FreedomBox

FreedomBox version 0.2 For those of you who have not heard through the mailing list or in the project's IRC channel (#freedombox on http://www.oftc.net/), FreedomBox has reached the 0.2 release. This second release is still intended for developers ... [More] but represents a significant maturation of the components we have discussed here in the past and a big step forward for the project as a whole. 0.2 features Plinth, our user interface tool, is now connected to a number of running systems on the box including PageKite, an XMPP chat server, local network administration if you want to use the FreedomBox as a home router, and some diagnostic and general system configuration tools. Plinth also has support for downloading and installing ownCloud. Additionally, the 0.2 release installs Tor and configures it as a bridge. This default configuration does not actually send any of your traffic through Tor or allow those sending traffic over Tor to enter the public net using your connection. Acting as a bridge simply moves data around within the Tor network, much like adding an additional participant to a game of telephone. The more bridges there are in the Tor network, the harder it is to track where that traffic actually comes from. Availability and reach As discussed previously, one of the ways we are working to improve privacy and security for computer users is by making the tools we include in FreedomBox available outside of particular FreedomBox images or hardware. We are working towards that goal by adding the software we use to the Debian community Linux distribution upon which the FreedomBox is built. I am happy to say that Plinth, PageKite, ownCloud, as well as our internal box configuration tool freedombox-setup are now all available in the Jessie version of Debian. In addition to expanding the list of tools available in Debian we have also expanded the range of Freedom-maker, the tool that builds full images of FreedomBox to deploy directly onto machines like our initial hardware target the DreamPlug. Freedom-maker can now build images for DreamPlug, the VirtualBox blend of virtual machines, and the RaspberryPi. Now developers can test and contribute to FreedomBox using anything from a virtual machine to one of the more than two million RaspberryPis out there in the world. The future Work has really been speeding up on the FreedomBox in 2014 and significant work has been done on new cryptographic security tools for a 0.3 release. As always, the best places to find out more are the wiki, the mailing list and the IRC channel. [Less]

I am pleased to announce our first FreedomBox software release. The FreedomBox 0.1 image is available here (.torrent) (sha512sum: ... [More] 867f5bf462102daef82a34165017b9e67ed8e09116fe46edd67730541bbfb731083850ab5e28ee40bdbc5054cb64e4d0e46a201797f27e0b8f0d2881ef083b40). This 0.1 version is primarily a developer release, which means that it focuses on architecture and infrastructure rather than finish work. The exception to this is privoxy-freedombox, the web proxy discussed in previous updates, which people can begin using right now to make their web browsing more secure and private and which will very soon be available on non-FreedomBox systems. More information on that tool at the end of this post. What have we accomplished? This first release completes a number of important milestones for the project. Full hardware support in Debian A big part of the vision for the FreedomBox project revolves around the "Boxs", tiny plug servers that are capable of running full size computing loads cheaply and with little use of electricity. In many respects these are wireless routers given the brains of a smart phone. If you want to change the software on a router or smart phone today you normally need to worry about bootloader images, custom roms, and a whole collection of specialized build and install tools. We wanted to the FreedomBox to move beyond this fragmented environment and, with the help of some embedded device experts, we have managed to make our development hardware into a fully supported Debian platform. That means that anyone with a device can install Debian on it just like a laptop or desktop computer. This support is very important for ensuring that the work we do on the FreedomBox is as portable and reusable as possible. Basic software tools selected There is a lot of great free software out there to choose from and we put a lot of thought into which elements would be included in our basic tool kit. This includes the user interface system "plinth" that I outlined in a recent kickstarter update as well as basic cryptography tools like gpg and a one named "monkeysphere" that leverages gpg as an authentication tool. All of these are now bundled together and installed on the release image. This common working environment will simplify development going forward. Box-to-box communication design Some goals of the FreedomBox can be accomplished with one user and one FreedomBox but many, like helping someone route around repressive government firewalls, will require groups of people and groups of boxes working together. One of our greatest architectural challenges has been finding a way for boxes to communicate securely without so slowing down or breaking network access as to make the system unpleasant to use. We have now outlined and built the first version of our proposed solution: Freedom-buddy. Freedom-buddy uses the world class TOR network so that boxes can find each other regardless of location or restrictive firewall and then allows the boxes to negotiate secure direct connections to each other for actually sending large or time sensitive data. We believe this blended approach will be most effective at improving the security and usability of personal-server communications and all the services we plan to build into those servers. Web cleaning Our first service, a piece of software you can use today to start making your web browsing more secure and private, is called "privoxy-freedombox". This software combines the functionality of the Adblock Plus ad blocker, the Easy Privacy filtering list, and the (HTTPS Everywhere](https://www.eff.org/https-everywhere) website redirection plugin into a single piece of software to run on your FreedomBox. Combining these different plugins into software for your FreedomBox means that you can use them with almost any browser or mobile device using a standard web proxy connection. Because of our focus on building the FreedomBox as part of Debian this software will soon be available to anyone running a Debian system regardless of whether you are using our target DreamPlug hardware, a laptop, or a large rack server somewhere. As you read this packages should already be available in the Raspbian repositories, which is the optimized version of Debian used on the Raspberry Pi hardware. Hopefully we will get that onto the main Debian mirrors over the next month; if you are interested in building it for yourself in the meantime, the source is available from gitorious. As we build additional components for the FreedomBox we will continue to work on making them widely available. What is next? As you may have seen, our Project Lead, Bdale Garbee, is about to begin a well earned early retirement from his long time role as Open Source & Linux Chief Technologist at Hewlett-Packard. Over the coming month Bdale and the rest of the Foundation team will be putting together plans for the next stage of FreedomBox development and the road to a 1.0 release. News and updates will follow at freedomboxfoundation.org (rss). [Less]

