This page is an idea for a proposal for the Access Innovation Prize 2012.

The following are work-in-progress answers to the application form. The deadline is August 15.

TODOs

• Add an aspect that the data you put on the box via Unhosted/PageKite can also be reached via a Tor .onion address. 

What is your idea and why is it needed? Who will make use of it?

Our idea is to combine a number of different existing projects for Internet Freedom, and turn them into a working prototype that can be used for demonstrations and subsequently developed into an actual product. Specifically, the involved projects are the FreedomBox, Unhosted and PageKite.

The FreedomBox is a mini computer which can simply be plugged into a power outlet. It comes with a stack of software that is designed to protect your privacy and security online. It is being built on one hand for activists in repressive regimes that monitor and censor the Internet, but also for users in stable democracies who are concerned about their online privacy. On the FreedomBox, we will install software from the Unhosted project, which offers an architecture for separating web applications from the data they operate on. It will turn the FreedomBox into a general-purpose storage provider for documents and structured data, or into your “online home folder”. Web applications can then be pointed to a FreedomBox and use it for their storage needs, rather than storing data themselves. The advantage is that even though a user will be able to use any Unhosted-enabled application on the web, the data will remain on a FreedomBox within their home or office, and therefore under their control.

We will also install PageKite on the FreedomBox. PageKite is a tunneling solution that turns any computer (in this case a FreedomBox) into a server that has a stable DNS name and is publicly accessible, even when the FreedomBox is connected through a firewall or hostile network. In other words, PageKite makes it possible to expose the Unhosted data storage to web applications as if it was hosted on the open Internet, while in fact it is securely hosted on a FreedomBox in your home. Thanks to PageKite, even moving your FreedomBox from one location to another will not stop web applications from accessing the Unhosted data storage, and will not break any links.

After we are done integrating Unhosted and PageKite with the FreedomBox, as an optional bonus feature, we are also considering to add support for running the box within FunkFeuer, which is a community wireless mesh network in Vienna consisting of several hundred nodes. With its wireless network interface, the box can simply become another node in this mesh network and therefore go online without the need for a traditional ISP-based connection.

From a user’s perspective, our prototype will enable you to use web applications (e.g. for publishing, social networking, etc.) in a secure and privacy-protecting way, while all data remains under your control and within your home. We believe that our idea is highly compelling because it combines multiple projects that provide Internet Freedom and human rights on different layers. The FreedomBox provides freedom on the hardware layer, Unhosted on the storage layer, PageKite on the network layer, and FunkFeuer on the infrastructure layer.

What is the technology? We’re interested in code, bits and platforms.

The FreedomBox is a Debian-based Linux system with a set of software packages that can promote Internet Freedom in various ways. It can be installed on a wide variety of hardware platforms, but is specifically intended to be used on plug computers such as the GlobalScale DreamPlug. The DreamPlug is also what we intend to use for this project. It has an ARM-based Marvell Sheeva Core processor, 512MB RAM, a 4GB onboard microSD card, WiFi, Bluetooth, 2 Gigabit Ethernet Ports and 2 USB Ports. The FreedomBox uses Python for its web-based user interface and other parts of its software stack.

Unhosted is an architecture for separating web applications from their data. Web applications are clients in this architecture and use a JavaScript API that abstracts data access to so-called “remoteStorage” providers. Providers that support “remoteStorage” can choose between offering WebDAV, CouchDB, or a simple HTTP RESTful read/write interface. We will choose the latter and turn the FreedomBox into a “remoteStorage” provider using a Python library that is readily available. Unhosted uses Webfinger for allowing a web application to discover a user’s “remoteStorage” provider, and it uses OAuth 2.0 for authorization purposes. (TODO: check and possibly expand this paragraph)

PageKite is a dynamic reverse proxy solution which allows origin (content-) servers to connect to a proxy of their choice and subsequently receive and respond to incoming traffic over a TLS-encrypted tunnel.  This allows typical client devices which lack public IP addresses or are stuck behind restrictive firewalls, to still function as publicly visible servers on the Internet. The PageKite software is Open Source and exists in two implementations, one in Python and another in C.  These Open Source projects are led by a startup in Iceland which runs and manages public PageKite front-end relays (reverse proxies) in 5 different locations around the world.  In addition to managing the relays and providing commercial support, they provide dynamic DNS services and wild-card SSL encryption to their users.  The company will provide sponsored accounts for development and take part in the integration of PageKite with other components of the proposed solution.

