I'm coming to the conclusion that community-owned and operated small clouds (co-ops) with easy onramps for self-hosting open source services like mail, storage, and VPN are the only way forward.
-
@ireneista @vfrmedia @philcowans I don't have the full answer but for sure a component is that small services can and should show bad actors the door with haste.
@mttaggart @vfrmedia @philcowans yes, absolutely
-
@ireneista @vfrmedia @philcowans I don't have the full answer but for sure a component is that small services can and should show bad actors the door with haste.
@mttaggart @ireneista @philcowans
one problem is if the bad actor is stubborn and determined, it can be way more than a small group with limited resources is able to cope with, especially if the project isn't providing a full time paid day job for the people involved *and* legal protection for them..
I don't even get deeply involved in the existing community groups round here nowadays, due to the inevitable conflict and drama that occurs and that it turns out to be more stressful than my day job!
-
@mttaggart @ireneista @philcowans
one problem is if the bad actor is stubborn and determined, it can be way more than a small group with limited resources is able to cope with, especially if the project isn't providing a full time paid day job for the people involved *and* legal protection for them..
I don't even get deeply involved in the existing community groups round here nowadays, due to the inevitable conflict and drama that occurs and that it turns out to be more stressful than my day job!
@vfrmedia @ireneista @philcowans Worth distinguishing external bad actors causing a headache and internal service users for which a provider may be liable. The latter is, I think, the bigger concern and novel problem for most in this proposal.
-
@vfrmedia @ireneista @philcowans Worth distinguishing external bad actors causing a headache and internal service users for which a provider may be liable. The latter is, I think, the bigger concern and novel problem for most in this proposal.
@mttaggart @vfrmedia @philcowans right and like, if you're trying to serve marginalized communities, that's inherently risky because people's existence is politicized and that's beyond their control
and if you're not, what are you even doing
-
@vfrmedia @ireneista @philcowans Worth distinguishing external bad actors causing a headache and internal service users for which a provider may be liable. The latter is, I think, the bigger concern and novel problem for most in this proposal.
@mttaggart @ireneista @philcowans
keeping out external threats is normal cybersecurity stuff and relatively easy to deal with (same as making sure your car or house door is locked and carrying out physical checks or using CCTV if required) - but internal users could be more of a proiblem. Particularly if you are providing "private/secure" services and someone wants to use them for something that is blatantly illegal in your country..
-
@ithoughtisawa2 @brahms Absolutely, especially for individuals or families. When you need to guarantee reliability for a community, things do get more complicated if you're doing it right.
@mttaggart @ithoughtisawa2 @brahms someone who has a friend that converted my shitbox laptop into a server: can confirm shit is amazing, it gave me extra aura, i no longer have to worry that i cant pay the server bill on time and now i can say i have a lot of people in my house (they are in my laptop :3)
-
@mttaggart @ireneista @philcowans
keeping out external threats is normal cybersecurity stuff and relatively easy to deal with (same as making sure your car or house door is locked and carrying out physical checks or using CCTV if required) - but internal users could be more of a proiblem. Particularly if you are providing "private/secure" services and someone wants to use them for something that is blatantly illegal in your country..
@vfrmedia @mttaggart @philcowans the thing we always tell people to consider before creating a corporate entity
which nobody ever wants to do at that stage, and it needs to be then, for all the most realistic mitigations ....
is what will you do if the jurisdiction you operate in makes it illegal, five years from now, to be openly gay or trans?
-
Not for nothing but I've written a very well-regarded guide on home labs if you want to get started.
@mttaggart FYI "Go to Course" returns 404 for https://taggartinstitute.org/c/wireguard-from-scratch/42
-
@mttaggart @ireneista @philcowans
There's a similar discussion about this here and the issues involved (at least from a USA perspective)
@vfrmedia @mttaggart came here to reference this, it's about the same in the EU.
@ireneista @philcowans -
@vfrmedia @mttaggart @philcowans the thing we always tell people to consider before creating a corporate entity
which nobody ever wants to do at that stage, and it needs to be then, for all the most realistic mitigations ....
is what will you do if the jurisdiction you operate in makes it illegal, five years from now, to be openly gay or trans?
@ireneista @vfrmedia @philcowans It's an important question, although I'd contend that, much like Mossad, there's no threat modeling against rapacious fascism—certainly not with legal means. Which is to say that yes, you are accepting the risk of targeting by a regime when you offer services, and members should understand that offering the service is no guarantee of safety from said regime.
-
@mttaggart @vfrmedia @philcowans right and like, if you're trying to serve marginalized communities, that's inherently risky because people's existence is politicized and that's beyond their control
and if you're not, what are you even doing
@ireneista @mttaggart @vfrmedia - so I think my take on this is more community first, tech second. Like, if the output is basically a support network and a set of tools to help individuals and community organisations self host, then I think I'd be quite happy with that.