Wow. Thanks to everybody who showed up in New York to hack on the FreedomBox and other projects. This event was a bit of an experiment. Instead of doing a FreedomBox Hackfest, we opened the event to other projects that share our goals of private ... [More] , free communication. We were lucky enough to get developers who work on Guardian, Access, Tor, CryptoCat, Commotion Wireless, EFF, TrackMeNot and other initiatives. The resulting cross-pollination of skills and ideas pushed all of these projects forward with speed and focus! While all the projects hit impressive milestones this week, it was FreedomBox that had the most activity. Here's what we did: Boruch Baum, Daniel Howe and James Vasile worked on validating the regexes in freedombox-privoxy. That package is much closer to stable now. Boruch and Daniel did the heavy lifting. They took a problem that had, frankly, stymied us, and put in the attention and research to get it moving again. Ariel and James brainstormed the user experience on first boot. Ariel made a series of slides detailing requirements in this area, which means we now have a roadmap for first boot. Bryan Newbold hacked a configuration management solution into Plinth so now the front end can talk to the system. He and James are making a demo module for documentation. Nick Daly added a command-line interface to FreedomBuddy. This interface can be used to query the FreedomBuddy service, and will be pushed to the public repository by the end of the week, with the next weekly image. The interface currently depends on the HTTP(S) interface, which is a limitation that will soon be removed. Nick and Simo Sorce began implementing a self-configuring OpenVPN system using the FreedomBuddy's command-line interface. That will also be available by the end of the week. Nick internationalized the FreedomBox UI with help from several other folks. Work will be completed in the next few weeks to support Python's standard approach to internationalization, GetText. Pablo Arcuri started internationalizing FreedomBuddy to include a Spanish translation. It may soon also have a Farsi translation. Nick and Nadim Kobeissi considered, and ultimately rejected, including CryptoCat on the default FreedomBox image, because of its reliance on PHP. Nadim is building a CryptoCat 2.0 that will be based on XMPP. When that is ready, we'll integrate it as FreedomBox's secure chat solution. James explored browser fingerprint munging in freedombox-privoxy using advice from Eva Galperin. He concluded that this is a task better left to a browser plugin and might start speccing that plugin. James discussed thread modeling methodologies with Matt Hollingsworth and started nudging FreedomBuddy toward a more defined and explicit threat model. This hackfest was an unqualified success. Big thanks to our partners, ISC (especially Ray Short), OpenITP and ISOC-NY for pooling resources to pull it off! Thanks also to Elizabeth Boylan, who managed logistics and never once complained about our disorganization. Ian Sullivan worked his usual behind-the-scenes magic. Dragana Kaurin organized the people and the reporting and stipends. And Willie Theaker provided key support in arranging for people, food and supplies to always be in the right place at the right time. [Less]

