Reclaiming your identity – distributed social networks

Posted February 2nd, 2010 by Konrad Förstner

Tin can telephoneIt’s good to see that there is a growing movement that aims to free the online identity and the social graph from silo platforms with dubious privacy agreements and to offer decentralized entities as new harbors. While I like the idea of the Diso Project that tries to implement decentralized social networks by extending server-located platforms like Wordpress (and luckily being heavily based on open standards) there is another approach to tackle the problem – by putting the identity in your browser. Aza Raskin stated that identity will be one of the defining themes of the web in the next five years and made hopes that Firefox will offer such functionality in the future. Unfortunately it looks like the Firefox community has only some mocks to offer currently. Interestingly there has been some research going on in this field in the last years that might point to solutions for some of the problems which have to be overcome: There are social networks that are based on the P2P concept (more precisely F2F) and offer a high level of privacy granularity by working with a so called Matryoshkas concept. One of the main problems is the persistence of a user’s personal data in the case that he is offline. There is a good introductionary paper discussing (and solving) these issues and proposing an implementation called Safebook [1]. Other early stage projects are Lifesocial and Persona. While I think the basic idea of P2P-based distributed social networks is the right direction I think it is done wrongly by not integrating it into the browser which is the natural habitat for the online identity. This might be partly due to technical limitations of browser plugins.

Another issue is the following: As far as I understand the profile data would be displayed in the browser for users that use this networking functionality. But in many cases it would be needed to present parts of the identity to the public e.g. on a plain web page. So based on the privacy setting the underlying identity data would have to be rendered to HTML and send to a server. Sounds technically trivial but might have further privacy implications.

For me there is also the burning question of how the concepts could be applied to replace specialized networks with many different purposes and requirements (like Couchsurfing) to get “one to rule them all”.

Currently it is not clear that decentralized networks will win against their centralized counterparts in the near future. The raising awareness of privacy and of the value of online identities might be driving forces to make that shift happen. I expect that we will observe quite some development in this area soon.

References:
[1] Cutillo, Leucio Antonio;Molva, Refik;Strufe, Thorsten,
Leveraging social links for trust and privacy in networks, INetSec 2009. Open Research Problems in Network Security. April 23-24, 2009. Zurich, Switzerland

Photo by fadderuri.

New name – new theme – new drive

Posted November 14th, 2009 by Konrad Förstner

Finally I finished a new theme for my page that suits my functional and aesthetic wishes. Currently I think it is too early for HTML5/CSS3 but I will move to it at some point based on the current theme. Additionally I changed the name of the blog to something more meaningful – “dao of flow”. After all this I hope to find time to have a look at all the blog post ideas that are sitting in my todo list and are begging to be written down.

HAR – 03 – TOR, Stylometry and a happy end

Posted August 19th, 2009 by Konrad Förstner

Enlighted CCCThere were two other HAR presentations that I like to recommend: At first Roger Dingledine explained the performance issue of the network privacy tool TOR in his talk and the ways of dealing with this in the future. He had a lot of small anecdotes about the project that made the talk really interesting and memorable.

I often thought about the problem of the possibility that people could be identified by their writing style. Especially today as many people generate a huge online available corpus that could be used to train detection algorithm (which are similar to the ones used e.g. in bioinformatics). Accidentally I was stuck (this wasn’t planned but it was my great luck :)) in a talk by Mike Brennan about stylometry that shed light upon this issue. In the first part of his talk Mike presented how sophisticated this field is. There are e.g. unsupervised pairing methods with 95% accuracy even if only with a short text is available. Mike also presented methods to protect against such privacy attack: A very successful method is the imitation of the writing style of another person (e.g. a famous author). He proposed assisting software to increase the success rate of this approach.

If you are interested in one of the many talks just have a look at the stream dumps that are already available. I assume there will be further processed versions in the near future.

Many thanks to everybody who made the HAR such a great event!

