«
»

Eben Moglen: Freedom vs. The Cloud Log


Glyn Moody interviews Eben Moglen.

Mr. Moglen lays out a very interesting idea of de-centralized servers – mainly of the social networking type.

The basic argument as I understand it is:

If you have all this personal data on someone else’s servers they can (and will as we have seen) give it up with very little regard to individual rights or protection. However, if the server is distributed into individual’s homes using small and cheap computers (wall-socket jobbers) – then you gain the benefits of both decentralization and strong home privacy protection.

I really like this concept!

This entry was posted on March 18, 2010, 10:23 am and is filed under Free Software. You can follow any responses to this entry through RSS 2.0. Both comments and pings are currently closed.

  1. #1 by saulgoode on March 19, 2010 - 2:00 am

    For those interested, recordings of a presentation Mr Moglen gave last month to the New York Internet Society on this topic are available at the following website:

    http://www.isoc-ny.org/?p=1338

  2. #2 by alexb on March 19, 2010 - 2:33 am

    Just noting a typo in your headline — it’s “Moglen”, not “Moglan”.

    Regarding the topic, there’s also some useful discussion at lwn.net:

    http://lwn.net/Articles/379081/

    • #3 by Jason on March 19, 2010 - 5:57 am

      Oops! I r gud spellar.

  3. #4 by Lex on March 19, 2010 - 3:15 am

    It is a good idea aside from the fact that there are so many Windows computers inside the botnets, that hackers will have a picnic collecting all that personal data and accumulating it into one large database. If you try to use any form of encryption, you are faces with the same problem as DRM: you have to provide both the data and means to decrypt it. Any distributed encryption attempt (when piers donot have a complete knowledge) can be easily overcome by an organized botnet.
    From security perspective, this is a terrible idea.

    • #5 by Jason on March 19, 2010 - 6:04 am

      Lex,

      Do distributed anonymous network stacks like Tor face similar security issues?

      Also, I notice that Mr. Moglen at least touches on the encryption issue:

      It backs itself up in an encrypted way to your friends’ plugs, so that everybody is secure in the way that would be best for them, by having their friends holding the secure version of their data.

      This seems to be an acceptable solution for “real” individuals – those of us that only have “real” friends. However, I’m not sure it will scale for celebs / corporations / media whores who have thousands of “friends”.

      But, if the solution is something more along the lines of:

      1. A sort of public/private key is needed to access personal data. Different public keys may allow for different levels of exposed data.

      2. Data is backed-up only to “trusted” friends.

      Fiddling with those 2 factors (and maybe more that we haven’t thought of yet), might just do the trick.

      • #6 by Lex on March 19, 2010 - 12:18 pm

        Any distributed system would have data security issues when a large number of nodes is compromised by botnets. Tor included.
        1. No matter how much you dance around with keys, you have to allow sharing of data, so you are facing same problem as DRM. Unless you simply want an online backup that can only be opened with one key only you possess. But then its not really a social network, but a distributed backup solution. Lets say you share your key with “trusted” peers, then the system is only as good as the security of those peers, and if ANY of them is compromised, your key is out in the open.
        2. Again, you can trust your friends, but can you trust their computers? Only one keyholder/dataholder has to be compromized and your data is out of the box.

        No matter what you try, the system relies on security of your peers. And if such security cannot be guaranteed, the system cannot be secure.
        An isolated incidents of security breaches and data leaks may be acceptable. But the ability of having multiple peers of such network to act in conspiracy to extract data elevates the security risk to the next level.
        Botnets can be easily patched to organize such conspiracy. And if you have some percentage of your network compromised, the extraction of some percentage of data is pretty much guaranteed. There is no guarantee that you will get information on a particular person, only that you will get a good amount of information in return.

        If all the nodes were running gnu/linux, such system could be possible. But with a good ratio of windows nodes there is no way in hell the system can be secured. The security of this distributed system is inversely proportional to the number of peers that can be easily and automatically subverted into a linked conspiracy to silently extract data.

        • #7 by Jason on March 19, 2010 - 12:49 pm

          Lex,

          You are getting into an area I like to think about, which is: knowing what we know now, how should we have designed the internet?

          I understand the naivety at the time, which is why we now face an Internet that is about 10% actual value and 90% spam / botnet / viruses. In retrospect, of course, we should have designed things from the ground up with the assumption that everyone you don’t explicitly trust is malicious and everyone you do is vulnerable to the first group.

          In any case, I like Mr. Moglen’s idea and will be reading up (and watching some videos – thanks saul) and see if and how these issues are addressed!

      • #8 by Lex on March 19, 2010 - 12:52 pm

        I have missed an important point of running a dedicated gnu/linux device for these purposes. I was under the impression they idea was to use software on top of a regular PC.
        With windows out of the loop the system is definitly feasible.

Comments are closed.