FreedomBox, OpenITP, InformSec and ISOC-NY have partnered up to host a circumvention tools hackfest in NYC right before HOPE. We've got four days to plan, code and learn! If you want to hack on anti-censorship or anti-surveillance tools, bring your ... [More] project, bring your skills and bring your friends. This event will be focused on writing code and solving design problems. We won't have any long presentations (there will be enough of those at HOPE), though we will have lightning talks and will give away a door prize or two. Where: Columbia Law School, Jerome Greene Hall, 116th and Amsterdam When: July 9 - 12, 10 am Who: Privacy and free communication hackers like you Please RSVP to kaurin at openitp.org and tell us what you plan to work on, what kind of projects and people you hope to meet, and which days you will join us. Feel free to repost this invite or to link to it. Some modest travel stipends are available for amazing projects. Email James Vasile (james at openitp.org) about those. Some projects we know will attend: Commotion Wireless, Cryptocat, Guardian Project, the Lantern Project, and Access. If you are looking for lodging, take a look at this list of nearby hotels. If you want a hostel, there's one on 103rd and Amsterdam. Big thanks to our partners, all of whom are contributing crucial support and resources. [Less]

Hackfest Report The FreedomBox Hackfest at Columbia University was a huge success. We hosted 25 people of diverse talents and interests. Some folks came to learn, acquire DreamPlugs and do a guided install of Bdale Garbee's FreedomMaker. Others ... [More] took up parts of the (task list)[http://freedomboxfoundations.org]. We learned a lot about the boxes, ideas for routing, data modeling, and security concerns. Lots of people pitched in on the tasks list, and descriptions of that work are below. Most importantly, we had a lot of fun meeting each other and collaborating. If you are interested in any of it, please ask about it on the discussion list, especially if you want to help! Huge thanks to everybody that participated. Many people came by just to learn about the FreedomBox, talk about their use cases and offer encouragement. That activity is very helpful, and we appreciated the fresh perspective. We intend to do more hackfests, perhaps in more cities in the near future. This weekend was a great success in progress, bug squashing, design, and first-draft implementation of key FreedomBox infrastructure. Thanks again to everybody and especially to Columbia University, Elizabeth Boylan, and ISOC-NY for logistical and material support. Progress and Activities Nick Daly, Issac Wilder, Ian Sullivan and I fleshed out my earlier, nascent Port Santiago work (more about that below) and implemented some basic FreedomBox discovery and connection functionality. Nick and Issac also sketched out a DHT scheme (codenamed Neruda) for finding boxes. Nick and Issac each did presentations on the routing issue. Joly Macfie from ISOC-NY took video of those presentations and will get them online this week. Nick and Ian iterated hard on paired boxes (a dedicated, hard-coded, factory-set proxy server and client connection) as a way to roll out freedom to small numbers of people stuck behind national firewalls. We now have paired boxes that locate each other on the network and proxy for each other! Barbara Mack came to us with expertise in data model-ling, and she spent her time doing deep thinking on the person model and how it connects to the rest of the FreedomBox. BoxySean installed FreedomBox on a GuruPlug and updated the Wiki with details on how to do that more easily. There are a lot of GuruPlugs out there, and his work is a big help. BoxySean and Brian Newbold started work on configuring the FreedomBox as a wifi router and connecting that up to Plinth for UI. They identified some FreedomMaker bugs. BoxySean updated the list on those bugs and we've been following up on closing them. A team of people (most notably Marcus and Tyrone) from the FreedomTower project explored ways the FreedomBox can be added to their mobile internet stations to provide Free communication services to people connecting to the net via those stations. Sean O'Brien familiarized himself with Plinth and intends to contributing to the router front-end setup effort. David Garson dropped knowledge on configuration systems and virtual machines as test beds. I updated Plinth with a new template featuring some design work by Robert Martinez (about which I will say more in a separate update). I updated Plinth with a new template and chased down some bugs. Boxysean explored Plinth's bugs as well, albeit involuntarily. We'll have patches on those shortly. Port Santiago There is a problem we have been referring to as the "magic routing problem". It is the question of how two FreedomBoxes find each other on the internet and establish communication, even if one or both boxes are firewalled and neither is findable via DNS. We called it "magic routing" because we hadn't started to design the routing system and so we had to assume it happened by magic. Our solution to this problem is to piggyback on the Tor network. Hidden services rely on Tor for routing and discoverability. The system works quite well and the Tor project does excellent work at maintaining that system and strengthening it against attack. Nick Daly and Ian Sullivan built a simple server that listens on a local port and is reachable from the outside world by a Tor hidden service. It accepts authenticated queries and responds with information. For example, it can give your IP address to friends you trust. To avoid burdening the Tor network and also to avoid the delays associated with using Tor, Port Santiago will allow two FreedomBoxes to decide on a faster (though less anonymous) method of communication. Subsequent communication will happen on that channel. Right now, we are using Santiago to discover a FreedomBox's IP address for the creation of encrypted proxy tunnels. This will allow a FreedomBox to provide uncensored, unmonitored internet access to a friend who is stuck behind a national or corporate firewall. Nick did the heavy lifting on this work with help from Ian Sullivan and in consultation with many of the Hackfest participants. Nick's documentation and code will be up on github soon. Neruda Port Santiago lets FreedomBoxes provide some basic information via a Tor hidden service, but users need a way to find out the onion addresses of their friend's services. The most obvious way to do this is with distributed hash tables (we also considered less obvious methods that piggyback on existing infrastructure, like bit.ly links). Issac and I planned out the DHT, how to access it, the data structures, and API. We are calling this system Neruda. Neruda will allow users to take a GPG key and look up a user's Santiago onion address. Issac Wilder is speccing this out and coding it. One benefit of reaching Santiago via a Tor onion address is that FreedomBoxes do not need to update Neruda very often. Even if your IP address changes, your onion address shouldn't. Updating your Neruda record is a rare event and it is acceptable to refresh Neruda's tables relatively infrequently. This might allow us to devote fewer resources to it. Key Signing FreedomBoxes are going to make a lot of use of GPG to authenticate identity and sometimes to encrypt data as well. To strengthen the web of trust, we did some key signing and also introduced some participants to gpg, generated keys and taught key management. [Less]