HAR – 02 – Mobility

Posted August 15th, 2009 by Konrad Förstner

At HAR are some electro mobility hardware hacks around and people are usually happy to offer a test ride.

Electric kart ... with netbook :)

Electric kart ... with netbook :)

Electric ... whatever

Electric ... whatever

or borrow test a Segway

or just borrow a Segway

HAR – 01 – The first talks

Posted August 15th, 2009 by Konrad Förstner

It’s summer hacking camp time again! The Hacking at Random (HAR) opened its gates on Thursday and a lot of interesting things have been going on there since that. As usual I want to share some of my personal views on selected parts of this huge event and give some insights about what is happening here. Although this is just a small fraction of the whole camp I like to point out that you can follow the talks via lifestreams (check the main page for links) .

HAR 2009 - WikiLeaksAfter the official opening the WikiLeaks project presented some highlights of their published whistle blower documents and pointed to the recently created list of most wanted documents. Due doe the growing trend of censorship that is going on in many countries in the recent time there was the need for some follow up sessions. Yesterday was a panel discussion just about this topic. It was a fine line up of known people from the scene. It would have been interesting to have somebody from the other side who a pro-censorship. Still this was an informative session that ended with the conclusion that this global trend to (internet) censorship has to be fought by global, united voice against it. The Internet Society might offer a umbrella for that.

Michael NielsenAnother early talk was hold by Michael Nielsen. After being in contact with him now for some years it was great to see him in person. In his talk he was covering the current trends and future of scientific communication. He pointed out that it the new technologies are mainly used by young researchers but also by selected already established individuals like Terence Tao who might have a lighthouse function.

Movie recommendation – “Home”

Posted June 4th, 2009 by Konrad Förstner

Earth - Eastern Hemisphere - photo is in the public domainHere comes just a quick movie recommendation of a film that I haven’t even seen so far but am quite excited about. I am talking about the documentary “Home” by the French journalist Yann Arthus-Bertrand. It captures the beauty and diversity of the earth and shows the negative impact of the human culture in aerial shots. The combination of images and sounds are mind blowing. Only when watching the trailer or the making-of of parts of it I got goose bumps. Another really special thing about the movie is that it will be released world wide at the same time (5th June, 2009, 00:00 UTC+2 … so basically in some minutes) in cinemas, some TV channels and on Youtube. In a recent TED talk Yann Arthus-Bertrand mentioned that the movie “has no copyright” – I haven’t found any other source confirming this but I hope that this movie will be published in the public domain or at least under a Creative Commons license. Well, lets see. They could have made it available via bittorrent but this still give some negative association in some circles so Youtube is a company-clean way, I guess (or they want to make money with the HD versions). Anyhow, I am looking forward to it and organized a little get-together to watch it tomorrow evening.

Needed: a fundamental change of our society

Posted May 20th, 2009 by Konrad Förstner

Money girlThe financial crisis and the climate change should make everybody think about our current global financial system and its implications to society. Most actions that are taken by governments, banks and companies are superficial or even just populist window dressing and only aim to maintain a sick and weak system. Artificial stimulation of the consumption like consumer tickets or scrappage programs cannot be real solutions. Nobody should blame the politician for this insufficient attempts as they are just playing the card that the current system offers them. Fundamental change is not popular. Many people put hope into Obama and although he offers a promising way of dealing with things he also can just act in the arena of the current system. More than ever it is time to question the status quo and think about sustainable, but maybe radically different alternatives.

I came across different, inspiring sources, rediscovered old ones and tried to digest all that. The problem description in most of these sources is similar and simple: The monetary system is unsustainable, is based on fear and corruption, and makes people slaves to a virtual value (money). Although we are brain washed to think so – focusing on personal interest and competing with each other does not bring the best results for the whole society. As an example: If the pharmaceutical companies would fully share their knowledge worldwide an enormous amount of redundant research could be avoided and resources could be saved. Instead diseases are invented or journals are “sponsored” simply to maximize profit. The system does not only stimulate these kinds of crime it is also very unstable and frequently breaking (this is not the first crisis and a real collapse in realistic thread). One problem is that the increased automatisation leads to increased unemployment and resulting in less consumption. This again affects companies and states negatively. It is often forgotten that we are aiming for this since the industrial revolution – machines should replace human workforce so people can spend their time for higher activities instead of taking care for the basic needs.


