Freedombone Blog

Freedom in the Cloud

Epicyon and Spam Mitigation

I notice that the Pleroma project (another ActivityPub server) has been having trouble with spam, and there have also been earlier spam problems with Mastodon instances. They've mitigated it by having a captcha by default. Personally, I don't like captchas. I don't like them mainly because I can't solve them (the ones with heavily distorted text). As far as captcha systems are concerned I am a robot. Beep boop.

So how does Epicyon deal with spam?

In its design ActivityPub is quite similar to email, and that means it can potentially suffer from similar problems. There are a few ways that fediverse instances in the last couple of years have dealt with this.

The main one is http signatures. Without getting into the details of http signatures as a cryptographic mechanism this basically gives a reasonable assurance about which account a post is coming from when it gets delivered. But that on its own isn't enough. An adversary can potentially generate arbitrary numbers of separate accounts at electronic speeds.

An additional mitigation commonly used has been registration limits. On a public instance you might open new registrations for a limited time or for a limited number of new accounts and then close it again and allow time for the newcomers to settle. The settling time tends to avoid admins becoming overwhelmed by newbie questions, trolls or spam floods. This seems to have worked quite well, and Epicyon also has this available. You can set registrations to be open and then also specify the maximum number of new registrations. By default new registrations are allowed and the maximum is set to 10. In a Freedombone installation with the Epicyon app installed new registrations are closed and only created via a command in the background when new members are added from the admin screen.

Epicyon also has quotas, with a maximum limit on the number of posts which can be received from an account or a domain per day. So if there's a rogue instance sending out a lot of spam or if one of your friends accounts gets hijacked then the maximum rate at which posts can arrive is contained.

Then there is the infamous DDoS scenario. Suppose that there are a million bad instances out there on different domains and they all send one spam per day. In this case it's down to the firewall, and Freedombone only allows a limited number of simultaneous connections on the https port.

Epicyon also does things in a way which makes life difficult for spammers. As a general rule you only see posts from people that you're following. There is no public or federated timeline. And there is no relaying of posts going on either. To a large extent what you see is what you get, with no additional stuff from random accounts you're not interested in. So unless you are following a spam account they may have difficulty getting into your timeline. An extra feature which is off by default but which can be turned on if you need it is to only receive DMs from people that you are following.

It should also be said that Epicyon isn't designed to run large public instances with thousands of accounts. It's intended to support about ten accounts at the upper limit, for self-hosting or small groups. At large scale Epicyon would probably perform poorly, and this is another reason why it would be unattractive for use by spammers. A Small Tech approach has advantages which would otherwise become headaches for projects fixated upon scaleability.

Freedombone on Rock64

There is now a Freedombone image for the Rock64 single board computer. They're fairly cheap and sufficiently powerful that I've been using one of these as a desktop machine for the last year without any major problems. The Rock64 has an A53 processor which doesn't do speculative execution and so is not vulnerable to an entire category of possible security problems.

There are two images available here. freedombone-main-rock64-arm64.img.xz is the clearnet version and freedombone-onion-rock64-arm64.img.xz is the onion version. It's recommended that you install to an SSD and then connect it to the USB3 port with a USB3 to SATA adapter cable. You will also need to install this boot utility which changes the boot order so that the Rock64 can boot from USB.

If you want to run a Matrix homeserver or NextCloud on one of these it's recommended to use the 2GB or 4GB RAM version.

Freedombone at 36C3

At the recent 36C3 congress there was a talk about the Freedombone project for the first time. It's in German and there aren't any English translations but since I've given a similar talk in Manchester earlier in 2019 I know roughly what's being described. The slides for the English version of the talk can be downloaded here.

Freedombone has been going for quite a while now, but having someone other than myself doing a talk about it at a CCC event where there are likely to be people who are interested is some kind of significant milestone for the project.

Every year I review what projects I'm working on and try to assess whether they're still relevant and worth continuing with. Technology moves quickly and what may be highly relevant one year may be technically and/or socially obsolete the next. But in the case of self-hosting projects - of which Freedombone is one - this still seems more relevant to the current time and the likely near future than at any point in the past. If anything, the problems which Freedombone tries to overcome are only becoming more acute and more conspicuous to the average internet user.

XMPP simplification

The XMPP app on Freedombone has been improved a little by going to a single configuration file and also using the Debian package. Previously it was using a very hacky nightly version of Prosody, and the reasons for that are historical and no longer apply.