FunkFeuer is a wireless community mesh network based on the OLSR routing protocol. The GlobalScale DreamPlug as well as other target platforms of the FreedomBox have the necessary hardware capabilities to connect to this mesh network. To do so, a static IP address is allocated and assigned to the FreedomBox by the FunkFeuer community, its wireless network interface is configured to run in ad-hoc mode, and the OLSRd (OLSR demon) software is installed to maintain routing tables. (TODO: check and possibly expand this paragraph)

We will produce an image file that can easily be flashed onto a DreamPlug’s SD card.

How are you making it happen? Who are you working with?

I (Markus Sabadello) will be responsible for putting together the hardware and software and building a working prototype. I will work with the following individuals and communities: Michiel De Jong of Unhosted, Bjarni Rúnar Einarsson of PageKite, the FreedomBox community, and the local FunkFeuer group in Vienna. Collaboration will happen mostly online. Physical meetings are also likely to take place, for example in the Metalab hackerspace in Vienna, in the town of Unhošť in the Czech Republic at the annual meeting of the Unhosted team in September, and potentially at some point in New York City with the FreedomBox team. Other meetings at conferences, hackathons, etc. might also occur, depending on schedules. The estimated time for completing the prototype is 3 months.

How will you keep it going? How will you evaluate it and keep the project going?

Our prototype will be suitable to be demonstrated in a straightforward way, e.g. at conferences or hackathons. Such hands-on demonstrations should be a highly intuitive and effective way to explain and promote the vision of Internet Freedom. There will be numerous opportunities for us to evaluate its functionality and to gather feedback from people with different backgrounds.

Each of the involved projects has its own active community. The success of our prototype will not only demonstrate how they complement each other into a working and compelling product, but will also provide a lasting impetus and benefit for each one of the communities individually.

Our prototype will also serve to dispel a myth that many grassroots, open-source projects often experience: The myth that they are often dispersed and redundant, that they do not coordinate their efforts, and that they never produce anything that is actually usable. For example, the FreedomBox project, which has been active for about 2 years, has not yet resulted in a usable product and is therefore sometimes subject to criticism.

Our prototype will not just be aimed at hackers who are already familiar with the technologies, but will also be understandable and usable for end-users. If the prototype proves successful, we can imagine productizing and commercializing it, which would involve refining and finalizing the exact hardware and software specifications, and building a business structure for distributing and supporting it.

What are the risks? Have you done your due diligence?

We believe that the risks are relatively low, since the components for this project mostly exist already and will need only moderate adaptation. The primary challenge will be not so much the development of new software, but the process of configuring and customizing it, and packaging it up into a prototype in which the different pieces work together seamlessly and without conflicting with each other. Another major piece of work will be user experience, in order to make it easy to configure and use the prototype. Another minor risk could be that the chosen hardware (most likely a GlobalScale Dreamplug) might not have sufficient computing resources for running all the components, however we do not expect this to be a problem. To reduce such risks, we will work closely with the communities around the components we are planning to use.

What is your track record? What have you done before and how advanced is the idea?

Markus Sabadello – from Austria – has a background in Computer Science as well as Peace & Conflict Studies. He has worked as a consultant for the Harvard Berkman Center, for the MIT Media Lab, and for several Silicon Valley startups, on topics related to user-centric identity, personal data, and decentralized communication. He contributes as Technical Editor to an online publication called Personal Data Journal. Markus is founder of Project Danube, which during the Federated Social Web effort was one of the first projects to achieve interoperability with other codebases such as Diaspora or status.net. Project Danube also contains a number of papers about the intersection of technology, peace, and human rights. About one year ago, he started experimenting with the FreedomBox. At the last Internet Identity Workshop, he ran a session during which he gave a working demonstration with audience participation of how five FreedomBoxes could connect to each other and exchange messages and personal data via a peer-to-peer network.

Michiel De Jong – originally from the Netherlands, now living in Germany – is developer and evangelist at Unhosted. Unhosted is a movement for breaking the walls of the currently predominant paradigm of hosting all data in a centralized way, side-by-side with the web applications that use it. With its protocol, data is decentralized to per-user storage nodes, and once user data is “unhosted”, web applications are merely pointed to it rather than storing it themselves. Unhosted data can be encrypted to prevent spying. Michiel is also active on the FreedomBox mailing list as well as in many other web technology communities. In a time in which control over personal data online is increasingly subject to questions and concerns, Unhosted has gained recognition for offering a simple and user-centric solution and has built a strong network of individual and foundational supporters. (TODO: check and possibly expand this paragraph)

Bjarni Rúnar Einarsson is lead developer of PageKite and founded a company around the project in 2010.  He has been a prominent member of the Icelandic Free Software and Internet communities for more than 15 years, receiving the Nordic Free Software Award at FSCONS 2010 as recognition for his efforts. Before PageKite, Bjarni worked as programmer, systems administrator and spam fighter for various companies, including 3 years as a “Site Reliability Engineer” for Google in Ireland.