FutureThe basic income that has some attention at least in Germany recently is based on that fact but still would maintain the monetary system. Although I like Tom Hodgkinson’s proposal of just letting things go and live free and idle (basicially the essence of the LOVOS movements), I personally think we should additionally try to improve the whole society not only our situation and surrounding. Instead I prefer the vision of the Venus Project / Zeitgeist Movement. I admit that it sounds too far away in the beginning but please give it a chance. It basically says that we should use science and technology to generate an abundance of everything we need, apply the Scientific Method for decision making, program ourself to collaboration instead of competition and focus on sustainable, balanced solutions. If we do so we don’t need and won’t have governments, money, wars, etc. (the really bad stuff like advertisement, tax return, gadgets that break as soon as the guarantee period ends and unnecessary operations just as your doc needs a new golf bag). We would be a global community organized in sustainable, autarkic cities. “Yeah, nice science fiction” you might say. But please take a moment and think about all the technologies we have already today and the ones that are so close by if we would go for them with joined forces instead of wasting resources. I wish only a fraction of the money that was recently burned in supporting the broken financial system would have been invested in the development of such a system. There are projects around that show that parts of this vision are closer than we think – Masdar the sustainable, zero-waste, zero-carbon-emission city is an example. If you dive into the material of the Venus Project and the Zeitgeist movement you will find already very elaborated scenarios and plans how this world could look like. This is due to the fact that Jacque Fresco and his partner Roxanne Meadows are working on this project for over 30 years. But Jacque makes clear that this won’t be the final plan:

There in no such thing as Utopia. Why do people think I am Utopian? I don’t believe there is any final frontiers. I believe that human values will continue to grow, and we are not even civilized, yet. That’s an ongoing process, not something we arrived at. [...] Don’t look to the future and say what if we arrive there? You’ll never arrive at an ideal society, the thing is keep changing and improving

Okay, so how can we start? Well, the question of this transition phase is not yet solved as it is I guess the hardest part of it. Maybe the current system has to collapse first, maybe not. The founder of the Zeitgeist movement, Peter Joseph, puts his hopes into the grass root movement and currently spreading the word has the highest priority. Hopefully in near future the ideas can be implemented stepwise starting with exemplary cities created by volunteers.

Are you still here? You don’t think this is complete non-sense? Okay, here are my obvious recommendations: feed you brain, get some time to think, join the discussion. I have selected some links and readings to start:

Backing up into the cloud for paranoides

Posted May 4th, 2009 by Konrad Förstner

Pumping data into the cloud is getting more and more popular. Although I like the scalability, flexibility and also the more efficient use of computation power I think it brings a lot of disadvantages (privacy, vendor lock, etc.) with it. Luckily open source projects like GroundOS (which will be released soon) start to offer open alternatives.

To backup your important data you do not have to wait for these solutions but can use simple tools to protect you data on “untrusted” infrastructure. For encrypted, incremental backups duplicity offers a great solution. It supports many transfer protocol/backends: ftp, ssh/scp, rsync, WebDAV, WebDAVs, HSi and Amazon S3.

For the following example I used a WebDAVs based scenario but I also tested it with a ftp-server which worked fine, too. I guess once the mysterious gdrive appears it will offer at least WebDAVs. But even today there are many providers that can be used the way it is described below.

So, here we go!

The local folder which I want to backup contains two files:

$ ls my_local_folder
private_stuff secret_stuff

Here we assume we I have an account at gmx.net. The user name is 9999999. The folder on the server will be called my_backup_folder. If you do not specify that folder the contend will be put into the root folder. Now we use duplicity for a first, full backup. It logs in after asking you for your password (unless you give it when you call duplicity) and then wants a GnuPG passphrase that has to be entered twice.

