offkey

First post in this series: Freedom Box

So you want to take control of your own online life. Where to begin? Our first step is the razzle dazzle of the social networking tools: the ability to find your friends.

Social networking tools are made up of mostly unremarkable parts like email, IM, and photo sharing, etc. The selling point is not that Facebook offers better email than Google, or better status updates than Twitter, few think they do. What motivates people to join a social network is the promise of getting in touch with friends who are otherwise hard to contact. Of course, the more people join believing they can find each other, the more people there are in the system and the better we actually are able to find each other. There is no magic to it; it is just a centralized directory fueled by the network effect. They require all your personal information, but the service does not need that to function. In fact, if the phone book had 400 million users and some pictures, it would work just as well. Which is great, because we can build that out of existing parts.

The Internet as Directory

The internet is build on a central directory called the Domain Name System or (DNS). DNS is what directs us from the memorable addresses we type, domain names like “churchkey.org”, to the actual IP address of the computers with information we want, like this blog. If the address of the machine behind a domain name changes, a simple DNS update points the old name at the new address and web traffic keeps moving without anyone noticing. If the machine you’re keeping your stuff on moves frequently, perhaps it is a laptop or on a cable internet connection where the IP address can change unexpectedly, you keep a little script called dynamic dns running on it that updates the directions automatically as you move. These tools enable us to find our stuff anywhere on the internet but they are built for finding machines, not people, so we need to extend them a little.

Making the Directory People-aware

A server running our new extension would be called something like a “friend finding service” or perhaps “FrienDNS”. People could create accounts with this FrienDNS server just as they do with dynamic dns servers, picking a user name and putting in directions on where to find the machine with their stuff, but this time they give the server a little more information about themselves as people. Not too much information, this is a centralized service after all, but just enough for people to recognize each other in a search and ask to “friend” or otherwise connect. Maybe that’s just a name, picture, and where you’re from; the kind of things you found in old college facebooks before the term got trademarked. Maybe you give more information than that to the business community FrienDNS service or to the dating one. You decide in each context how much information to give other people before agreeing to connect with them.

Managing “Friend” Requests

Once someone finds you and wants to connect, the FrienDNS service gets directions to your machine from the dynamic dns service underneath and sends the request over to you for approval, just like we expect social networks to do. In addition, I’m going to say we should have the friend finding service keep a unique token from us, some little bit of machine data we give it so that, when it sends us a connection request, we know it really came through the service. So when you get a request to connect with someone, you see who they are from their FrienDNS account information, which service they found you on, and a token from the service confirming that the request really did initiate there.

By requiring that people go through the friend finding service we get all of the SPAM and abusive member management aspects of social networking tools. If a particular user turns out to be a SPAM bot or the arm of some advertising agency, people can report that user back to the service for account deactivation. Since a loss of cooperation from the service means that you can’t get user’s tokens, and everyone will ignore connection requests that come sans-token, users need to play by the rules if they want to continue contacting new friends.

We can use the same system for screening potential connection requests. So, if you are using an online dating site built around FrienDNS, and you only want to receive contact from people you think you’ll like, we could build tools to check for whatever dating criteria you want before handing out your token. If you want to hook into your school’s email system and only give contact information to someone with an active @yourschool.edu email address, we can add tools for doing that too. Or, if we want to move in the other direction and run some services that have greater anonymity, there is no technical requirement for the token; it is just an example of the kind of simple things we can do to police friend requests for those contexts where we need to police them.

Saying “Hello”

Once you and your friend have agreed to connect, you exchange keys and establish an encrypted connection with each other. From this point on, the FrienDNS service has no idea what you are saying to each other. You only need to talk to it if one of your machines moves and you need updated directions on where to send your encrypted communication stream. You could even agree to go get your directions from some other system and simply ignore yesterday’s FrienDNS in favor of some new, more popular one. Once you have connected with each other, that’s it, you’re no longer dependent on the good graces or good behavior of any intermediary. Congratulations, you have replaced your intermediated “social network” with a network of direct friend-to-friend connections. We’ll look at what that means more next time.

Later posts in the series:

Part 3 – Talking amongst ourselves: Friend-to-Friend Network forthcoming

Part 4 – Putting the pieces together: Freedom Box schematic forthcoming

Part 5 – Making it easy: Look and Feel forthcoming

I’ve spent the last few posts trying to explain the philosophical and social reasons why we need to move away from centralized, intermediated tools for communicating with each other. There is more to be said on that topic but, with LibrePlanet later this week, I want to talk directly about how we can replace these dangerous tools and combine them into a free software social networking distribution like the one called for here.

