you can make a debian package quite easily from
the git repository.
Further work will include writing a script to test all the
https-everywhere rules and discard the ones that are broken. As well
as one to periodically check for new regexes. Anybody who wants to
contribute to writing that is welcome to jump on in!
More details about this part of FreedomBox can be found on
our code page.
[Less]
|
Posted
over 12 years
ago
FreedomBox Wins Ashoka Changemakers Competition
The FreedomBox Foundation has
won the Ashoka Changemakers Competition
in the "Citizen Media" Category! This event was decided by a public
vote, which means it was your help that pushed us over the
... [More]
top.
Thank you to everybody who voted and helped spread the word. This
community continues to work together in amazing ways.
Ashoka will award us $5,000, which we will use to fund further
development of the FreedomBox. One of our goals is raising awareness
of the need for privacy-respecting technology, and participating in
the competition allowed us to present the FreedomBox to a lot of
people who had never heard of it before. On that basis alone, this
competition was worthwhile for the FreedomBox.
Congratulations to all the other winners and finalists. Ashoka
spotlighted many good projects working toward freedom and open access
to communications technology. FreedomBox will surely cross paths with
those projects again.
[Less]
|
Posted
over 12 years
ago
Vote for FreedomBox in Ashoka Changemaker's Competition
The FreedomBox has made it to the final round in Ashoka's Changemakers
competition and now things will come down to a public vote! We
already won the Early Entrant's prize when we first
... [More]
put in our
application. And a strong showing in the voting would put the project
in a strong position for a Fellowship that would fund significant
project work.
Please take a moment to [vote for us](http://www.changemakers.com/citizenmedia?utm_source=contacts-enthus&utm_medium=email-others&utm_content=vote&utm_campaign=citizenmedia)! (Scroll all the way down.)
Signup might be required, though they've assured me they won't spam
you. If you're on Facebook, You can also
[vote via your Facebook account](https://apps.facebook.com/changemakers/citizenmedia),
which is easier, faster and fraught with privacy implications.
And please spread the word. A few moments of help could mean a lot to
moving this project forward.
[Less]
|
Posted
over 12 years
ago
What Is A Distributed Social Network?
J David Eisenberg made an excellent comic introduction to distributed social networks. For anybody who isn't quite sure why the FreedomBox is important, that's a fun and non-technical way to explain it.
|