$ duplicity my_local_folder/ webdavs://9999999@mediacenter.gmx.net/my_backup_folder
Password for ‘mediacenter.gmx.net’:
GnuPG passphrase:
No signatures found, switching to full backup.
Retype passphrase to confirm:
————–[ Backup Statistics ]————–
StartTime 1241471108.99 (Mon May 4 23:05:08 2009)
EndTime 1241471109.41 (Mon May 4 23:05:09 2009)
ElapsedTime 0.42 (0.42 seconds)
SourceFiles 0
SourceFileSize 55238 (53.9 KB)
NewFiles 0
NewFileSize 0 (0 bytes)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 0
RawDeltaSize 54726 (53.4 KB)
TotalDestinationSizeChange 53686 (52.4 KB)
Errors 0
————————————————-

Now we ask duplicity to show us the files in the remote backup folder

$ duplicity list-current-files webdavs://9999999@mediacenter.gmx.net/my_backup_folder
Password for ‘mediacenter.gmx.net’:
GnuPG passphrase:
Mon May 4 23:04:16 2009 .
Thu Apr 30 18:19:51 2009 private_stuff
Thu Apr 30 18:20:31 2009 secret_stuff

The two files are there. To have closer look on this I connect to the WebDAVs folder using cadaver. We see now the way duplicity stores the data.

$ cadaver https://mediacenter.gmx.net:/my_backup_folder
Authentication required for GMX MediaCenter on server `mediacenter.gmx.net’:
Username: 9999999
Password:
dav:/my_backup_folder/> ls
Listing collection `/my_backup_folder/’: succeeded.
duplicity-full-signatures.2009-05-04T23:04:56+02:00.sigtar.gpg 1655 May 4 23:04
duplicity-full.2009-05-04T23:04:56+02:00.manifest.gpg 202 May 4 23:04
duplicity-full.2009-05-04T23:04:56+02:00.vol1.difftar.gpg 53484 May 4 23:04
dav:/my_backup_folder/>

Now let’s modify the local folder a little bit by adding another file…

$ echo “limbo” > my_local_folder/super_secret_stuff

.. and update the remote encrypted repository:

$ duplicity my_local_folder/ webdavs://9999999@mediacenter.gmx.net/my_backup_folder
Password for ‘mediacenter.gmx.net’:
GnuPG passphrase:
————–[ Backup Statistics ]————–
StartTime 1241471212.05 (Mon May 4 23:06:52 2009)
EndTime 1241471212.08 (Mon May 4 23:06:52 2009)
ElapsedTime 0.03 (0.03 seconds)
SourceFiles 2
SourceFileSize 55244 (53.9 KB)
NewFiles 0
NewFileSize 0 (0 bytes)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 0
RawDeltaSize 6 (6 bytes)
TotalDestinationSizeChange 435 (435 bytes)
Errors 0
————————————————-

Now also the server contains all the files:

$ duplicity list-current-files webdavs://9999999@mediacenter.gmx.net/my_backup_folder
Password for ‘mediacenter.gmx.net’:
GnuPG passphrase:
Mon May 4 23:06:30 2009 .
Thu Apr 30 18:19:51 2009 private_stuff
Thu Apr 30 18:20:31 2009 secret_stuff
Mon May 4 23:06:30 2009 super_secret_stuff

In the case I need the remote backup stored to my machine (“rm -rf”-amok, crash etc.) I ask duplicity politely to go back in time and send me my lost treasures.

duplicity webdavs://9999999@mediacenter.gmx.net/my_backup_folder my_local_folder_recovered
Password for ‘mediacenter.gmx.net’:
GnuPG passphrase:

As common – “no news are good news”. duplicity downloaded everything and ends without a message.

$ ls my_local_folder_recovered/
private_stuff secret_stuff super_secret_stuff

duplicity is very powerful and you can also up/download selected files or folder e.g. depending on the modification date. For further information read man duplicity.