The Idea

We should all have good tools for digital socializing, but Facebook and similar programs are not them. These “social networking” tools all share a fatal flaw. While they claim to connect you with the people in your life, what they actually do is connect everyone in your life to the man in the center running the social network. All communication with your friends has to go through the network operator first. Once you tell him, he tells your friends for you. Or sometimes he tells too many people and you get upset. But what are you going to do, stop talking to the people in your life? This is like no social network on earth; it is more like a giant game of telephone where they hold all the strings. And it is systematically unsafe.

Rather than build our digital lives as part of their networks, we need to bring some of our real life social structures to the digital world. In real life we don’t talk to each other through a central intermediary. Can you imagine what it would be like if everyone in your family, or office, or town had to go through a single person in order to talk with each other? In real life we talk to each other directly, which works a lot better. Our digital tools could work like that too. Many, like the internet, were designed with exactly this kind of direct communication structure in mind. We got the centralized, intermediated tools that we have now mostly because the people designing them thought of us as children who could never learn to run our own.

That dismissal of our competence comes up regularly when you talk about moving away from centralized services, but it ignores us too quickly. It is just as possible for everyone to run their own web server as it is for everyone to know how to read, and both should be social goals in the 21st century. To think otherwise is to believe that we can never build tools well enough for people to learn them, no matter how many generations go past, and no matter how central a role those tools come to play in our lives. It is a belief that sells our engineers, our teachers, and our selves short, and one that will only fade as we learn how to run our own communication networks. The alternative is to stay childish and incapable, digitally speaking.

It is time to grow up and take the private communications of our lives back into our own hands. We have all of the individual tools we need, email, IM, photo sharing, etc, but putting them all together into the system we deserve will take a little assembly. Don’t worry if you are not a software developer and you feel like building digital tools is beyond you. If we decide we want tools for ourselves and are willing to lend some time and support, there are lots of great developers out there who will build them as Free Software for everyone to use, learn from, and share. In these next few posts we’ll outline what I think that new network looks like and how we might put it together.

Part 2 – Finding each other: Dynamic DNS Facebook

Part 3 – Talking amongst ourselves: Friend-to-Friend Network forthcoming

Part 4 – Putting the pieces together: Freedom Box schematic forthcoming

Part 5 – Making it easy: Look and Feel forthcoming

Aaron Williamson, one of my friends and colleagues at the SFLC, put up a great piece yesterday running through the various panoptic services that google offers. It is well put and worth reading in full. Unfortunately, Aaron’s site requires registration in order to leave comments so I’m going to respond here instead and let Planet NYC’s feed pull together the discussion.

Aaron makes reference to a couple of points that are key, both in critiquing Google’s specific practices, and in picking up the discussion from last time.

The first, Paul Ohm’s piece “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization “, does the same thing to the field of information sharing that an expose that condoms don’t work at stopping STDs would do to the field of Sexual health medicine.

Professor Ohm documents the field of “Information reidentification”, and that field’s success in countering so called “anonymization” techniques used to remove the personally identifying bits of information (name, address, SSN, etc.) from things like your medical history or web search history before releasing that information to the public.

In a nutshell, “anonymization” is really just obfuscation; the data we are collecting about people is so rich and precise that we can take supposedly anonymous records and fill in all the missing information by fitting the record into all the rest of what we know. This should be a basic piece in discussions of our digital lives and public policy, but it has gotten almost no coverage since the initial publication.

The second point I want to talk about is that this is not about Google. This is not personal. It is not fueled by some thought-less hatred. We talk about Google and Facebook in these discussions, just as we talk about Apple in discussions of closed vs. free software, not because we have fanboyish love for a different team but because they are the most successful at popularizing practices we are concerned about.

This is a structural critique, just as arguing that banks shouldn’t be allowed to gamble with other people’s money is a structural critique. If you want to talk about whether particular organizations, whether that is Goldman Sachs or Facebook have been malfeasant, or behaved with a lack of respect for the interests of their customers, that is a different discussion.

I spent a year trying to write these posts around the theme of “Towards a Free Facebook” before realizing that the biggest problem with Facebook is how much they have popularized unsafe data systems. That’s what this is actually about.

Setting the stage

Privacy was dead: to begin with. There is no doubt whatever about that. I have spent the last year talking with people about privacy and reading about what it looks like in our new network-connected world and everyone agrees: privacy is dead and it was the birth of our information society that killed it.