Or maybe the solution is lower level services, e.g. shared server management with tools to make it easy for individual users to spin up their own Mastodon instance on their own domain.
VPNs are possibly a bit of a special case, and maybe the DEFCON folks reached the right conclusion there when they decided just to support Tor.
-
@ireneista @vfrmedia @philcowans It's an important question, although I'd contend that, much like Mossad, there's no threat modeling against rapacious fascism—certainly not with legal means. Which is to say that yes, you are accepting the risk of targeting by a regime when you offer services, and members should understand that offering the service is no guarantee of safety from said regime.
@mttaggart @vfrmedia @philcowans so just to get a little more pointed about it
when that happens, if you're operating as a corporation there are only three options:
- tell the marginalized people bye, can't help you
- attempt to defend them on the legal front
- shut down
corporations exist at the pleasure of the state. there is no fourth choice.
-
@ireneista @mttaggart @vfrmedia - so I think my take on this is more community first, tech second. Like, if the output is basically a support network and a set of tools to help individuals and community organisations self host, then I think I'd be quite happy with that.
Or maybe the solution is lower level services, e.g. shared server management with tools to make it easy for individual users to spin up their own Mastodon instance on their own domain.
VPNs are possibly a bit of a special case, and maybe the DEFCON folks reached the right conclusion there when they decided just to support Tor.
@philcowans @ireneista @vfrmedia Yeah my thinking was more shared infra and the ability to spin up services for oneself. But I also agree that this is something akin to the size of old key-sharing parties. It doesn't scale—intentionally.
-
@mttaggart @vfrmedia @philcowans so just to get a little more pointed about it
when that happens, if you're operating as a corporation there are only three options:
- tell the marginalized people bye, can't help you
- attempt to defend them on the legal front
- shut down
corporations exist at the pleasure of the state. there is no fourth choice.
@mttaggart @vfrmedia @philcowans if your plan is (2), great. carry on, just make sure you have enough money.
also, as an activist we know what the funding landscape for that looks like right now and it's grim AF
-
@ireneista @mttaggart @vfrmedia - so I think my take on this is more community first, tech second. Like, if the output is basically a support network and a set of tools to help individuals and community organisations self host, then I think I'd be quite happy with that.
Or maybe the solution is lower level services, e.g. shared server management with tools to make it easy for individual users to spin up their own Mastodon instance on their own domain.
VPNs are possibly a bit of a special case, and maybe the DEFCON folks reached the right conclusion there when they decided just to support Tor.
@ireneista @mttaggart @vfrmedia - btw, there's this:
Which I think is the closest I've found. I also feel that https://toot.wales/ and https://join.cosocial.ca/ are somewhat similar in scope.
Tech-wise, there's https://coopcloud.tech/ - @coopcloud.
-
I'm coming to the conclusion that community-owned and operated small clouds (co-ops) with easy onramps for self-hosting open source services like mail, storage, and VPN are the only way forward. Every corpo service is eventually going to make you ashamed to use it.
@mttaggart greedy bastards as far as the eye can see.
yeah your idea sounds like it would fit well into how things are already going. herd mentality is our doom.
-
@ireneista @mttaggart @vfrmedia - so I think my take on this is more community first, tech second. Like, if the output is basically a support network and a set of tools to help individuals and community organisations self host, then I think I'd be quite happy with that.
Or maybe the solution is lower level services, e.g. shared server management with tools to make it easy for individual users to spin up their own Mastodon instance on their own domain.
VPNs are possibly a bit of a special case, and maybe the DEFCON folks reached the right conclusion there when they decided just to support Tor.
@philcowans @mttaggart @vfrmedia that's where we're at, as well
we went and read the linked thread, it does agree with our own conclusions both for generic infra and for VPNs
-
@philcowans @mttaggart @vfrmedia that's where we're at, as well
we went and read the linked thread, it does agree with our own conclusions both for generic infra and for VPNs
@philcowans @mttaggart @vfrmedia but yes, your goals around community seem like the right ones to us, we just don't know how to do useful things with that
-
@ireneista @mttaggart @vfrmedia - btw, there's this:
Which I think is the closest I've found. I also feel that https://toot.wales/ and https://join.cosocial.ca/ are somewhat similar in scope.
Tech-wise, there's https://coopcloud.tech/ - @coopcloud.
@philcowans @ireneista @mttaggart @coopcloud
things like that are definitely feasible, provided you set expectations to all users they aren't going to protect you from the NCA, so don't do anything on those networks that would attract them! (to be fair not /that/ difficult to do if folk are sensible)
-
@philcowans @ireneista @vfrmedia Yeah my thinking was more shared infra and the ability to spin up services for oneself. But I also agree that this is something akin to the size of old key-sharing parties. It doesn't scale—intentionally.
@mttaggart @philcowans @vfrmedia it's not scale that we're concerned about. scale is not the blocker we are identifying.