FreedomBox Hackfest in NYC on Presidents' Day Weekend We're having a hackfest and you should join us! It's in New York on February 18th, 19th and 20th. There are a lot of places we might make progress. Some easy ideas: streamline the install ... [More] process improve documentation turn the box into a wireless router setup monkeysphere for proxies/VPN/tunnels finalize the privoxy settings work on building a central communications system around tor hidden services This will be fun for people of all skills and experience. A day of pizza, beer and throwing bits against the box will make for great progress. If you would like to help (or even if you just want to come by to say hi), please email [email protected]. If you have ideas for discrete tasks that might be tackled with a couple days of cooperation, please do join us. [Less]

Enhanced Privacy and Security for Web Browsing One thing many people agree the FreedomBox should do is web filtering for privacy and ad-removal. Toward that end, the FreedomBox will act as a web proxy to clean up and protect web traffic. We have a ... [More] first draft version of privoxy up on git. It upgrades your web traffic to prefer ssl encryption whereever it can. It also strips tracking software from web pages to give you greater privacy and anonymity as you surf. If you are a privoxy user, please do give this package a test run and report any problems on the issue tracker. We are working on upstreaming these changes to the privoxy project, and in the mean time, you can make a debian package quite easily from the git repository. Further work will include writing a script to test all the https-everywhere rules and discard the ones that are broken. As well as one to periodically check for new regexes. Anybody who wants to contribute to writing that is welcome to jump on in! More details about this part of FreedomBox can be found on our code page. [Less]

FreedomBox Wins Ashoka Changemakers Competition The FreedomBox Foundation has won the Ashoka Changemakers Competition in the "Citizen Media" Category! This event was decided by a public vote, which means it was your help that pushed us over the ... [More] top. Thank you to everybody who voted and helped spread the word. This community continues to work together in amazing ways. Ashoka will award us $5,000, which we will use to fund further development of the FreedomBox. One of our goals is raising awareness of the need for privacy-respecting technology, and participating in the competition allowed us to present the FreedomBox to a lot of people who had never heard of it before. On that basis alone, this competition was worthwhile for the FreedomBox. Congratulations to all the other winners and finalists. Ashoka spotlighted many good projects working toward freedom and open access to communications technology. FreedomBox will surely cross paths with those projects again. [Less]

Vote for FreedomBox in Ashoka Changemaker's Competition The FreedomBox has made it to the final round in Ashoka's Changemakers competition and now things will come down to a public vote! We already won the Early Entrant's prize when we first ... [More] put in our application. And a strong showing in the voting would put the project in a strong position for a Fellowship that would fund significant project work. Please take a moment to [vote for us](http://www.changemakers.com/citizenmedia?utm_source=contacts-enthus&utm_medium=email-others&utm_content=vote&utm_campaign=citizenmedia)! (Scroll all the way down.) Signup might be required, though they've assured me they won't spam you. If you're on Facebook, You can also [vote via your Facebook account](https://apps.facebook.com/changemakers/citizenmedia), which is easier, faster and fraught with privacy implications. And please spread the word. A few moments of help could mean a lot to moving this project forward. [Less]

What Is A Distributed Social Network? J David Eisenberg made an excellent comic introduction to distributed social networks. For anybody who isn't quite sure why the FreedomBox is important, that's a fun and non-technical way to explain it.