At some point in the last 20 years computers spread far enough through society that they transformed how we live our lives. Not only could we telecommute and access unimaginable amounts of information through the air while sitting at a local coffee shop, but all the little bits of information we generate by going through our daily lives, all the little things that happen but we never write down, like what streets we walk down, what news articles we read, or what products we look at while in the store, all those little bits started getting recorded for the first time in history. When that happened, privacy died and we all became subjects for sociological study.

Whether it is Facebook trying to figure out your sexual orientation from the activity in your social network, online dating sites trying to map the decision matrix behind whether you will talk to, sleep with, or date particular people, or Google trying to burrow ever farther into your brain so they can better sell you things in the margins of all your daily activities, whatever the particulars, your information is out there and available for study.

Privacy died; everyone agrees about that. But that is where the agreement stops. What does it mean that more information is being recorded about you today than the Stazi were ever able to record about the citizens of East Germany? What does it mean that this information is being recorded by private companies and governments alike? Or that the pieces of information you manage not to share can increasingly be inferred by analyzing the mountain of information that everyone else around you has given over? How does all of this affect your right to a fair trial, or to organize politically, the confidentiality of your medical records, or your ability to receive goods and services as an equal member of society? There is no agreement about the answers to these questions, nor is there generally even discussion of them. Instead most discussions about digital privacy assume the only challenges we face in a networked society are financial fraud and junk mail.

Life without

Part of the reason we never discuss the more complicated structural and social issues involved with privacy is that we have poor instincts for these issues and they reliably lead us to poor conclusions. Consider this example.

In 2005 it became public that the US government had been collecting call records for almost everyone in the country. This caused some outrage. What it did not cause was the kind of outrage that occurred when it was made public in 1971 that the FBI had been following and profiling non-violent political organizers and public figures. Part of the reason for that is that times have changed and people’s expectations for government have changed with them, but part of it is because of how the information gathering was done. In the 1970’s the FBI had to actually follow people to find out where they were going, they had to actually infiltrate the political groups and sit in on their meetings to find out what was going on. In 2005, the NSA could plug directly into the phone company’s central line and get everyone’s records from afar.

Imagine if it had happened differently. What if, instead of going to the phone company the NSA had installed a device in your phone that records every key you press, the length of every call you make and who the call is with and then bundles that information back to a regional NSA building where it is collated with the records from identical devices in the phones of your friends, business partners, and loved ones. Imagine that rather than tapping a central fiber optic cable, the NSA conspired with each local wireless store to install these devices in all our phones, sell those phones to us, and bill us monthly for using the phones.

Can you imagine the headlines when people opened their phones and found listening devices inside, when they learned that the smiling salesperson that recommended them a new phone had installed the listening device in it first? It would have been a firestorm that cut across all segments of the political spectrum. Yet the information collected in this fictitious example is the same as was actually collected by the NSA, exactly the same.

Action at a distance

Information about us used to follow us very closely, physically. Someone knew what you were reading at the coffee shop only if they were standing behind you in the shop. Today the material you’re reading is stored on a website’s server somewhere else in the world and no one has to be standing behind you to tell what you’re reading there, everyone from the website operator, people selling ads on the website, the site’s ISP, the coffee shop’s wireless router, the coffee shop’s ISP, and, most likely, anyone else on the same wireless network, can tell that. But we don’t yet feel intruded upon by the distant watching of our activities. We’re still looking behind ourselves to see if anyone is watching.

This is a dangerous situation. The sense of feeling intruded upon is as important to our lives as social beings as the sense of pain is to our physical lives. Losing this important feedback mechanism has larger repercussions than whether you can make secure financial transactions, just as nakedness has more repercussions than being cold in the winter. Our biggest privacy problem at the moment is not a particular piece of software or changing social norm but that the technology has left behind the instincts we rely on for feeling the wind on our skins and knowing that we are exposed.

The few people with a better understanding of our current reality, the data aggregators, the service builders, spend all their time exploiting our failed instincts by selling us one-sided tools: practices and services that make our lives transparent to them without ever alerting us to how thoroughly we are being studied. We need to take a hard look at what society looks like when some people have that kind of power to strip away the outer layers of our lives. If we miss out on our chance to do so now, as we choose and shape the communication tools of tomorrow, we will end up more than just cold.

If it never occurred to you that how you interact with computers might impact your ability to get a fair trial or choose your political representatives, keep reading. In the next few posts we’ll look at those issues and some ideas for alternative tools to help us control our own communications without turning our lives into a currency for digital power brokers in the process.