Freedombone Blog

Freedom in the Cloud

Mitigating Google Tracking

Epicyon now replaces YouTube links with invidio.us automatically. This doesn't eliminate Google's tracking, but reduces the amount of it such that by watching a video you're sending less data about yourself to Google. invidio.us is just an alternative free software interface to YouTube.

The history of these sorts of workarounds is that eventually the company finds some way to block the alternative interface, but for now at least this is a kind of practical harm reduction. The less data the surveillance companies get, the better.

Tempgraph yearly update

At the beginning of each new year I update the tempgraph data set to get the full data for the previous year. The overall picture of climate change is grim. For a while it was looking like the rate of temperature increase was slowing, but now it's evident that's not the case.

Global temperature anomalies 1960-2019

The slowing of the rate of increase correlates with the beginning of The Great Recession in 2008, then after about 2015 temperatures rise again. In the last 40 years average temperatures have risen by over one degree. If nothing changes then we can expect to be past two degrees by 2060 and at that point it's probably game over for human civilization as we know it. If there are positive feedback effects it could happen sooner. Two degrees might not sound like much, but these are averages and in a system as big as the planet it takes gigantic forces to move the average up or down.

Epicyon and Spam Mitigation

I notice that the Pleroma project (another ActivityPub server) has been having trouble with spam, and there have also been earlier spam problems with Mastodon instances. They've mitigated it by having a captcha by default. Personally, I don't like captchas. I don't like them mainly because I can't solve them (the ones with heavily distorted text). As far as captcha systems are concerned I am a robot. Beep boop.

So how does Epicyon deal with spam?

In its design ActivityPub is quite similar to email, and that means it can potentially suffer from similar problems. There are a few ways that fediverse instances in the last couple of years have dealt with this.

The main one is http signatures. Without getting into the details of http signatures as a cryptographic mechanism this basically gives a reasonable assurance about which account a post is coming from when it gets delivered. But that on its own isn't enough. An adversary can potentially generate arbitrary numbers of separate accounts at electronic speeds.

An additional mitigation commonly used has been registration limits. On a public instance you might open new registrations for a limited time or for a limited number of new accounts and then close it again and allow time for the newcomers to settle. The settling time tends to avoid admins becoming overwhelmed by newbie questions, trolls or spam floods. This seems to have worked quite well, and Epicyon also has this available. You can set registrations to be open and then also specify the maximum number of new registrations. By default new registrations are allowed and the maximum is set to 10. In a Freedombone installation with the Epicyon app installed new registrations are closed and only created via a command in the background when new members are added from the admin screen.

Epicyon also has quotas, with a maximum limit on the number of posts which can be received from an account or a domain per day. So if there's a rogue instance sending out a lot of spam or if one of your friends accounts gets hijacked then the maximum rate at which posts can arrive is contained.

Then there is the infamous DDoS scenario. Suppose that there are a million bad instances out there on different domains and they all send one spam per day. In this case it's down to the firewall, and Freedombone only allows a limited number of simultaneous connections on the https port.

Epicyon also does things in a way which makes life difficult for spammers. As a general rule you only see posts from people that you're following. There is no public or federated timeline. And there is no relaying of posts going on either. To a large extent what you see is what you get, with no additional stuff from random accounts you're not interested in. So unless you are following a spam account they may have difficulty getting into your timeline. An extra feature which is off by default but which can be turned on if you need it is to only receive DMs from people that you are following.

It should also be said that Epicyon isn't designed to run large public instances with thousands of accounts. It's intended to support about ten accounts at the upper limit, for self-hosting or small groups. At large scale Epicyon would probably perform poorly, and this is another reason why it would be unattractive for use by spammers. A Small Tech approach has advantages which would otherwise become headaches for projects fixated upon scaleability.

Epicyon Scheduled Posts

In Epicyon you can now schedule posts to be delivered at some time in the future. This can be useful for creating reminders to yourself to do things (eg. don't forget the milk) by posting a DM to yourself in the future. It could be used to promote an event by scheduling information posts leading up to it. Or it could also be used to handle time zone issues where you'd like a post to be seen but the expected recipients may not be awake if you post it right now.

With this type of feature there is the potential for spam, so the number of posts which can be scheduled at any point in time is quite small. Also spammers would have much easier methods for generating and sending a lot of posts, and the signature checking tends to mitigate against the kinds of spamming which happens with email.

Freedombone on Rock64

There is now a Freedombone image for the Rock64 single board computer. They're fairly cheap and sufficiently powerful that I've been using one of these as a desktop machine for the last year without any major problems. The Rock64 has an A53 processor which doesn't do speculative execution and so is not vulnerable to an entire category of possible security problems.

There are two images available here. freedombone-main-rock64-arm64.img.xz is the clearnet version and freedombone-onion-rock64-arm64.img.xz is the onion version. It's recommended that you install to an SSD and then connect it to the USB3 port with a USB3 to SATA adapter cable. You will also need to install this boot utility which changes the boot order so that the Rock64 can boot from USB.

If you want to run a Matrix homeserver or NextCloud on one of these it's recommended to use the 2GB or 4GB RAM version.

Copyleft Adoption

I've been publishing software on the internet for a long time. Most of it wasn't very exciting, nor especially useful. Why did I choose the GPL license from about 1999 onwards? The reasons were not very complicated.

Prior to 1999 I just uploaded code to a website without any licenses. It was mainly small demos for technologies which are now thoroughly obsolete. Then at some point in 1999, or maybe 2000, someone emailed saying something like: I see you are publishing source code. Unless you add a license with a warranty disclaimer someone might try to sue you. Also without a license this isn't public, it's all rights reserved. I wasn't very interested in legal stuff and so I did a bit of reading and found that GPL best matched what I was doing. My thinking was that if I'm putting software out there with the intention of it being public then I'd rather that it remained public and not have any proprietary forks. That way if there are improvements I can incorporate them back into the original. The sharealike nature of GPL fitted that goal.

There are other reasons to use copyleft licenses, but this is still mostly my reasoning about it now. Other kinds of licenses seem to have more down sides to them if the goal is a global public software commons.