For most of the time that the Freedombone project has been going XMPP was being renovated and having all of the features which you would expect from a modern chat app added. Things like end-to-end security, working avatars and client state indication. So if you wanted to run Conversations on Android and have all of the server tests pass you needed to be compiling a recent version of Prosody from source. Debian moves at a glacial pace, but now the Debian packaged version is good enough.

The previous XMPP notifications system has also been replaced with sendxmpp, and this reduces the amount of maintenance needed.

XMPP may be old but it's still one of the most practical IM systems. An XMPP server can run even on the most minimal single board computer - unlike certain other chat systems that could be mentioned - and also supports the use of onion addresses. Many people are unaware that WhatsApp is really just an XMPP server with a proprietary client app and federation turned off.

Minimum cost self-hosting

A Freedombone image is now available for the Orange Pi Zero, which is one of the lowest cost ARM boards at around $10-15. If you include a power supply, a small microSD card (8 or 16GB would be ok) and an ethernet cable then the total cost of ownership is in the $20-30 range.

Orange Pi Zero board

The board conspicuously includes wifi, but in this disk image wifi isn't enabled or used. Onboard wifi typically requires proprietary drivers, which is out of scope of the project. The current Debian device tree for this board doesn't appear to work and so I've based it on Armbian instead.

There are some review videos on YouTube for this board which indicate overheating problems, but in tests I havn't encountered any issues like that. Similar to the Beaglebone Black, it hardly gets warm although in this case the CPU is significantly more powerful than the single core Beaglebone. This might have been a power management device tree problem, but just in case it wasn't it would be a good idea to ensure that the CPU isn't directly in contact with anything which could be flammable or melt (like 3D printer plastic).

A limitation is that this board only has 512MB of RAM. That means that some apps, like Matrix, won't be installable. But there are still many other apps which don't need much memory. You could still run XMPP and ActivityPub servers and maybe a blog.

Creating an Armbian image required adding another command to Freedombone, called freedombone-distro. So if you have an image set up and working and want to then make it redistributable you can run this command and the disk can then be safely cloned to as many other boards as you want. The new command adds a file which causes a factory reset to happen on the first boot. So each new install will get unique passwords and keys.

Once you've cloned the image to a microSD card then the setup time on the Orange Pi Zero is about 15 minutes. This board also doesn't need much electrical power and so potentially under favorable conditions could be solar powered. It's small physical size also makes it a possible "roaming server" that you could carry around.

Freedombone 2020

For the last six months I've mainly been working on getting Epicyon into a workable condition and now it's quite usable. In 2020 I expect to shift back to Freedombone

More testing with different single board computers

A particular aim is to try to get the Rock64 image working and to also be able to run on an Orange Pi zero, which has a cost of about $10-15 for the original H2 model. The Orange Pi Zero only has 512MB RAM, but that would be enough to run an XMPP server, blog, probably Epicyon and maybe photo album. It could be a low cost entry level way for people to try running their own server in a smol package. Maybe paint the case in exotic colours, etc.

Self-healing

One thing which is very unglamorous but probably worth doing is to go through the 120+ STIG tests and for each try to make a best effort attempt to automatically fix security problems if they are detected. The thinking behind this is that it's not reasonable to expect a userop to be able to understand what these technical tests mean or what to do if one fails. To be practical the system has to be as self-healing as possible.

App review

Also as usual review the list of apps and decide if any should be removed or if there are new web apps worth adding. PeerTube is currently in limbo since I noticed it using large amounts of CPU and so I'm wondering if there could be a simpler way of providing equivalent functionality, perhaps via Epicyon or a similar ActivityPub server. Maintaining large nodejs apps is definitely one of the most challenging tasks, because that development ecosystem is constantly shifting and there can often be many dependencies. Developers also often don't consider maintainability as a desirable attribute when writing new systems.

If you have any suggestions for Free Software AGPL-compatible apps which would make sense in a home server context then feel free to contact me.

Keep promoting self-hosting

It's not something that I'm very good at, but posting things about the project in places where there are a lot of eyeballs - especially people who might be interested in having more autonomy/freedom from the current tech industry dystopia.

Continuing with education and agitation. Often people don't realize that there is any alternative to sites like Twitter or chat apps like WhatsApp. It was only quite recently that I found out that WhatsApp is really just a single server proprietary implementation of XMPP, so it's good to point that out if people think that XMPP is too old and outdated.

In the Venn diagram there's definitely overlap between Free Software, Free Hardware, recyclers, people living off the grid, people who are just general techies but who are concerned about the direction things are going and also people involved in various kinds of liberation struggles who want more control over their communications.