Freedombone Blog

Your Data. Your Server. Your Place.

FreedomBox at Ten

Or almost ten. Here is another talk by Eben Moglen about the FreedomBox project. For avoidance of confusion Freedombone isn't the same thing as FreedomBox, though it is the same type of project and is in some ways compatible.

Nine years on from the Freedom in The Cloud talk which launched FreedomBox as a concept the project now exists as actually running software and has some developers actively working on it. Events have transpired, but in the intervening time the underlying nature of the problem which FreedomBox seeks to remediate has hardly changed at all. The only additional factor which might be added is the environmental one.

Data center cooling is a huge market that’s expected to be worth about $8 billion by 2023. With power densities increasing rapidly, many companies are investing heavily in new data center cooling technologies to ensure that they’ll be able to harness the computing power of the next generation of processors.

-- Kaylie Gyarmathy

The environmental argument for home servers is something I tried to make a few years ago, but the general opinion was that gigantic liquid-cooled data warehouses owned by Facebook, Google and Amazon had the magical "economies of scale". The tendency was always to believe that people from Google were wizards who could cleverly figure out how to circumvent the basic laws of physics. But given that a home server can run on 10W of electrical power, and potentially off of a solar panel I found this unpersuasive. I didn't have any quantitative estimates then, and still don't now. However, it's likely that a world in which there is one server per household or per street would be more electrically efficient than the current world of billionaire cloud servers.

Another point in Moglen's recent talk is about the problem of promotion. It's one thing to build technology but quite another to get people using it. You might think that this whole approach is wrong-headed and that surely according to classical economics "demand" must precede supply. Technologists merely solve problems for which "the market" wants solutions. But this was never the way that technology worked in reality. Nobody was "demanding" smartphones or spreadsheets before they existed. Nobody consumer demanded that the internet exist in the first place. Instead things were invented often with very different motivations and sometimes they turned out to have other uses and businesses then grew up to support those.

If the last decade was the birth phase I hope that the 2020s will be the time when running your own internet services, individually or in small groups, becomes quite normal. Perhaps something like FreedomBox will be installed onto internet routers by default. Facebook might be re-branded but I expect it will also continue to exist, because billions of users don't switch technologies easily or quickly and the gravity of the network effect is powerful. Agitation and education will need to continue.

The FreedomBox app

There has been an app on F-droid for the FreedomBox system for a while now and I was wondering whether I could do something similar for the Freedombone project. I didn't know anything about how the FreedomBox app worked, so I assumed it was an Android version of the Plinth user interface and was trying to figure out how the connection between the box and the app worked.

But it later turned out that wasn't what the FreedomBox app was doing at all. It's not a userops app but instead is more of a helper app to make it easy to install and run the client apps needed to work with the box. This is the type of thing which you might tell other members of your household/apartment/dorm/hackspace/commune to install so that they can use the services of the local server. It will guide them to the relevant sections of F-droid or the Play store, or open the relevant apps or web pages.

It was suggested that provided Freedombone can talk the right json protocol then the FreedomBox app would also work with it. This would avoid needing to re-invent the wheel. Communication between the box and the app is one way only, so there aren't any security implications and no credentials or other private information is involved. The most an adversary on your local network could learn is what systems are available on your server.

Some amount of wrangling later I got it working. An additional patch to the app was needed so that web pages for particular Freedombone apps, typically installed onto subdomains, can be opened from the FreedomBox app and that has since been merged upstream.

This makes Freedombone a little more consumer friendly, but the main administration remains only via ssh and so unlike FreedomBox this isn't really a consumer grade system yet. Anyone who has used a Raspberry Pi without a screen should be able to use Freedombone though. I'm not yet decided on whether to go all the way and try to do something equivalent to Plinth. It might be a lot of work, and I'm really not much of a front end developer. If I can find a low maintenance and minimalistic interface which can also be secured then I might give it a go, but I don't want to get distracted into maintaining a giant django app or anything comparable.

The Stallman Directive

In an episode of Linux Unplugged they talk about Richard Stallman's proposed solutions to the problem of companies spying on people and then using the data in dubious ways. After a lot of meandering the actual discussion is about an hour into the show.

So what's the solution to this? Cambridge Analytica isn't the first company to use data in sketchy ways and it won't be the last. I also don't really agree with Stallman that legislation is the answer, since here in the UK the data protection act has existed for decades and even though there are many violations of it it's largely ignored.

For example, the data protection act says that data collected about people is supposed to be used by the "data controller" for a specified purpose, not for purposes different from the one for which the data was originally supplied, and also that people should be able to obtain copies of their data without unreasonable delay. When you think of the world of advertising companies and data brokers and so on it's easy to see that these basic rules are being broken routinely. Data supplied for one reason ends up being used for entirely other purposes. Maybe somewhere in the terms of service there are buried descriptions of what happens to personal data, but realisticly nobody except lawyers reads those documents and the problem boils down to what constitutes meaningful education and consent.

Things that have been tried and which we know don't work are:

  • Legislation similar to the data protection act. It very rarely or never gets enforced.
  • Simplified terms of service documents with fancy coloured icons. Still nobody reads them. In an era of technology monopolies often users don't have a realistic choice about whether to sign up for a service or not.
  • Naming and shaming companies when they abuse personal data. They just carry on doing the same anyway.
  • Browser plugins which do client side encryption. Have existed for a long time but since they're not installed by default practically nobody uses them.

In the Linux Unplugged episode FreedomBox is mentioned as a possible solution to the data ownership and privacy problem. I like this idea, but I think there's also another possibility which is non-corporate community management of systems - especially social networks. That is, the kind of federated model which exists already on the Open Web. To some extent the work involved with storing and managing communications data can be collectivised within an affinity group so that each user of the system doesn't have to take on the whole responsibility by themselves.

A couple of years ago it would have been easy to dismiss the federated model as something old-fashioned, perhaps resembling the bulletin board era before the internet, but now there are thousands of Mastodon installs and what appears to be very active communities around them who are not just the previous demographic of hardcore Stallmanites. What exists today is a pretty substantial proof of concept for an exit strategy from the current data dilemmas. It's not that today's fediverse is ultra private - far from it - but it's conceivable that better privacy features could be added.

What I think organisations such as FSF, EFF and ORG need to be doing is getting behind projects like FreedomBox and promoting them and showing people how to install and maintain them. If data is increasingly managed in a non-corporate way and perhaps also at a more municipal level then at least when it comes to devising legislation the pro-privacy side of things will be in a much stronger bargaining position.