All the router hacking of 2018 was possible because we treated our home Internet services as dumb-connections instead of treating them as the vulnerable “Internet Services” that they are.

It's that the stumbling block of "people won't run servers" is already untrue. People do.

(They may not realise it, but they do.)

They run fairly limited servers, with fairly low attack surfaces and assets, and they (with no small fault of vendors) administer them very poorly. But they run servers.

I am both enthusiastic about what FreedomBox are trying to do and apprehensive of both possible success and consequences (I've been submitting multiple related articles to HN myself over the past few days). I'm watching the discussion with interest, there are good points being made.

If you break down the challenge, it has multiple parts.

Hardware really isn't the problem -- a $25 RaPi, the Olimex box, a Turris product, or one of Zotex's Pico systems[0] could serve amply, at price-points up to about $300, with full ownership of data, hardware, and link.

Software mostly isn't -- the basic pieces exist, though some are rough. The federated social space, probably Friendica, is a good bet. Mastodon addreses microblogging. For blog-type interactions, RSS/Atom and a feed reader or aggregator works well, and would be a good addition to the FreedomBox.

Social graph -- user adoption -- is a huge issue, though it's also somewhat self-sorting. Early adoptors of such technologies tend to be a fairly high-affinity and the space, if it develops sufficient early momentum, something that could be as few as several 100s or 1,000s of active users (and that could be 10k - 10m registrations or trials) may take root. Though early organic growth may appear slow.

It's the soft areas can be frustratingly hard: picking the technology stack, from harware to OS, protocols, and implementations. This is where choice cuts two or three ways, often leaving bloody stumps. For the advocates, it's a battle for supremacy, for the general public its all a confusing blur. A hidden benefit of tech monopolies is that the constrain choice and simplify decisionmaking.

As we've learnt over the past five years or so, the social consequences, large and small, of wholly unregulated or cabalistically controlled media systems are huge, and how FreedomBox or equivalents peturb that dynamic isn't clear, though I might be prepared to place some bets.[1]

Media systems simply do not and can not resist hierarchical consolidation for reasons of basic graph theory, though the particulars of that consolidation and the administration, objectives, and guiding principles of key hubs fall along a wide continuum. Even with FreedomBox, it's certain that people will share resources and systems -- possibly a handful as families, households, and friends, possibly communities of hundreds, thousands, or millions. Services are cheap -- the direct provisioning costs of Diaspora run about $0.25/user-year[2], which is the definition of "too cheap to meter". As a service, bundling at less than 100-1,000 users is logistically impossible. Among my thoughts is how community bundlng might be facilitated.

Running persistent network services over consumer-grade broadband (or worse) is also a major pain in the backside, often through vendor limitations, though those are imposed with good reason. Registering and keeping control of a domain space is an obstacle to most people. Maybe not you, maybe not some of your friends, but yes, the general public.

And then we get to the direct service-administration risks: anything from service interruptions to hardware failure, data loss, system compromise, botnets, malware, denial of service, surveillance, credentials fraud, blackmail, legal regulations (copyright, patents, privacy, libel), and more. Decidedly nontrivial.

FreedomBox at least is building from some of the best possible bases: Debian GNU/Linux, experts in online law[3], Free Software, open protocols, and simple, inexpensive hardware. It might succeed, and if it fails, the lessons should be highly illuminating.

But, and back to my point previously, the hurdle of getting people to run dedicated server appliances is not the core challenge, though possibly having them do that without realising they're doing so is informative.

________________________________

Notes:

0. https://www.zotac.com/product/mini_pcs/zbox_p_series

1. I'm somewhat involved in a project in this space, https://Darcy.is

2. Experience from https://pluspora.com, run by two people and hosting 10k+ users. Mind that additional admin and moderation services add to this.

3. Eben Moglen, a/k/a "Richard Stallman's lawyer", and Yochai Benkler (Th Wealth of Networks), whom I'm very late to the party in discovering just within the past week, among many others.

FreedomBox is just another way of expanding your attack surface. People won't run servers because of this, and pretending like all hardware are"servers" diverts from that point. They're too much work to keep safe, and complain all you want about that work already being necessary, it's irrelevant to the conversation.

https://www.fsf.org/news/fsf-announces-change-in-general-cou...

https://youtube.com/watch?v=ZUN44U_oTUA

(Timestamp: 10m45s, though the full preso is highly recommended -- Moglen somewhat lengthly introducing Yochai Benkler.)

https://project.turris.cz/en/